02-28-2012 09:43 AM - edited 03-07-2019 05:14 AM
I am trying to enable wccp on 6509. Its works fine on port 80 but not with https (443).
Also i have noticed when i use the following
ip wccp web-cache redirect in
similarly adding to interface http works. but when i use the service no 0 instad of web-cache even the http stops working.
Any Help? wccp v2 is enabled in the switch.
Both the source & the Squid server are in same Vlan.
02-28-2012 10:04 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You may need a different service number to support HTTPS. Where I'm at, we use service #70 for HTTPS, and either service #0 or web-cache for HTTP (depends on server).
PS:
02-28-2012 10:13 AM
yes I have used #70 for https. but its not working.
Also to add, when i use #0 http also does not work. but when i use web-cache http works. Any idea why such behaviour?
02-28-2012 11:34 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
When you perform a sh ip wccp on the WCCP router, do you see a server register for service 70?
I know nothing of Squid, but glancing at its Wiki page for HTTPS (http://wiki.squid-cache.org/Features/HTTPS?highlight=%28faqlisted.yes%29), I see it can possible issues why it might not work for specific HTTPS flows.
02-28-2012 09:16 PM
Thanks Joseph. The follwing is the output
Router#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 172.25.27.65
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 77
Process: 0
CEF: 77
Redirect access-list: 123
Total Packets Denied Redirect: 0
Total Packets Unassigned: 11
Group access-list: 10
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 70
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: 123
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: 10
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Also: Added the following lines in the config
ip wccp web-cache redirect-list 123 group-list 10
ip wccp 70 redirect-list 123 group-list 10
And in the interface:
interface Vlan101
description CANVAS-FE SVI
ip address 172.25.26.194 255.255.255.192 secondary
ip address 172.25.26.4 255.255.255.192
no ip redirects
ip nat outside
ip wccp web-cache redirect in
ip wccp 70 redirect in
ip pim dense-mode
ip igmp join-group 230.0.0.1
standby 1 ip 172.25.26.6
standby 1 priority 110
standby 1 preempt
end
The access list.:
Router#sh access-lists 123
Extended IP access list 123
10 deny ip host 172.25.26.234 any (683 matches)
20 permit tcp host 172.25.26.51 any eq www (57 matches)
21 permit tcp host 172.25.26.51 any eq 443
30 deny ip any any (57858 matches)
Router#sh access-lists 10
Standard IP access list 10
20 permit 172.25.26.234 (66796 matches)
10 permit 132.146.1.141
02-29-2012 02:40 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
That looks about right. Assuming it is, issue might be on the Squid side.
02-29-2012 02:43 AM
Thanks Joseph, I have asked the Squid Team to check the Squid. Will update soon
02-28-2012 10:33 AM
Hi,
service 0 is for http not https, for secure http it is service 70.
Regards.
Alain
02-28-2012 11:28 AM
I dont know why you are not understading.
there are two aspects:
for port 80 i.e http
when i use web-cache wccp works for http. and when i use service no 0 http stops working
Also when i add service no 70 https does not work.
02-28-2012 12:23 PM
I'm not misunderstanding just posted my reply not seing that someone else had already done the same.
I'm sure you will excuse me trying to answer your problems even if after all this seems to be another issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide