Cisco Community
English
Register
New Cisco Community "Meet the Authors" Program: LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1893
Views
4
Helpful
3
Replies
Highlighted
David.Pellat
David.Pellat Beginner
Beginner
‎05-20-2012 05:55 PM
‎05-20-2012 05:55 PM

WCCP on 6500 with Squid Proxy

                   Hi,

I have been tasked to setup a Transparent Squid proxy and do redirection on  a Cisco 6513 Switch.

I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected.

Vlan 10 is where the Squid proxy is sitting.

ip wccp version 2
ip wccp web-cache group-list 10 password xxxxxxx - Limit the servers that can operate WCCP with the switch.
!
access-list 10 remark WCCP_SQUID_PROXY
access-list 10 permit host 10.20.10.50 (Squid Server)

!
ip wccp web-cache accelerated  - Enables the hardware acceleration on PFC cards
!
ip access-list extended WCCP_REDIRECT  -
permit tcp 10.20.13.0 0.0.0.255 any eq www
permit tcp 10.20.13.0 0.0.0.255 any eq 443
deny ip any any
!

ip wccp redirect-list WCCP_REDIRECT
!
interface vlan 13
desc TEST_USER_FOR_SQUID
10.20.13.1 255.255.255.0

!
ip wccp web-cache redirect in (Coming into vlan from internal subnet for any on TCP 80 and 443 gets redirected)
!

interface vlan 10
dest SQUID_SUBNET
10.20.10.1 255.255.255.0

Please can you let me know if there is anyting that i am missing? Thanks

David

Labels:
Everyone's tags (4)
0 Helpful
Reply
3 REPLIES 3
Giuseppe Larosa
Hall of Fame Expert Giuseppe Larosa Hall of Fame Expert
Hall of Fame Expert
‎05-21-2012 02:47 AM
‎05-21-2012 02:47 AM

WCCP on 6500 with Squid Proxy

Hello David,

WCCP should need a L3 point of application for example in your case for the testing phase I would add

interface vlan13

ip wccp web-cache redirect-in

see

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1001302

in alternative the redirect out can be used on the interface towards internet.

Hope to help

Giuseppe

Reply
David.Pellat
David.Pellat Beginner
Beginner
‎05-21-2012 11:36 PM
‎05-21-2012 11:36 PM

WCCP on 6500 with Squid Proxy

Hi Giuseppe,

I had added this in above?  Only traffic from the vlan 13 configured in ACL WCCP_REDIRECT  will redirect to the SQUID.

By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

By Using |ip wccp web-cache group-list 10 password xxxxxxx" restricts on the server defined in the ACL to connect to the router for wccp.

I think I have the bases covered?

Thansk

0 Helpful
Reply
Giuseppe Larosa
Hall of Fame Expert Giuseppe Larosa Hall of Fame Expert
Hall of Fame Expert
‎05-22-2012 01:06 AM
‎05-22-2012 01:06 AM

WCCP on 6500 with Squid Proxy

Hello David,

I agree your configuration should be fine.

according to documentation

ip wccp web-cache group-list 10  restricts with what caches the router will peer using WCCP protocol

>> By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

I'm not sure on this it should do it.

Hope to help

Giuseppe

0 Helpful
Reply
Latest Contents
How to configure ENCS LAN Switch connectivity
Created by kramesh on 10-20-2019 08:11 AM
0
0
0
0
ENCS 5400 is a purpose built compute platform for branch networking. Multiple VNFs (virtual network functions) can be hosted in the ENCS platform with flexible connectivity options.   There are multiple Layer2 software and hardware entities in a typi... view more
Cisco SD-Access Layer2 flooding
Created by dbellamk on 10-19-2019 05:03 PM
0
5
0
5
Trunk, Accessk, AccessCombined OVS Trunk&Access and ENCS Switch Trunk&Access configurationENCS Switch Spanning Tree configuration     <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></... view more
Restricting router from connecting with some vlans
Created by arontig on 10-18-2019 07:39 PM
3
0
3
0
how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?the question is Router should not have interfaces directly connected to Vlan 30 and Vlan 40
Can 2 Routers have a same external IP address?
Created by Šimon Randiak on 10-18-2019 11:41 AM
3
0
3
0
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2... view more
LISP Locator ID Separation Protocol
Created by Mohamed Alhenawy on 10-18-2019 05:29 AM
0
0
0
0
LISP Protocol (Location Identifier Separation Protocol)!  - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards