I have been tasked to setup a Transparent Squid proxy and do redirection on a Cisco 6513 Switch.
I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected.
Vlan 10 is where the Squid proxy is sitting.
ip wccp version 2
ip wccp web-cache group-list 10 password xxxxxxx - Limit the servers that can operate WCCP with the switch.
access-list 10 remark WCCP_SQUID_PROXY
access-list 10 permit host 10.20.10.50 (Squid Server)
ip wccp web-cache accelerated - Enables the hardware acceleration on PFC cards
ip access-list extended WCCP_REDIRECT -
permit tcp 10.20.13.0 0.0.0.255 any eq www
permit tcp 10.20.13.0 0.0.0.255 any eq 443
deny ip any any
ip wccp redirect-list WCCP_REDIRECT
interface vlan 13
ip wccp web-cache redirect in (Coming into vlan from internal subnet for any on TCP 80 and 443 gets redirected)
interface vlan 10
Please can you let me know if there is anyting that i am missing? Thanks
WCCP should need a L3 point of application for example in your case for the testing phase I would add
ip wccp web-cache redirect-in
in alternative the redirect out can be used on the interface towards internet.
Hope to help
I had added this in above? Only traffic from the vlan 13 configured in ACL WCCP_REDIRECT will redirect to the SQUID.
By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?
By Using |ip wccp web-cache group-list 10 password xxxxxxx" restricts on the server defined in the ACL to connect to the router for wccp.
I think I have the bases covered?
I agree your configuration should be fine.
according to documentation
ip wccp web-cache group-list 10 restricts with what caches the router will peer using WCCP protocol
>> By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?
I'm not sure on this it should do it.
Hope to help