Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2176
Views
4
Helpful
3
Replies

WCCP on 6500 with Squid Proxy

David.Pellat
Level 1
Level 1

‎05-20-2012 05:55 PM - edited ‎03-07-2019 06:48 AM

                   Hi,

I have been tasked to setup a Transparent Squid proxy and do redirection on  a Cisco 6513 Switch.

I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected.

Vlan 10 is where the Squid proxy is sitting.

ip wccp version 2
ip wccp web-cache group-list 10 password xxxxxxx - Limit the servers that can operate WCCP with the switch.
!
access-list 10 remark WCCP_SQUID_PROXY
access-list 10 permit host 10.20.10.50 (Squid Server)

!
ip wccp web-cache accelerated  - Enables the hardware acceleration on PFC cards
!
ip access-list extended WCCP_REDIRECT  -
permit tcp 10.20.13.0 0.0.0.255 any eq www
permit tcp 10.20.13.0 0.0.0.255 any eq 443
deny ip any any
!

ip wccp redirect-list WCCP_REDIRECT
!
interface vlan 13
desc TEST_USER_FOR_SQUID
10.20.13.1 255.255.255.0

!
ip wccp web-cache redirect in (Coming into vlan from internal subnet for any on TCP 80 and 443 gets redirected)
!

interface vlan 10
dest SQUID_SUBNET
10.20.10.1 255.255.255.0

Please can you let me know if there is anyting that i am missing? Thanks

David

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-21-2012 02:47 AM

Hello David,

WCCP should need a L3 point of application for example in your case for the testing phase I would add

interface vlan13

ip wccp web-cache redirect-in

see

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1001302

in alternative the redirect out can be used on the interface towards internet.

Hope to help

Giuseppe

David.Pellat
Level 1
Level 1
In response to Giuseppe Larosa

‎05-21-2012 11:36 PM

Hi Giuseppe,

I had added this in above?  Only traffic from the vlan 13 configured in ACL WCCP_REDIRECT  will redirect to the SQUID.

By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

By Using |ip wccp web-cache group-list 10 password xxxxxxx" restricts on the server defined in the ACL to connect to the router for wccp.

I think I have the bases covered?

Thansk

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to David.Pellat

‎05-22-2012 01:06 AM

Hello David,

I agree your configuration should be fine.

according to documentation

ip wccp web-cache group-list 10  restricts with what caches the router will peer using WCCP protocol

>> By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

I'm not sure on this it should do it.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card