Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
5
Helpful
3
Replies

How to pick up WCCP redirect out interface

HWangLoyalty_2
Level 1
Level 1

‎01-06-2009 06:29 AM

There are two 6500 core switches and firewall modules in our network environemnt.we use the same ISP as internal (between branches each other)and internet connection.The all traffics of internet will be gone through the same firewall module in our data center. We also use the same L2 switch (for internal and internet) to uplick our ISP.For using WCCP,we have to pickup an internafce as redirect interface.We know that the 'ip wccp web-cache redirect out' command must be implemented on the outbound interface going to the Internet.But how to choose ounbound interface in our environment? how about the port connect to L2 switch? but it included in internal and inertnet traffic. Could you give me some advice? Thanks a lot!

we use the 3rd party proxy server. It is Blue coat solution. It also supports WCCP.

Labels:
0 Helpful
3 Replies 3

dstolt
Cisco Employee
Cisco Employee

‎01-06-2009 08:51 AM

The L2 switch is out as WCCP requires L3 functionality to be enabled to work.

You have 2 different solutions to use on the CAT6K depending on if you want to redirect before or after the firewall inspects the traffic. To exclude your internal traffic, I would consider using a wccp redirect-list (ACL) to exclude interception of your addresses that are internal and only intercept your internet bound traffic.

1. Inbound on your LAN interfaces, using wccp-redirect list to exclude the local traffic. This would be before your firewall inspects the traffic.

2. Using outbound on the ISP link, again excluding your internal traffic. This would be after your firewall inspects the traffic.

If you could separate your ISP and internal traffic, that would be optimal, however, from what you describe, I think using the wccp redirect-list is your best bet.

Hope that gives you a starting place.

HWangLoyalty_2
Level 1
Level 1
In response to dstolt

‎01-06-2009 11:03 AM

Thanks for your suggeation. We know that either L2 switch or firewall could not support WCCP. We have to begin it from our core switch.

I will pick up option 1 as our solution because we use the web cache with only internet traffic. we also could use "redirect-list" to exclude the internal traffic.

I supposed that Vlan 100 is interface connected our firewall as inside interface. Would i will setup the following command in that vlan 100 interface:

ip wccp web-cache redirect out

Is it correct? thanks again!

0 Helpful

dstolt
Cisco Employee
Cisco Employee
In response to HWangLoyalty_2

‎01-07-2009 07:48 AM

If you are on the LAN interface of the switch, I would use "ip wccp web-cache redirect in", not out. You want to cache the requests coming "in" to the interface from the users, not going "out" after hitting the remote web server.

Hope that helps,

Dan

0 Helpful
Customers Also Viewed These Support Documents