WCCP and Squid not working

cabel · ‎07-28-2010

Hello everyone,

I cannot get wccp to work on my cisco router. I was wondering if someone could check my config and debug information and let me know what's going on.

Here is my configurations:

ip wccp web-cache

!

interface FastEthernet0/0
description Interface facing internet
ip address 192.168.0.10 255.255.255.252
no ip redirects
no ip proxy-arp
ip wccp web-cache redirect out
ip nbar protocol-discovery
ip flow egress
duplex auto
speed auto
no mop enabled
crypto map ACP

Here is my "show ip wccp" (notice that my Router Identifier is not the address of my interface facing the internet):

    Router information:
    Router Identifier:                   192.168.0.22
    Protocol Version:                    2.0

    Service Identifier: web-cache
    Number of Service Group Clients:     0
    Number of Service Group Routers:     0
    Total Packets s/w Redirected:        0
      Process:                           0
      Fast:                              0
      CEF:                               0
    Redirect access-list:                -none-
    Total Packets Denied Redirect:       0
    Total Packets Unassigned:            0
    Group access-list:                   -none-
    Total Messages Denied to Group:      0
    Total Authentication failures:       0
    Total Bypassed Packets Received:     0

I have enabled wccp events and packets debugging and don't get anything.

I currently have my proxy set up with Sonicwalls web configuration and it is working great; fully transparent. The only downside to it is that the access.log file shows all source ips as the sonicwalls IP. I heard wccp maintains the oiginal source ip.

Thanks! Let me know if you need any more information!

Giuseppe Larosa · ‎07-28-2010

Hello Chris,

WCCP is a protocol that is spoken by router(s) with web cache(s).

So you cannot use WCCP instead of proxy without changing configuration of the web cache also.

Also the web cache has to be able to support WCCP

You need also to define a WCCP service group it is not enough to enable WCCP on the physical interface.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swwccp.html

Hope to help

Giuseppe

cabel · ‎07-29-2010

I'm sorry, this doesn't help too much. I've done a lot of reading and going through a lot of tutorials and I guess I'm just really confused. They all sorta say different things. I'm using squid v 2.7 which supports wccp. I did not read a single tutorial that said I needed a wccp service group. I've been trying to folow this tutorial: http://www.digitalnerds.net/linux/transparent-squid-with-wccp/ except using wccpv2 instead of 1. I configured my web cache server exactly the same way.

lmcruzhsa · ‎07-29-2010

Just to know a bit more:

Version of squid?

Logs of squid?

Did you check http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a00800a6a72.shtml ?

Can you paste the output commands?

Do you have connectivity to the squid? could you paste the ping and traceroute result from the router?

Giuseppe Larosa · ‎07-30-2010

Hello Chris,

the tutorial you are using is thought for using GRE encapsulation for redirection of packets from the router to the cache:

>> With traffic redirected to squid we need to bring up the GRE tunnel between the cisco router and and the linux box running squid:

gw1-livent:~# iptunnel add gre1 mode gre remote IP-ADDRESS-OF-ROUTER local IP-ADDRESS-OF-SQUID-CACHE dev eth0

if you have configured squid in this way you would need specific commands on cisco side to say " use GRE when sending packets to the web cache".

be also aware that multilayer switches are not able of GRE encapsulation

Hope to help

Giuseppe

cabel · ‎08-03-2010

Thanks Giuseppe!

It appears I have a bit of a dilemma than. The internet comes into the 2811 router, but the squid server is off of a 3650 catalyst switch. This means It will not work with my configuration correct? I have an open ethernet port on my 2811 router. Just I hang the web cache server off of that? Is there a better way to configure this? What would you advice me to do?

Thanks,

Chris

Giuseppe Larosa · ‎08-03-2010

Hello Chris,

if the switch acts as a L2 switch there is no problem it is like a direct connection.

if the router and the cache have no IP subnet in common GRE encapsulation can be used on the router and on the web cache (for the latter your link provides reference)

So you should be able to use WCCP also with current setup, but as I noted you may need to tune configuration for GRE support.

Connecting the web cache to a free port on C2811 can be a wise move to make WCCP working in the simplest scenario

After having WCCP working using the direct connection, you can try to move the cache again to the switch.

However, using GRE increases the overhead on the router as packets need to be incapsulated to be sent to the web cache so I would connect directly or via L2 switch the cache to the router (it is enough to put the port of the web cache in the same vlan as the port towards the router)

You can achieve direct connection also via the switch without the need for a dedicated port.

Hope to help

Giuseppe