WCCPv2 and cisco cat 4506sup2+

Unanswered Question
Sep 1st, 2010

Hello,


IOS version: cat4500-entservicesk9-mz.122-52.SG.bin

Squid Cache: Version 3.0.STABLE18
configure options:  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/squid' '--libexecdir=/usr/libexec/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--with-default-user=squid' '--enable-auth=basic,digest,negotiate,ntlm' '--enable-removal-policies=lru,heap' '--enable-digest-auth-helpers=password' '--enable-basic-auth-helpers=PAM,getpwnam,NCSA,MSNT' '--enable-external-acl-helpers=ip_user,session,unix_group' '--enable-ntlm-auth-helpers=fakeauth' '--enable-negotiate-auth-helpers=' '--enable-useragent-log' '--enable-cache-digests' '--enable-delay-pools' '--enable-referer-log' '--enable-arp-acl' '--with-large-files' '--with-filedescriptors=8192' '--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' '--enable-ident-lookups' '--enable-wccpv2' '--with-aio' '--with-dl' '--enable-caps' '--disable-snmp' '--enable-ssl' '--enable-icap-client' '--enable-storeio=ufs,diskd,aufs,null' '--enable-linux-netfilter' '--enable-epoll' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CC=x86_64-pc-linux-gnu-gcc' 'CFLAGS=-march=opteron -O2 -pipe' 'LDFLAGS=-Wl,-O1' 'CXXFLAGS=-mtune=opteron -O2 -pipe'


In my LAN environment I have two 4506 swiches (L3) in hsrp mode. I would like to use wccp with squid as transparent proxy.

1. problem: squid does not sees the switches on their HSRP virtual address 10.11.2.1 but only their 10.11.2.3 and 10.11.2.4.

2. problem: squid cannot communicate with the two routers. I mean when squid sees the 10.11.2.3 router does not sees the 10.11.2.4

(this a problem when failover needs to occur reg. one switch is down.)


Squid ip: 10.11.2.66

switch config:


switch-a:


ip wccp web-cache password abc
ip wccp 60 password abc
ip wccp 70 password abc
ip wccp 80 password abc


the interface which face to proxy server:


interface Vlan111
ip address 10.11.2.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
logging event link-status
load-interval 60
standby 1 ip 10.11.2.1
standby 1 timers msec 500 2
standby 1 priority 200
standby 1 preempt delay minimum 60
standby 1 authentication vlan111
standby 1 track GigabitEthernet1/1 40
arp timeout 28800
end


the interface where transparent proxy is on:


interface Vlan333
ip address 10.11.205.3 255.255.255.0
ip helper-address 10.11.2.50
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp web-cache redirect in
ip wccp 60 redirect in
ip wccp 70 redirect in
ip wccp 80 redirect in
no ip mroute-cache
logging event link-status
load-interval 60
standby 1 ip 10.11.205.1
standby 1 timers msec 500 2
standby 1 priority 150
standby 1 preempt
standby 1 authentication vlan333
arp timeout 28800
end



switch-b:


ip wccp web-cache password abc
ip wccp 60 password abc
ip wccp 70 password abc
ip wccp 80 password abc



the interface which face to proxy server:


interface Vlan111
ip address 10.11.2.4 255.255.255.0
ip access-group al_rpf_bto-bud_pro in
ip helper-address 10.11.2.50
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
logging event link-status
load-interval 60
standby 1 ip 10.11.2.1
standby 1 timers msec 500 2
standby 1 priority 150
standby 1 preempt delay minimum 60
standby 1 authentication vlan111
standby 1 track GigabitEthernet1/1 40
arp timeout 28800
end



the interface where transparent proxy is on:


interface Vlan333
ip address 10.11.205.4 255.255.255.0
ip helper-address 10.11.2.50
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp web-cache redirect in
ip wccp 60 redirect in
ip wccp 70 redirect in
ip wccp 80 redirect in
no ip mroute-cache
logging event link-status
load-interval 60
standby 1 ip 10.11.205.1
standby 1 timers msec 500 2
standby 1 priority 200
standby 1 preempt delay minimum 60
standby 1 authentication vlan333
standby 1 track GigabitEthernet1/1 40
arp timeout 28800
end


Any help welcome. Thanks,


Andras

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion