We are going to start implementing WCCP. We want to configure WCCP2 on our firewall and redirect traffic from our inside interface to the web cache engine. I've read several Documents on the subject but it's still a little vague.
If we want traffic coming from the inside that is headed to the Internet to be redirected to the Web cache engine, do I enter on the inside interface:
ip wccp web-cache redirect in?
Because I want to redirect traffic that is entering the inside interface.?
Also, must I create access-list? This part of WCCP doesn't seem clear. What are the ACLs for? Doesn't the web cache engines pick up the traffic automatically?
You would configure it in the inbound direction in your case. Anyone going out to the internet will be going INto the interface and wccp will redirect it. You can redirect all traffic or certain hosts/subnets, etc. With an ACL, it tells the FW what to forward to the caching engine or not forward. What it doesn't forward will just go through your FW as normal traffic. You could tell your caching engine to not cache hits from a host, but there's really no reason to send it there in the first place if you don't have to.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Think of WCCP interface redirection statement sort of like an ACL. You can do it either on the ingress interface(s) or the egress interface(s). Often the latter is simpler as often just one interface goes to the firewall, but the former is often more efficient. (Also more efficient is L2 redirect [i.e. WCCP server on a subnet which the WCCP router has an interface on] rather than L3/GRE redirect.)
As John describes you can (optionally) use an ACL to determine what traffic should be sent to the WCCP server. Generally the WCCP servers will bounce back traffic they are not interested in, but as John describes, why send traffic to the WCCP server if you know it's not going to be processed on it.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...