Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WCCP on 6500 with Squid Proxy

                   Hi,

I have been tasked to setup a Transparent Squid proxy and do redirection on  a Cisco 6513 Switch.

I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected.

Vlan 10 is where the Squid proxy is sitting.

ip wccp version 2
ip wccp web-cache group-list 10 password xxxxxxx - Limit the servers that can operate WCCP with the switch.
!
access-list 10 remark WCCP_SQUID_PROXY
access-list 10 permit host 10.20.10.50 (Squid Server)

!
ip wccp web-cache accelerated  - Enables the hardware acceleration on PFC cards
!
ip access-list extended WCCP_REDIRECT  -
permit tcp 10.20.13.0 0.0.0.255 any eq www
permit tcp 10.20.13.0 0.0.0.255 any eq 443
deny ip any any
!

ip wccp redirect-list WCCP_REDIRECT
!
interface vlan 13
desc TEST_USER_FOR_SQUID
10.20.13.1 255.255.255.0

!
ip wccp web-cache redirect in (Coming into vlan from internal subnet for any on TCP 80 and 443 gets redirected)
!

interface vlan 10
dest SQUID_SUBNET
10.20.10.1 255.255.255.0

Please can you let me know if there is anyting that i am missing? Thanks

David

Everyone's tags (4)
3 REPLIES
Hall of Fame Super Silver

WCCP on 6500 with Squid Proxy

Hello David,

WCCP should need a L3 point of application for example in your case for the testing phase I would add

interface vlan13

ip wccp web-cache redirect-in

see

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1001302

in alternative the redirect out can be used on the interface towards internet.

Hope to help

Giuseppe

New Member

WCCP on 6500 with Squid Proxy

Hi Giuseppe,

I had added this in above?  Only traffic from the vlan 13 configured in ACL WCCP_REDIRECT  will redirect to the SQUID.

By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

By Using |ip wccp web-cache group-list 10 password xxxxxxx" restricts on the server defined in the ACL to connect to the router for wccp.

I think I have the bases covered?

Thansk

Hall of Fame Super Silver

WCCP on 6500 with Squid Proxy

Hello David,

I agree your configuration should be fine.

according to documentation

ip wccp web-cache group-list 10  restricts with what caches the router will peer using WCCP protocol

>> By using "ip wccp web-cache accelerated" this should enable the wccp in hardware?

I'm not sure on this it should do it.

Hope to help

Giuseppe

1615
Views
4
Helpful
3
Replies
CreatePlease login to create content