12-24-2013 05:48 AM - edited 03-07-2019 05:13 PM
Hello all
I have been successful in implementing wccp in my multiple vlan environment.
Router is Cisco 2921
G0/0 - Internet
G0/1 - Squid Proxy
G0/2 - Clients in multiple vlans
Here is the config:
ip wccp web-cache redirect-list 120
interface GigabitEthernet0/2.1
encapsulation dot1Q 3
ip address 172.16.1.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
interface GigabitEthernet0/2.2
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
interface GigabitEthernet0/2.3
encapsulation dot1Q 3
ip address 172.16.3.1 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
access-list 120 remark REDIRECTION_CRITERIA
access-list 120 deny ip host 192.168.1.2 any
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www
access-list 120 deny ip any any
I have some questions:
1) In the command "ip wccp web-cache redirect-list 120", "redirect-list 120" is not required since all vlans are clients.
using ip wccp web-cache redirect in under all subinterfaces alone would work.
Am I correct ?
2) How can I redirect HTTPS traffic to my squid proxy.
12-24-2013 06:01 PM
Hello,
1. "ip wccp web-cache redirect in"
It would work if you squid proxy have another default gateway to internet.
Otherwise the traffic from the SQUID is also forwarded. You have to use different interfaces for users and squid. On sabinterfeyse vlan SQUID you should not use a configuration wccp
2. Web-cache permit only http. You must configuring Dynamic WCCP.
some example:
in global:
ip wccp 120 redirect-list 120
access-list 120 remark REDIRECTION_CRITERIA
access-list 120 deny ip host 192.168.1.2 any
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.1.0 0.0.0.255 any eq 443
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.2.0 0.0.0.255 any eq 443
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq www
access-list 120 permit tcp 172.16.3.0 0.0.0.255 any eq 443
access-list 120 deny ip any any
on interface:
ip wccp 120 redirect in
See link below for more information
Best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide