Not sure where to start but I need to set up wccp on a catalyst 5505 with an rsm running 12.1(17) to redirect all web traffic (set up on vlan2) to a transparent cacheing proxy that connects to a fast ethernet port on the switch (also on vlan2). The proxy will be a squid box. Any help would be appricated.
well, it all depends on what OS you'll be running Squid on. The only "working" implementations of WCCP with Squid and CISCO that I've seen, are when you use Linux as the OS. Solaris/NetBSD/etc. do not have the appropriate GRE-WCCP decoding module to support WCCP. Not to say it couldn't be done, but it wouldn't be easy.
You could always use a Route-Map to redirect your traffic (in a transparent fashion) to your Squid box. This is very easy to implement, and works very well. The only caveat is that if your Squid box dies, the router will still try to redirect web packets to it. This problem can be resolved by a watchdog on the server that makes sure the Squid process is always up and running.
The OS is Redhat 7.1. How would a route map be set up on the RSM to route every thing to the Ethernet port. And would this not increse CPU utilitzation on the RSM. As you can tell I am new at this end.
well, if you wanted to go the route-map approach, here is how you would set it up (this is how I've got it, and it works flawlessly). One little note, is that in my scenario, the Cat5K is connecting to another router (edge router), and it's from there (the edge router) that I'm redirecting traffic to the Squid box (which is hanging from the edge router, as shown below). I assume (and I could even test it for you, if I get a bit of time) that you could do everything directly from the Cat5K, but it would require a bit more configuration, and a bit more CPU horsepower.
1) The route-map can be named anything you want, in this example, I've called it "proxy-redir"
2) the "permit 10" argument refers to an access-list (in this case number 10) that will identify which internal networks (or hosts) which will be allowed to use the Squid server
3) The "match ip address 120" refers to the access-list which will tell the route-map exactly what kind of traffic to redirect to the Squid box.
4) And the "set ip next-hop x.x.x.x" refers to the IP address of your Squid box.
Example of "access-list 10", which tells the route-map what internal networks are to be redirected to the Squid box:
access-list 10 deny 126.96.36.199 0.0.255.255
access-list 10 deny 188.8.131.52 0.0.255.255
access-list 10 deny 184.108.40.206 0.0.255.255
access-list 10 permit any
This means that any internal clients, that would have an address within those ranges would be redirected to the Squid box, anything else would be permitted to connect directly.
Example of "access-list 120", which tells the route-map what kind of traffic to redirect (in our case, web traffic):
access-list 120 deny tcp host x.x.x.x any eq www
access-list 120 permit tcp any any eq www
As you can see, we do not want to redirect traffic coming from the Squid box itself, so our first argument is to not cache any web traffic coming from the Squid box. The second argument, tells the route-map to redirect all other web traffic to the Squid box.
Yes, this would increase CPU usage, but depending on the amount of Internet traffic you generate, it might not be that much of an issue.
The Way that I have started was to connect the Squid box to the cat5k, the router is already connected to the cat5k on the same vlan as the port the squid box is hanging. I hoped this was the right way to start. Will have to map out a route table have numerous subnets that use same connection.
The Way that I have started was to connect the Squid box to the cat5k, the router is already connected to the cat5k on the same vlan as the port the squid box is hanging. I hoped this was the right way to start. Since the edge router does not belong to us it would require the provider getting involved. Looking at your diagram it show the squid box also hanging from the cat5k. Is this correct.
since you don't own the edge router, this is probably the next best way to set it up. Like I said, my diagram didn't come out like I wanted, in reality, my Squid box is directly connected to the edge router (in a one-arm approach), and not to the Cat5K.
And yes, since you don't own the edge router, you will need the provider to get involved, but if you follow and give them my instructions and example, this should be a fairly easy setup.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...