Solved

cisco router and squid

Posted on 2009-05-06
17
843 Views
Last Modified: 2012-05-06
Hi there,
Ive applied the following commands on a cisco router to work with squid ...

ip wccp version 2
access-list 101 permit ip any any
ip wccp web-cache redirect-list 101

and question is, which direction and which interface should i apply it in ?
Is it on the outbound interface of the router or inbound, and which direction ... ?
drawing.JPG
0
Comment
Question by:nabeel92
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
  • 2
17 Comments
 

Author Comment

by:nabeel92
ID: 24321514
Given below is an output of wccp:

r2_core#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   172.16.2.20
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     0
        Number of Service Group Routers:     0
        Total Packets s/w Redirected:        0
          Process:                           0
          Fast:                              0
          CEF:                               0
        Service mode:                        Open
        Service access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                181
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
0
 

Author Comment

by:nabeel92
ID: 24321632
r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24322576
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:nabeel92
ID: 24322755
that doesnt answer my question ... thanks ;)
0
 

Author Comment

by:nabeel92
ID: 24322764
it doesnt which interface is fa 0/0 ... inside interface of the router or outside interface ?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24323367
Sorry I didnt notice that the link refering to ciscos WCCP guide in the article was broken. I found the site to where it was moved.

http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd305.html
0
 

Author Comment

by:nabeel92
ID: 24323478
Can you check out the output below ? why is it showiing wccp client not usable ?

r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24324466
Apply the redirect inbound on the interface connected to the PC's (not the squid box).  You can also apply the redirect outbound on the Internet interface but then you would have to exclude the squid box from being redirected so I would apply it inbound on the PC/LAN interface.

As far as it not being useable, your Squid WCCP configuration is most likely incorrect as the router WCCP config is basic.  You are using GRE forwarding/return or L2?  Using Hash or Mask assignment?  Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
0
 

Author Comment

by:nabeel92
ID: 24325286
ok, so now ive applied on the inside interface (connected to pcs) as follow

ip wccp version 2

access-list 181 permit ip 10.152.0.0 0.0.0.255 any
access-list 181 deny ip any any

ip wccp web-cache redirect-list 181

interface vlan 10
 ip wccp web-cache redirect in
 ip inspect urlfilter in

Above is my configuration on router for wccp ...

You are using GRE forwarding/return or L2?  Using Hash or Mask assignment
From where I can find out ...

Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
Squid is on this linux box, can you please mention which file can i check the home router I.P address
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325410
Sorry, I'm no Squid expert.  You might want to check linux forums for squid and wccp.  The router configuration is good.  The Squid config is what you can focus on now.
0
 

Author Comment

by:nabeel92
ID: 24325996
Ok, thanks for that ... ive made a post in linux forum ... just one quick question though, when i did

r2_core#sh ip wccp web-cache view
    WCCP Routers Informed of:
        -none-

    WCCP Clients Visible:
        10.0.9.11

    WCCP Clients NOT Visible:
        -none-

The field where it says  WCCP Routers Informed of:-none- ? what does this mean ! just curious ...

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326011
You should see the router WCCP ID there when the session establishes.
0
 

Author Comment

by:nabeel92
ID: 24326050
ok,
when i browsed on different forums, ive seen
ip wccp web-cache redirect out (and not in ) ... in what scenario do they use out direction ? logically firs time when i looked at it, i thought that it should be in 'IN' Direction of the 'Inside' Interface but some documents are suggesting that it should be connected to the outside interface (interface connecting to the internet) in out direction  ...
I mean i was just curious as to why and in which scenarios would they be doing that !
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326145
You would use the out if you had numerous inside interfaces so you only have to redirect in one place but the thing to note is that you need to deny your proxy IP from being redirected (in your case).

Doing out on the internet interface and in on the inside interface accomplish the exact same thing.  In your case, it is better to do inbound if you only have one inside interface and the proxy hangs off a different interface.  If you had a ton of inside interfaces, redirected out might make more sense.
0
 

Author Comment

by:nabeel92
ID: 24326168
ok, on my current setup, although i have one inside interface but all the branch sites (about 50 of them) go out to the internet through that inside interface ... is that ok ?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24326174
Yeah, just make sure their subnets are included in your redirect list (or remove the redirect list if you want all inside traffic to be redirected).
0
 

Author Closing Comment

by:nabeel92
ID: 31578818
Excellent and precise, to the point information ...
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
help Skype for Business keeps dropping 7 92
Automated backups of ASA's and Nexus (5k and 7K) 24 173
2 routers and 1 public IP Address. 10 66
Router question 6 530
As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question