Solved

cisco router and squid

Posted on 2009-05-06
17
835 Views
Last Modified: 2012-05-06
Hi there,
Ive applied the following commands on a cisco router to work with squid ...

ip wccp version 2
access-list 101 permit ip any any
ip wccp web-cache redirect-list 101

and question is, which direction and which interface should i apply it in ?
Is it on the outbound interface of the router or inbound, and which direction ... ?
drawing.JPG
0
Comment
Question by:nabeel92
  • 10
  • 5
  • 2
17 Comments
 

Author Comment

by:nabeel92
ID: 24321514
Given below is an output of wccp:

r2_core#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   172.16.2.20
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     0
        Number of Service Group Routers:     0
        Total Packets s/w Redirected:        0
          Process:                           0
          Fast:                              0
          CEF:                               0
        Service mode:                        Open
        Service access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                181
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
0
 

Author Comment

by:nabeel92
ID: 24321632
r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24322576
0
 

Author Comment

by:nabeel92
ID: 24322755
that doesnt answer my question ... thanks ;)
0
 

Author Comment

by:nabeel92
ID: 24322764
it doesnt which interface is fa 0/0 ... inside interface of the router or outside interface ?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24323367
Sorry I didnt notice that the link refering to ciscos WCCP guide in the article was broken. I found the site to where it was moved.

http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd305.html
0
 

Author Comment

by:nabeel92
ID: 24323478
Can you check out the output below ? why is it showiing wccp client not usable ?

r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24324466
Apply the redirect inbound on the interface connected to the PC's (not the squid box).  You can also apply the redirect outbound on the Internet interface but then you would have to exclude the squid box from being redirected so I would apply it inbound on the PC/LAN interface.

As far as it not being useable, your Squid WCCP configuration is most likely incorrect as the router WCCP config is basic.  You are using GRE forwarding/return or L2?  Using Hash or Mask assignment?  Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:nabeel92
ID: 24325286
ok, so now ive applied on the inside interface (connected to pcs) as follow

ip wccp version 2

access-list 181 permit ip 10.152.0.0 0.0.0.255 any
access-list 181 deny ip any any

ip wccp web-cache redirect-list 181

interface vlan 10
 ip wccp web-cache redirect in
 ip inspect urlfilter in

Above is my configuration on router for wccp ...

You are using GRE forwarding/return or L2?  Using Hash or Mask assignment
From where I can find out ...

Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
Squid is on this linux box, can you please mention which file can i check the home router I.P address
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325410
Sorry, I'm no Squid expert.  You might want to check linux forums for squid and wccp.  The router configuration is good.  The Squid config is what you can focus on now.
0
 

Author Comment

by:nabeel92
ID: 24325996
Ok, thanks for that ... ive made a post in linux forum ... just one quick question though, when i did

r2_core#sh ip wccp web-cache view
    WCCP Routers Informed of:
        -none-

    WCCP Clients Visible:
        10.0.9.11

    WCCP Clients NOT Visible:
        -none-

The field where it says  WCCP Routers Informed of:-none- ? what does this mean ! just curious ...

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326011
You should see the router WCCP ID there when the session establishes.
0
 

Author Comment

by:nabeel92
ID: 24326050
ok,
when i browsed on different forums, ive seen
ip wccp web-cache redirect out (and not in ) ... in what scenario do they use out direction ? logically firs time when i looked at it, i thought that it should be in 'IN' Direction of the 'Inside' Interface but some documents are suggesting that it should be connected to the outside interface (interface connecting to the internet) in out direction  ...
I mean i was just curious as to why and in which scenarios would they be doing that !
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326145
You would use the out if you had numerous inside interfaces so you only have to redirect in one place but the thing to note is that you need to deny your proxy IP from being redirected (in your case).

Doing out on the internet interface and in on the inside interface accomplish the exact same thing.  In your case, it is better to do inbound if you only have one inside interface and the proxy hangs off a different interface.  If you had a ton of inside interfaces, redirected out might make more sense.
0
 

Author Comment

by:nabeel92
ID: 24326168
ok, on my current setup, although i have one inside interface but all the branch sites (about 50 of them) go out to the internet through that inside interface ... is that ok ?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24326174
Yeah, just make sure their subnets are included in your redirect list (or remove the redirect list if you want all inside traffic to be redirected).
0
 

Author Closing Comment

by:nabeel92
ID: 31578818
Excellent and precise, to the point information ...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now