Solved

cisco router and squid

Posted on 2009-05-06
17
841 Views
Last Modified: 2012-05-06
Hi there,
Ive applied the following commands on a cisco router to work with squid ...

ip wccp version 2
access-list 101 permit ip any any
ip wccp web-cache redirect-list 101

and question is, which direction and which interface should i apply it in ?
Is it on the outbound interface of the router or inbound, and which direction ... ?
drawing.JPG
0
Comment
Question by:nabeel92
  • 10
  • 5
  • 2
17 Comments
 

Author Comment

by:nabeel92
ID: 24321514
Given below is an output of wccp:

r2_core#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   172.16.2.20
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     0
        Number of Service Group Routers:     0
        Total Packets s/w Redirected:        0
          Process:                           0
          Fast:                              0
          CEF:                               0
        Service mode:                        Open
        Service access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                181
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
0
 

Author Comment

by:nabeel92
ID: 24321632
r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24322576
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:nabeel92
ID: 24322755
that doesnt answer my question ... thanks ;)
0
 

Author Comment

by:nabeel92
ID: 24322764
it doesnt which interface is fa 0/0 ... inside interface of the router or outside interface ?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24323367
Sorry I didnt notice that the link refering to ciscos WCCP guide in the article was broken. I found the site to where it was moved.

http://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd305.html
0
 

Author Comment

by:nabeel92
ID: 24323478
Can you check out the output below ? why is it showiing wccp client not usable ?

r2_core#sh ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.0.9.11
        Protocol Version:        2.0
        State:                   NOT Usable
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      00000000000000000000000000000000
                                 00000000000000000000000000000000
        Hash Allotment:          0 (0.00%)
        Packets s/w Redirected:  0
        Connect Time:            00:00:23
        Bypassed Packets
          Process:               0
          Fast:                  0
          CEF:                   0
          Errors:                0
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24324466
Apply the redirect inbound on the interface connected to the PC's (not the squid box).  You can also apply the redirect outbound on the Internet interface but then you would have to exclude the squid box from being redirected so I would apply it inbound on the PC/LAN interface.

As far as it not being useable, your Squid WCCP configuration is most likely incorrect as the router WCCP config is basic.  You are using GRE forwarding/return or L2?  Using Hash or Mask assignment?  Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
0
 

Author Comment

by:nabeel92
ID: 24325286
ok, so now ive applied on the inside interface (connected to pcs) as follow

ip wccp version 2

access-list 181 permit ip 10.152.0.0 0.0.0.255 any
access-list 181 deny ip any any

ip wccp web-cache redirect-list 181

interface vlan 10
 ip wccp web-cache redirect in
 ip inspect urlfilter in

Above is my configuration on router for wccp ...

You are using GRE forwarding/return or L2?  Using Hash or Mask assignment
From where I can find out ...

Try GRE/Hash and specify 172.16.2.20 as the home router IP address.
Squid is on this linux box, can you please mention which file can i check the home router I.P address
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24325410
Sorry, I'm no Squid expert.  You might want to check linux forums for squid and wccp.  The router configuration is good.  The Squid config is what you can focus on now.
0
 

Author Comment

by:nabeel92
ID: 24325996
Ok, thanks for that ... ive made a post in linux forum ... just one quick question though, when i did

r2_core#sh ip wccp web-cache view
    WCCP Routers Informed of:
        -none-

    WCCP Clients Visible:
        10.0.9.11

    WCCP Clients NOT Visible:
        -none-

The field where it says  WCCP Routers Informed of:-none- ? what does this mean ! just curious ...

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326011
You should see the router WCCP ID there when the session establishes.
0
 

Author Comment

by:nabeel92
ID: 24326050
ok,
when i browsed on different forums, ive seen
ip wccp web-cache redirect out (and not in ) ... in what scenario do they use out direction ? logically firs time when i looked at it, i thought that it should be in 'IN' Direction of the 'Inside' Interface but some documents are suggesting that it should be connected to the outside interface (interface connecting to the internet) in out direction  ...
I mean i was just curious as to why and in which scenarios would they be doing that !
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24326145
You would use the out if you had numerous inside interfaces so you only have to redirect in one place but the thing to note is that you need to deny your proxy IP from being redirected (in your case).

Doing out on the internet interface and in on the inside interface accomplish the exact same thing.  In your case, it is better to do inbound if you only have one inside interface and the proxy hangs off a different interface.  If you had a ton of inside interfaces, redirected out might make more sense.
0
 

Author Comment

by:nabeel92
ID: 24326168
ok, on my current setup, although i have one inside interface but all the branch sites (about 50 of them) go out to the internet through that inside interface ... is that ok ?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24326174
Yeah, just make sure their subnets are included in your redirect list (or remove the redirect list if you want all inside traffic to be redirected).
0
 

Author Closing Comment

by:nabeel92
ID: 31578818
Excellent and precise, to the point information ...
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question