« Upgrading Xensource Debian Etch guests to Lenny
Time went backwards »

WCCP with Cisco 877 and Squid

I just upgraded my Cisco 877 to the latest 12.4(24)T IOS, so I thought I’d have another go at getting WCCP to work.  Good news: it works!

Here’s my working configuration on the Cisco 877:

ip cef
ip wccp web-cache

interface Vlan1
ip wccp web-cache redirect in

This tells the router that web traffic coming into the Vlan1 interface is a candidate for caching. With WCCP, web-caches register themselves with the router, then the router forwards requests to them. This means that if the cache disappears, the router will forward web requests directly to the internet.

I’m using Debian, so I added this to /etc/network/interfaces (replace 1.2.3.4 with the router identifier shown on the cisco by “show ip wccp”. In my case this is the external internet-facing IP address):

auto gre1
iface gre1 inet static
address 127.0.0.2
netmask 255.255.255.255
pre-up ip tunnel add gre1 mode gre remote 1.2.3.4 local 10.0.20.1 dev eth1
post-down ip tunnel del gre1

And I added this line to my firewall script. You could add it to rc.local if you don’t have anywhere else to put it:

iptables -t nat -A PREROUTING -i gre1 -d 0/0 -p tcp –dport 80 -j DNAT –to-destination 10.0.20.1:3128

The only thing left now is the squid configuration. I specified the internal address of the cisco 877 here (10.0.20.254):

wccp2_router 10.0.20.254
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_address 10.0.20.1

Useful links:

Tags: ,

This entry was posted on Tuesday, March 17th, 2009 at 12:23 pm and is filed under Cisco. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “WCCP with Cisco 877 and Squid”

  1. Rolando Casinillo Says:
    January 6th, 2010 at 8:42 pm

    Thanks for this information… I have cisco 877 version 12.4(15)T I dont have ip wccp web-cache command. If possible could you upload IOS for me. Thanks in advance.

  2. Steve Says:
    January 6th, 2010 at 11:32 pm

    @Rolando: You need the ADVIPSERVICES image for WCCP, which is a higher feature pack than ADVSECURITY so it’s a different license

  3. Rolando Casinillo Says:
    March 11th, 2010 at 3:26 pm

    Hi! Good day to you… I just want to ask what is this “remote 1.2.3.4″

  4. Steve Says:
    March 11th, 2010 at 3:27 pm

    Hi Rolando,

    Replace 1.2.3.4 with the router identifier shown on the cisco by “show ip wccp”. In my case this is the external internet-facing IP address.

  5. Rolando Casinillo Says:
    March 11th, 2010 at 9:57 pm

    i cant understand. Here are my info. Router address 192.168.1.1 and my squid server address eth1 192.168.1.108. im seeing 192.168.1.1 as a router indetifier.

    could you explain these:
    auto gre1 =is this virtual interface?
    iface gre1 inet static
    address 127.0.0.2
    netmask 255.255.255.255
    pre-up ip tunnel add gre1 mode gre remote 1.2.3.4 local 10.0.20.1 dev eth1
    post-down ip tunnel del gre1

  6. Rolando Casinillo Says:
    March 11th, 2010 at 10:06 pm

    eth1 192.168.1.108 this interface is connected to my router which is 192.168.1.1

  7. Rolando Casinillo Says:
    March 11th, 2010 at 10:07 pm

    im using ubuntu server.

Leave a Reply