Cisco Notepad

Enable webcaching, and securing only WCCP server from certain IP

access-list 99 remark Web-cache server
access-list 99 permit 129.1.3.33

access-list 100 remark Host on the subnet to bypass web-caching
access-list 100 deny   tcp host 129.1.3.100 any eq www
access-list 100 permit ip any any

ip wccp web-cache group-list 99 redirect-list 100

! Alternatively if we just want to enable web-caching without specifying ACL
ip wccp web-cache

interface FastEthernet 0/0
ip wccp web-cache redirect in

! The following to exclude an interface from webcaching.

interface FastEthernet 0/1
 ip wccp redirect exclude in

! Excluding an interface from webcasing should be used
! when we specify an interface e.g. S0/0 for redirecting
! traffic going out of that interface, comming from any interfaces

interface Serial0/0
 ip wccp web-cache redirect out

WCCP Outbound ACL Check

The following configuration example shows that the access list prevents traffic from network 10.0.0.0 leaving Fast Ethernet interface 0/0. Because the outbound ACL check is enabled, WCCP does not redirect that traffic. WCCP checks packets against the ACL before they are redirected.

ip wccp web-cache

ip wccp check acl outbound

interface fastethernet0/0

ip access-group 10 out

exit

ip wccp web-cache redirect-list redirect-out

access-list 10 deny 10.0.0.0 0.255.255.255

access-list 10 permit any

If the outbound ACL check is disabled, the HTTP packets from network 10.0.0.0 would be redirected to a web cache. Users with that network address could retrieve web pages even though the network administrator wanted to prevent it.

Doc CD Navigation

• Cisco IOS IP Application Services Configuration Guide, Release 12.4

• Configuring WCCP

• Configuration Examples for WCCP