Chad, Check out this link: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configur ation_guide_chapter09186a00800ca671.html#1003017
Summary: Command: Router(config)# access-list access-list permit ip host host-address [destination-address | destination-host | any ] Purpose: Creates an access list that enables or disables traffic redirection to the cache engine. The access-list only tells the router which traffic to redirect to the proxy. The following lines will only redirect 172.16.0.0 to the web-cache. Any traffic that does not match against the access-list will be forwarded without redirection. This should not block any traffic from reaching web servers, but will prevent them from reaching the cache engine. Your commands (slightly modified) are listed below and should work, access-list 101 permit tcp 172.16.0.0 0.0.255.255 any access-list 101 deny tcp any any ip wccp web-cache redirect-list 101 but look a little further down for some reading and my suggestion... The following example was cut from: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configura tion_guide_chapter09186a00800da707.html#14219 and demonstrates that anything that does not match the access-list will bypass the cache: "To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The following example shows that any requests coming from 10.1.1.1 to 12.1.1.1 will bypass the cache and that all other requests will be serviced normally: Router(config)# ip wccp web-cache redirect-list 120 Router(config)# access-list 120 deny tcp host 10.1.1.1 any Router(config)# access-list 120 deny tcp any host 12.1.1.1 Router(config)# access-list 120 permit ip any any " In looking at this, it may make sense for you to do the following: ip wccp web-cache redirect-list 101 access-list 101 deny tcp 192.168.0.0 0.0.1.255 any access-list 101 permit ip any any This would effectively tell the router to forward all traffic to the cache except for the 192.168.0.0/23 network. Let me know if this helps... -Jeremy -----Original Message----- From: Chad Whitten [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 11:30 AM To: [EMAIL PROTECTED] Subject: [squid-users] more cisco than squid but someone here might know answer i have a cisco 3640 router doing wccp redirection to a squid proxy server. is there some way i can restrict the redirection to a certain set of networks - ie networks served by router 172.16.0.0/16 192.168.0.0/23 right now all http requests get redirected to proxy. i would like for http requests from 172.16.0.0/16 to be redirected to proxy and http requests from 192.168.0.0/23 not to be redirected to proxy. im thinking i could do something with access-lists and such but not quite sure about syntax. i know this much: i need the following ip wccp web-cache redirect-list 101 and then an acl 101 like ???????????????????????????????????????????????????????? access-list 101 permit ip 172.16.0.0 0.0.255.255 any access-list 101 deny ip any any or access-list 101 deny ip 192.168.1.0 0.0.254.255 any access-list 101 permit ip any any ???????????????????????????????????????????????????????? but would doing that keep the 192.168.1.0 network from getting to the web. router has two ethernet interfaces and i have config as ip wccp version 1 ip wccp web-cache interface Ethernet0/0 ip address yyy.yyy.yyy.yyy ip access-group 120 in interface Ethernet0/1 ip address xxx.xxx.xxx.xxx ip access-group 120 in ip wccp web-cache redirect out eth0/1 is outward facing interface, eth0/0 is inward facing -- Chad Whitten Network/Systems Administrator neXband Communications [EMAIL PROTECTED] 601-944-4801
