cancel
Showing results for 
Search instead for 
Did you mean: 
wg-newb
Level 7

IOS WCCP and 7.2 Configuration

If you're having difficulties configuring WCCP with IOS, this will help you.  It wasn't difficult to turn up, but I was frustrated with the lack of available documentation.

IOS Router Config. 

conf t

access-list 120 deny ip host 192.168.100.16 any

access-list 120 deny ip host <host you don't want filtered>  any

access-list 120 permit tcp 192.168.100.0 0.0.0.255 any eq www

access-list 120 permit tcp 192.168.100.0 0.0.0.255 any eq 443

access-list 120 deny ip any any

access-list 10 permit 192.168.100.16

ip wccp web-cache group-list 10

ip wccp 91 redirect-list 120

int fa1/0.4 (interface on the router closest to clients you're trying to proxy)

  ip wccp 91 redirect in

Troubleshooting your config

show access-list 120 (will show you the hit counts.  You can see if your ACL is even being used)

show ip wccp

Will show the status of packets dropped or redirected and the WCCP protocol version

Also the Router Identifier is the WCCP device you want to define in the Web Gateway.

Global WCCP information:

    Router information:

        Router Identifier:                   192.168.168.10

        Protocol Version:                    2.0

    Service Identifier: 91

        Number of Service Group Clients:     1

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        33842

          Process:                           1104

          CEF:                               32738

        Service mode:                        Open

        Service Access-list:                 -none-

        Total Packets Dropped Closed:        0

        Redirect Access-list:                120

        Total Packets Denied Redirect:       81

        Total Packets Unassigned:            6

        Group Access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

show ip wccp 91 view (shows attached proxies)

show ip wccp 91 detail (show if proxy is usable)

WCCP Client information:

        WCCP Client ID:          192.168.100.16

        Protocol Version:        2.0

        State:                   Usable

        Redirection:             L2

        Packet Return:           GRE

        Packets Redirected:      0

        Connect Time:            00:06:20

        Assignment:              MASK

        Mask  SrcAddr    DstAddr    SrcPort DstPort

        ----  -------    -------    ------- -------

        0000: 0x00000015 0x00000015 0x0000  0x0000

        Value SrcAddr    DstAddr    SrcPort DstPort CE-IP

        ----- -------    -------    ------- ------- -----

        0000: 0x00000000 0x00000000 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0001: 0x00000000 0x00000001 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0002: 0x00000000 0x00000004 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0003: 0x00000000 0x00000005 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0004: 0x00000000 0x00000010 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0005: 0x00000000 0x00000011 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0006: 0x00000000 0x00000014 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0007: 0x00000000 0x00000015 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0008: 0x00000001 0x00000000 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0009: 0x00000001 0x00000001 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0010: 0x00000001 0x00000004 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0011: 0x00000001 0x00000005 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0012: 0x00000001 0x00000010 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0013: 0x00000001 0x00000011 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0014: 0x00000001 0x00000014 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0015: 0x00000001 0x00000015 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0016: 0x00000004 0x00000000 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0017: 0x00000004 0x00000001 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0018: 0x00000004 0x00000004 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0019: 0x00000004 0x00000005 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0020: 0x00000004 0x00000010 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0021: 0x00000004 0x00000011 0x0000  0x0000  0xC0A86410 (192.168.100.16)

        0022: 0x00000004 0x00000014 0x0000  0x0000  0xC0A86410 (192.168.100.16)

also "debug ip wccp events" is a good troubleshooting command

4 Replies
McAfee Employee

Re: IOS WCCP and 7.2 Configuration

Hi James,

You probably need "redirect out" not "redirect in" (for the line ip wccp 91 redirect in).

Here is the Web Gateway WCCP Basic Setup Guide:

https://kc.mcafee.com/corporate/index?page=content&id=KB63018

Best,

Jon

0 Kudos
wg-newb
Level 7

Re: IOS WCCP and 7.2 Configuration

I found KB63018 lacking.  Redirect out will break wccp for this particular configuration.

0 Kudos
nick.olson
Level 9

Re: IOS WCCP and 7.2 Configuration

"ip wccp ProcessID redirect out" is not even an option. Our switch will only allow us to "ip wccp ProcessID redirect in"

I also found KB63018 lacking.

Message was edited by: nick.olson on 11/1/12 11:55:51 AM CDT
0 Kudos
wg-newb
Level 7

Re: IOS WCCP and 7.2 Configuration

Update:

My WCCP config above wasn't as efficient as it could have been.  So, I wanted to update my post here. 

You don't need the web-cache statement you can do it all in one statement

ip wccp 91 redirect-list 120 group-list 10

Also, don't get hung up on the Router Identifier when you're troubleshooting.  As long as you have one of the IP addresses of an interface on your router and it's reachable by the MWG,  the MWG doesn't care.  If it drives you crazy, there is a global command to identify the source interface (ip wccp source-interface), but it looks like it doesn't exist in some 15.x versions.

0 Kudos