Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

131

132

133

134

135

136

137

138

139

140

1-9

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Traffic Interception

Configuring Advanced WCCP Features on Routers

Note When you add a new router to an existing WCCP router farm or WCCP service group, the new router

will reset existing connections. Until WCCP reestablishes path redirections and assignments, packets are

sent directly to the client (as expected).

Configuring IP Access Lists on a Router

You can optionally configure the router to redirect traffic from your WAE based on access control lists

(ACLs) that you define on the router. These access lists are also referred to as redirect lists.

Note We recommend that you use redirect lists on the WCCP-enabled router where possible, because that is

the most efficient method to control traffic interception. However, you can also configure static bypass

lists or interception ACLs on the WAEs, and of these two, we recommend using interception ACLs

because they are more flexible and give better statistics about passed-through connections. For

information about how to configure an interception ACL for a WAE, see the “Configuring Interception

Access Control Lists” section on page 1-28. For information about how to configure a static bypass list,

see the “Configuring Static Bypass Lists for WAEs” section on page 1-27. You can also configure

interface ACLs on WAEs to control management access to the WAE, as described in Chapter 1,

“Creating and Managing IP Access Control Lists for WAAS Devices.”

Redirect lists that are configured on the routers have the highest priority, followed by static bypass lists

or interception ACLs on WAEs. Interception ACLs that are configured on WAEs take precedence over

any application definition policies that have been defined on the WAE.

A WCCP Version 2-enabled router can be configured with access lists to permit or deny redirection of

TCP traffic to a WAE. The following example shows that traffic conforming to the following criteria are

not redirected by the router to the WAE:

• Originating from the host 10.1.1.1 destined for any other host

• Originating from any host destined for the host 10.255.1.1

Router(config)# ip wccp 61 redirect-list 120

Router(config)# ip wccp 62 redirect-list 120

Router(config)# access-list 120 deny ip host 10.1.1.1 any

Router(config)# access-list 120 deny ip any host 10.1.1.1

Router(config)# access-list 120 deny ip any host 10.255.1.1

Router(config)# access-list 120 deny ip host 10.255.1.1 any

Router(config)# access-list 120 permit ip any

Traffic not explicitly permitted is implicitly denied redirection. The access-list 120 permit ip any

command explicitly permits all traffic (from any source on the way to any destination) to be redirected

to the WAE. Because criteria matching occurs in the order in which the commands are entered, the global

permit command is the last command entered.

To limit the redirection of packets to those packets matching an access list, use the ip wccp redirect-list

global configuration command. Use this command to specify which packets should be redirected to the

WA E.

When WCCP is enabled but the ip wccp redirect-list command is not used, all packets matching the

criteria of a WCCP service are redirected to the WAE. When you specify the ip wccp redirect-list

command, only packets that match the access list are redirected.