Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

131

132

133

134

135

136

137

138

139

140

1-10

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Traffic Interception

Configuring Advanced WCCP Features on Routers

The ip wccp global configuration command and the ip wccp redirect interface configuration command

are the only commands required to start redirecting requests to the WAE using WCCP. To instruct an

interface on the WCCP-enabled router to check for appropriate outgoing packets and redirect them to a

WA E , u s e t h e ip wccp redirect interface configuration command. If the ip wccp command is enabled

but the ip wccp redirect command is disabled, the WCCP-enabled router is aware of the WAE but does

not use it.

To specify the access list by name or number, use the ip wccp group-list global configuration command,

which defines criteria for group membership. In the following example, the access-list 1 permit

10.10.10.1 command is used to define the IP address of the WAE that is allowed to join the WCCP

service group:

Router(config)# ip wccp 61 group-list 1

Router(config)# ip wccp 62 group-list 1

Router(config)# access-list 1 permit 10.10.10.1

Tip If you have a WCCP service farm with multiple WAEs, the load balancing assignment may cause packets

that are sent to the WAE devices themselves (such as management traffic) to be redirected to a different

WAE in the farm, negatively impacting performance. To avoid this situation, we recommend that you

configure a WCCP redirect list that excludes traffic that is sent to the WAE IP addresses from being

redirected.

For more information on access lists, see the Cisco IOS IP addressing and services documentation.

Setting a Service Group Password on a Router

For security purposes, you can set a service password for your WCCP Version 2-enabled router and the

WAEs that access it. Only devices configured with the correct password are allowed to participate in the

WCCP service group.

From the global configuration mode of your WCCP-enabled router, enter the following commands to

specify the service group password for the TCP promiscuous mode service on the router (the service IDs

must match the service IDs configured on the WAE):

Router(config)# ip wccp 61 password [0-7] password

Router(config)# ip wccp 62 password [0-7] password

The required password argument is the string that directs the WCCP Version 2-enabled router to apply

MD5 authentication to messages received from the specified service group. Messages that are not

accepted by the authentication are discarded. 0-7 is the optional value that indicates the HMAC MD5

algorithm used to encrypt the password. This value is generated when an encrypted password is created

for the WAE. 7 is the recommended value. The optional password argument is the optional password

name that is combined with the HMAC MD5 value to create security for the connection between the

router and the WAE.

For information about how to use the WAAS Central Manager to specify the service group password on

a WAE, see the “Configuring or Viewing the WCCP Settings on WAEs” section on page 1-17.

Configuring a Loopback Interface on the Router

The highest IP address among the router’s loopback interfaces is used to identify the router to the WAEs.