Access List not matched for WCCP

Unanswered Question
Jul 28th, 2010

Hi,

I try to setup a WCCP configuration on routers to redirect trafic to a WAN optimizer which is located on a L3 switch (different subnet as the router)
So I configure an ACL to tell which trafic I want to intercept/redirect


On the first Router

ip wccp 51 redirect-list WCCP

ip access-list extended WCCP
permit ip host 10.137.142.39 host 10.137.152.58
permit ip host 10.137.152.58 host 10.137.142.39

interface FastEthernet0/0
description to LAN
ip address 10.137.152.28 255.255.255.254
ip accounting output-packets
ip wccp 51 redirect out
ip wccp 51 redirect in
ip load-sharing per-packet
duplex full
speed 100
no clns route-cache


On the second router

ip wccp 51 redirect-list WCCP

ip access-list extended WCCP
permit ip host 10.137.142.39 host 10.137.152.58
permit ip host 10.137.152.58 host 10.137.142.39
!

interface GigabitEthernet0/0
description To LAN
ip address 10.137.142.202 255.255.255.254
no ip redirects
ip wccp 51 redirect out
ip wccp 51 redirect in
duplex full


When I issue a "show access-list WCCP" on the router, the acces list seems to be not matched

Of course we have asymetric routing on the WAN, but the packets are even seen on the other router...

any idea why the access list is not éatched for the WCCP interception? Does it need something special to be matched?

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Thomas Jardin Thu, 08/05/2010 - 05:06

Hello Romain,

You mentioned that you are doing WCCP on an L3 Switch.

WCCP is done in hardware on the Switch platform, so you don't see any hit counts increment on the ACL,

The best way to verify that WCCP is working is by running "show wccp gre" on the WAAS device.  Even if you are doing, L2 redirection you will see the packets increment on that command.

wae-512-2#show wccp gre
Transparent GRE packets received:              0
Transparent non-GRE packets received:          249080
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:                        77091
Invalid packets received:                      0
Packets received with invalid service:         0

The highlighted packets are WCCP packets.

The other option on the WAAS box is to run   "show stat conn" and you'll be able to see the connections redirected.

I hope this helps.

Tom Jardin

romain.dubois Thu, 08/05/2010 - 05:28

Hello Tom,

Thank you for your answer

The WCCP is not directly configured on the L3 switch but on the router. It is just that the WAN Optimizer is on another subnet thant the router.

Romain

Thomas Jardin Thu, 08/05/2010 - 06:11

Hi Romain,

First question,  You mention "WAN Optimizer".  Is that a Cisco device?

Next question is,  Are you saying that WCCP is not working at all or are you just saying the ACL is not incrementing.

You can also run this on the router.  Show ip wccp 61 detail

That will show you if the WCCP is fully up and running.  Here is a sample.

WCCP Client information:
        WCCP Client ID:          172.16.11.7
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             GRE
        Packet Return:           GRE
        Assignment:              HASH
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                                 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment:          256 (100.00%)
        Packets s/w Redirected:  52368
        Connect Time:            5d19h
        Bypassed Packets
          Process:               0
          CEF:                   0
          Errors:                0

The things to look for is that it is "usable" has a proer Hash allotment and is dong GRE redirection.  In that case, you should see hits on the ACL.

Other than that, I would need show techs from the router and the WAN optimizer to fully understand if WCCP is working and that is probably more than can be done in this forum.

Perhaps a TAC case is needed if you don't think the WCCP is working.

Regards,

Tom

romain.dubois Thu, 08/05/2010 - 06:40

Tom,

Unfortunaltly it is not a Cisco opptimizer. It is a Citrix one.

I will check the different pieces of advises you gave me

Thank you

Regards

Actions

This Discussion