Access List not matched for WCCP

Unanswered Question
Jul 28th, 2010
User Badges:


I try to setup a WCCP configuration on routers to redirect trafic to a WAN optimizer which is located on a L3 switch (different subnet as the router)
So I configure an ACL to tell which trafic I want to intercept/redirect

On the first Router

ip wccp 51 redirect-list WCCP

ip access-list extended WCCP
permit ip host host
permit ip host host

interface FastEthernet0/0
description to LAN
ip address
ip accounting output-packets
ip wccp 51 redirect out
ip wccp 51 redirect in
ip load-sharing per-packet
duplex full
speed 100
no clns route-cache

On the second router

ip wccp 51 redirect-list WCCP

ip access-list extended WCCP
permit ip host host
permit ip host host

interface GigabitEthernet0/0
description To LAN
ip address
no ip redirects
ip wccp 51 redirect out
ip wccp 51 redirect in
duplex full

When I issue a "show access-list WCCP" on the router, the acces list seems to be not matched

Of course we have asymetric routing on the WAN, but the packets are even seen on the other router...

any idea why the access list is not éatched for the WCCP interception? Does it need something special to be matched?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Thomas Jardin Thu, 08/05/2010 - 05:06
User Badges:

Hello Romain,

You mentioned that you are doing WCCP on an L3 Switch.

WCCP is done in hardware on the Switch platform, so you don't see any hit counts increment on the ACL,

The best way to verify that WCCP is working is by running "show wccp gre" on the WAAS device.  Even if you are doing, L2 redirection you will see the packets increment on that command.

wae-512-2#show wccp gre
Transparent GRE packets received:              0
Transparent non-GRE packets received:          249080
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:                        77091
Invalid packets received:                      0
Packets received with invalid service:         0

The highlighted packets are WCCP packets.

The other option on the WAAS box is to run   "show stat conn" and you'll be able to see the connections redirected.

I hope this helps.

Tom Jardin

romain.dubois Thu, 08/05/2010 - 05:28
User Badges:

Hello Tom,

Thank you for your answer

The WCCP is not directly configured on the L3 switch but on the router. It is just that the WAN Optimizer is on another subnet thant the router.


Thomas Jardin Thu, 08/05/2010 - 06:11
User Badges:

Hi Romain,

First question,  You mention "WAN Optimizer".  Is that a Cisco device?

Next question is,  Are you saying that WCCP is not working at all or are you just saying the ACL is not incrementing.

You can also run this on the router.  Show ip wccp 61 detail

That will show you if the WCCP is fully up and running.  Here is a sample.

WCCP Client information:
        WCCP Client ID:
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             GRE
        Packet Return:           GRE
        Assignment:              HASH
        Initial Hash Info:       00000000000000000000000000000000
        Hash Allotment:          256 (100.00%)
        Packets s/w Redirected:  52368
        Connect Time:            5d19h
        Bypassed Packets
          Process:               0
          CEF:                   0
          Errors:                0

The things to look for is that it is "usable" has a proer Hash allotment and is dong GRE redirection.  In that case, you should see hits on the ACL.

Other than that, I would need show techs from the router and the WAN optimizer to fully understand if WCCP is working and that is probably more than can be done in this forum.

Perhaps a TAC case is needed if you don't think the WCCP is working.



romain.dubois Thu, 08/05/2010 - 06:40
User Badges:


Unfortunaltly it is not a Cisco opptimizer. It is a Citrix one.

I will check the different pieces of advises you gave me

Thank you



This Discussion