Wccp 10 is our default config, but 5 is new. We're using it to test new bluecoat servers for a specific host (y.y.y.y).
When the blucoat team enables wccp on their new server, the expected outcome is that when they browse from the y.y.y.y host, the BlueCoat_WCCP_Test acl will pick it up and push it to wccp 5.
However, we don't see any hits on the BlueCoat_WCCP_Test acl, no wccp 5 redirects, and they see the y.y.y.y browsing being hit on the production BlueCoat server.
My question is this... Is the order of the ACL's making our y.y.y.y traffic get picked up by the first acl (BlueCoat_WCCP) and therefore it never gets to the BlueCoat_WCCP_Test acl? If so, would moving the acl up in the config change the behavior?
Deny the host that you're wanting to go to 5 in the acl for BlueCoat_WCCP. The service groups have to match between the ProxySG and you have to have a connection. Do you have that for the 2 groups? The easiest way to test is to put a deny statement for the 2 hosts that you have in the BlueCoat_WCCP acl and then they won't redirect to group 10 (if they even are), but instead redirect to group 5.
Deny statements in wccp are a bad thing. It causes wccp to freak out. Cisco says wccp doesn't support deny statements.
Do you have any documentation to support this? I've never had a problem with deny statements in the past, and generally they're used like PBR in a sense that if you have a specific host you don't want to redirect that's within a range that you are redirecting, it simply bypasses redirection. If you can point me to a document, I may have to rethink the way that I've been doing my redirections as well....
Im with John, I would like to see some supported docs on how deny statements in wccp are bad? This is how I run my WCCP in my environment. Anything I need to exclude from the WCCP I write deny statements based on the source.
We use WCCP in our environment with Bluecoat redirection and on my long extended access list I have deny statements especially for the servers that do not need the bottleneck of Bluecoat when downloading things like service packs.
Essentially using the Deny statements has never given us any issues, and I wonder when Cisco decided that the deny statements are a bad thing for WCCP as it works in our environment?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...