WCCP on CSR1000V

onibala · ‎03-24-2023

Hello WCCP Experts,

I am running WCCP on CSR1000V on VMware. The HTTPS traffic is not being redirected.

Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.1 YES NVRAM up up
GigabitEthernet2 10.34.198.1 YES NVRAM up up
GigabitEthernet3 xx.yy.25.1 YES NVRAM up up (to Internet)

ip wccp check services all
ip wccp source-interface GigabitEthernet1

interface GigabitEthernet1
ip address 10.0.0.1 255.255.255.0
ip wccp 70 redirect in
ip ospf authentication key-chain KC-5
negotiation auto
no mop enabled
no mop sysid
service-policy output NTP1-ACL-POLICY

ip wccp 70 redirect-list 150 group-list 10

Squid Proxy:
ip access-list standard 10
10 permit 10.34.198.3

ip access-list extended 150
10 permit tcp any any eq 443

Cisco-CSRv-1#show ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.0.0.1
Configured source-interface: GigabitEthernet1

Service Identifier: 70
Protocol Version: 2.00 (minimum)
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets Redirected: 0
Process: 0
CEF: 0
Platform: 0
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: 150
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: 10
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Platform: 0

Any input is greatly appreciated. Thank you!

balaji.bandi · ‎03-25-2023

Make sure on ESXi - Promiscuous Mode setting under the vSwitch Security tab from Reject to Accept

WCCP reference :

https://content.cisco.com/chapter.sjs?uri=%2Fsearchable%2Fchapter%2Fcontent%2Fen%2Fus%2Ftd%2Fdocs%2Fios-xml%2Fios%2Fipapp%2Fconfiguration%2Fxe-3s%2Fiap-xe-3s-book%2Fiap-wccp.html.xml&platform=Cisco%20Cloud%20Services%20Router%201000V%20Series&release...

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

onibala · ‎03-25-2023

Thank you for replying Balaji!

I enabled the Promiscuous Mode, but still the traffic not being directed. The ACL-10 and ACL-150 are not being hit also.

Audie

balaji.bandi · ‎03-25-2023

Enable debug and check on CSR. what proxy you using ?

what is the outcome of

show ip wccp web-cache detail

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

onibala · ‎03-25-2023

Balaji,

Cisco-CSRv-1#show ip wccp 70 detail

No information is available for the service.

Still not being directed

Thanks!

I am using Squid Proxy. When statically enabled on browser, it works

balaji.bandi · ‎03-25-2023

for the WCCP to work to redirect the Squic Proxy should see on the CSR Router.

On the Linux side any Firewall enabled check (iptables) and make sure selinux disabled.

also, make sure Squid configure for WCCP v2

# squid -v | grep enable-linux-netfilter | grep enable-wccpv2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

onibala · ‎03-27-2023

Now the CSR is seeing the Squid:

Cisco-CSRv-1#show ip wccp 70 detail

WCCP Client information:

WCCP Client ID: 10.34.198.100

Protocol Version: 2.00

State: NOT Usable (Initializing)

Redirection: None

Packet Return: None

Assignment: None

Connect Time: 00:00:10

Cisco-CSRv-1#show ip wccp 70 detail

WCCP Client information:

WCCP Client ID: 10.34.198.100

Protocol Version: 2.00

State: NOT Usable (Initializing)

Redirection: None

Packet Return: None

Assignment: None

Connect Time: 00:00:10

Cisco-CSRv-1#show ip wccp 70 detail
WCCP Client information:
WCCP Client ID: 10.34.198.100
Protocol Version: 2.00
State: NOT Usable (Initializing)
Redirection: None
Packet Return: None
Assignment: None
Connect Time: 00:00:10

Update: I see the Squid is receiving the request form the browser (10.34.198.101), but it is not replying...one-way traffic

Thanks...Audie