Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
5
Helpful
4
Replies

No hit on WCCP redirect list?

randms2610
Level 1
Level 1

‎07-14-2016 07:04 PM - edited ‎03-08-2019 06:38 AM

Should we not see hits on ACL used for WCCP redirect-list? I see hits on the ACL used for group-list but not on redirect-list.

I'm using Cisco 3650 ios-xe 03.07.03E, with topology as shown below

internet

||

||

cat3650 ==== proxy server

||

||

client machine

Labels:
0 Helpful
4 Replies 4

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎07-16-2016 08:00 AM 

Should we not see hits on ACL used for WCCP redirect-list? I see hits on the ACL used for group-list but not on redirect-list.I'm using Cisco 3650 ios-xe 03.07.03E, with topology as shown belowinternet
||
||
cat3650 ==== proxy server
||
||
client machine

Hi ,

A group-list can be used to restrict the IP addresses which are allowed to join the WCCP service group, and a WCCP password can be enabled and you can hits for elected devices which are allowed to join the wccp with devices.

With Below example 

Switch(config)#access-list 110 deny ip any 10.0.0.0 0.255.255.255
Switch(config)#access-list 110 deny ip any 172.16.0.0 0.15.255.255
Switch(config)#access-list 110 deny ip any 192.168.0.0 0.0.255.255
Switch(config)#access-list 110 permit ip any any
Switch(config)#ip wccp web-cache redirect-list 110

With redirect list, traffic to internal destinations will not be! redirected, and will bypass the proxy server

and you can see hits on ACL 110 for progress.

Hope it Helps..

-GI

randms2610
Level 1
Level 1
In response to Ganesh Hariharan

‎07-17-2016 06:35 PM

so that means if no hits on the ACL, the redirection-list is either unused or not working, am i correct?

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to randms2610

‎07-19-2016 07:19 AM

Hi, Redirection ACL should see some hits of either deny or accept based on your configuration. -GI
0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎02-27-2018 09:23 PM

When WCCP is using mask assignment, any redirect list is merged with the mask information from the appliance and the resulting merged ACL is passed down to the Catalyst 3650 series switch or Cisco 7600 series router hardware. Only Permit or Deny ACL entries from the redirect list in which the protocol is IP or exactly matches the service group protocol are merged with the mask information from the appliance.
The following restrictions apply to the redirect-list ACL:
The ACL must be an IPv4 simple or extended ACL.
Only individual source or destination port numbers may be specified; port ranges cannot be specified.
The only valid matching criteria in addition to individual source or destination port numbers are dscp or tos.
The use of fragments, time-range, or options keywords, or any TCP flags is not permitted.
If the redirect ACL does not meet the restrictions shown, the system will log the following error message:
WCCP-3-BADACE: Service <service group>, invalid access-list entry (seq:<sequence>, reason:<reason>)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card