10-10-2018 11:16 AM
We currently have WCCP configured on a Cisco 4500X switch. We have an ACL (REDIRECT_CLIENTS) where hosts and ranges are configured to filter which hosts get proxied to the McAfee Web Gateway (MWG). We have not seen any hits on the ACL for traffic being redirected to the MWG nor do we see traffic when doing a live trace from the MWG console. I've posted sample configs and several outputs from wccp show commands below (Addresses have been scrubbed for security). Any help with this issue is greatly appreciated. Thanks.
ip wccp source-interface Vlan777
ip wccp 51 redirect-list REDIRECT_CLIENTS
interface Vlan136
ip address XXX.XXX.36.1 XXX.XXX.XXX.XXX
ip helper-address XXX.XXX.0.80 (for DHCP)
ip helper-address XXX.XXX.0.81 (for DHCP)
ip wccp 51 redirect in
interface Vlan151
ip address XXX.XXX.32.1 XXX.XXX.XXX.XXX
ip helper-address XXX.XXX.0.80 (for DHCP)
ip helper-address XXX.XXX.0.81 (for DHCP)
ip wccp 51 redirect in
ip access-list extended REDIRECT_CLIENTS
permit tcp host XXX.XXX.36.147 any eq www
permit tcp host XXX.XXX.36.147 any eq 443
permit tcp host XXX.XXX.32.69 any
permit tcp host XXX.XXX.32.70 any eq www
permit tcp host XXX.XXX.32.70 any eq 443
sh ip wccp
Global WCCP information:
Router information:
Router Identifier: XXX.XXX.34.17
Configured source-interface: Vlan777
Protocol Version: 2.0
Service Identifier: 51
Number of Service Group Clients: 1
Number of Service Group Routers: 2
Total Packets Redirected: 0
Process: 0
CEF: 0
Platform: 0
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: REDIRECT_CLIENTS
Total Packets Denied Redirect: 16662
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Platform: 0
sh ip wccp summary
WCCP version 2 enabled, 1 service
Service Clients Routers Assign Redirect Bypass
------- ------- ------- ------ -------- ------
Default routing table (Router Id: XXX.XXX.34.17):
51 1 1 MASK L2 GRE
sh ip wccp interfaces
WCCP interface configuration:
Vlan136
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
Vlan151
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FAL
Solved! Go to Solution.
10-11-2018 03:49 AM
Thanks for the reply but it appears that our issue was due to cables being moved on the ESXi host where the MWG virtual appliance was hosted. Cables were moved, port channels were reconfigured, and arp tables were not cleared. Our WCCP access list is now seeing hits and sending traffic to the MWG.
10-10-2018 11:06 PM
10-11-2018 03:49 AM
Thanks for the reply but it appears that our issue was due to cables being moved on the ESXi host where the MWG virtual appliance was hosted. Cables were moved, port channels were reconfigured, and arp tables were not cleared. Our WCCP access list is now seeing hits and sending traffic to the MWG.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide