Enabling WCCP processing for a service group

For each WCCP v2 service group that you configure, you must enable WCCP processing.

WCCP v2 routers contain multiple network interfaces, including:

  • one or more interfaces that receive inbound (ingress) client traffic
  • one or more interfaces connected to Content Gateway
  • an interface dedicated to outbound (egress) traffic that is aimed at the Internet

Following are some guidelines for enabling WCCP processing for a service group on a router. Consult the procedures in your router documentation for specifics.

Steps

  1. Turn on the WCCP feature:
    ip wccp <service group ID> password [0-7] <passwd>
  2. On the router or switch interface, enable redirection for incoming (ingress) packets or outgoing (egress) packets.
    Note: Where your hardware and network topology support it, it is recommended that redirection be performed on the ingress interface (using the “redirect in” commands).

    The following are examples. Be sure to substitute the service group IDs that you have established on your router(s).

    First, select the interface to configure:

    interface <type> <number>

    Second, establish your redirection rules:

    ip wccp <service group ID> redirect in

    Examples for inbound redirection:

    Run these commands for each protocol that you want to support, but only on the interfaces dedicated to inbound (ingress) traffic.

    For example, to turn on redirection of HTTP destination port traffic, enter:

    ip wccp 0 redirect in

    To turn on redirection of HTTPS destination port traffic:

    ip wccp 70 redirect in

    To turn on redirection of FTP destination port traffic enter:

    ip wccp 5 redirect in

    To turn on redirection of HTTP source port traffic, which is required for IP spoofing, enter:

    ip wccp 20 redirect in

    Examples for outbound redirection:

    Run these commands for each protocol that you want to support, but only on the interfaces dedicated to outbound (egress) traffic.

    First, select the interface to configure:

    interface <type> <number>

    Second, establish your redirection rules:

    ip wccp <service group ID> redirect out

    For example, to turn on redirection for HTTP, enter:

    ip wccp 0 redirect out

    To turn on redirection for HTTPS:

    ip wccp 70 redirect out

    To turn on redirection for FTP enter:

    ip wccp 5 redirect out

  3. When ARM bypass occurs, or IP spoofing is enabled, the proxy sends traffic to the Internet with the original source IP address. The “redirect exclude in” command prevents the router from looping the traffic back to Content Gateway.
    Important: When ARM dynamic or static bypass is enabled, or IP spoofing is enabled, and redirection is on the outbound (egress) interface, exclude redirection of Content Gateway outbound packets on the router interface that handles Content Gateway’s egress traffic. See the illustration, below.
    1. Select the interface that handles Content Gateway egress traffic:

      interface <type> <number>

    2. Exclude Content Gateway outbound traffic on the interface from all redirection rules on the router:

      ip wccp redirect exclude in