Feedback
Contents
ip tcp adjust-mss through ip wccp web-cache accelerated
ip vrf
To define a VPN routing and forwarding (VRF) instance and to enter VRF configuration mode, use the ip vrf command in global configuration mode. To remove a VRF instance, use the no form of this command.
Command Default
No VRFs are defined. No import or export lists are associated with a VRF. No route maps are associated with a VRF.
Command History
Release
Modification
12.0(5)T
This command was introduced.
12.0(21)ST
This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S
This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S
This command was integrated into Cisco IOS 12.2(14)S.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
15.1(1)SY
This command was integrated into Cisco IOS Release 15.1(1)SY.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
The ip vrf vrf-name command creates a VRF instance named vrf-name. To make the VRF functional, a route distinguisher (RD) must be created using the rd route-distinguisher command in VRF configuration mode. The rd route-distinguisher command creates the routing and forwarding tables and associates the RD with the VRF instance named vrf-name.
The ip vrf default command can be used to configure a VRF instance that is a NULL value until a default VRF name can be configured. This is typically before any VRF related AAA commands are configured.
ip wccp
To enable support of the specified Web Cache Communication Protocol (WCCP) service for participation in a service group, use the ip wccp command in global configuration mode. To disable the service group, use the no form of this command.
ip wccp vrf vrf-name { web-cache | service-number } [accelerated] [ service-list service-access-list ] [ mode { open | closed } ] [ group-address multicast-address ] [ redirect-list access-list ] [ group-list access-list ] [ password [ 0 | 7 ] password ]
no ip wccp vrf vrf-name { web-cache | service-number } [accelerated] [ service-list service-access-list ] [ mode { open | closed } ] [ group-address multicast-address ] [ redirect-list access-list ] [ group-list access-list ] [ password [ 0 | 7 ] password ]
Syntax Description
Command History
Release
Modification
12.0(3)T
This command was introduced.
12.1
This command replaced the ip wccp enable, ip wccp redirect-list, and ip wccp group-list commands.
12.2(25)S
This command was integrated into Cisco IOS Release 12.2(25)S.
12.3(14)T
The maximum value for the service-number argument was increased to 254.
12.2(27)SBC
This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(11)T
The service-list service-access-list keyword and argument pair and the mode open and mode closed keywords were added.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.2
This command was integrated into Cisco IOS XE Release 2.2.
15.0(1)M
This command was modified. The vrf keyword and vrf-name argument pair were added.
12.2(33)SRE
This command was modified. The vrf keyword and vrf-name argument pair were added.
12.2(50)SY
This command was modified. The vrf keyword and vrf-name argument pair were added.
Cisco IOS XE Release 3.3SG
This command was integrated into Cisco IOS XE Release 3.3SG.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
WCCP transparent caching bypasses Network Address Translation (NAT) when Cisco Express Forwarding switching is enabled. To work around this situation, configure WCCP transparent caching in the outgoing direction, enable Cisco Express Forwarding switching on the content engine interface, and specify the ip wccp web-cache redirect out command. Configure WCCP in the incoming direction on the inside interface by specifying the ip wccp redirect exclude in command on the router interface facing the cache. This configuration prevents the redirection of any packets arriving on that interface.
You can also include a redirect list when configuring a service group. The specified redirect list will deny packets with a NAT (source) IP address and prevent redirection.
This command instructs a router to enable or disable support for the specified service number or the web-cache service name. A service number can be from 0 to 254. Once the service number or name is enabled, the router can participate in the establishment of a service group.
The vrf vrf-name keyword and argument pair is optional. It allows you to specify a VRF to associate with a service group. You can then specify a web-cache service name or service number.
The same service (web-cache or service number) can be configured in different VRF tables. Each service will operate independently.
When the no ip wccp command is entered, the router terminates participation in the service group, deallocates space if none of the interfaces still has the service configured, and terminates the WCCP task if no other services are configured.
The keywords following the web-cache keyword and the service-number argument are optional and may be specified in any order, but only may be specified once. The following sections outline the specific usage of each of the optional forms of this command.
ip wccp [vrf vrf-name] {web-cache | service-number} group-address multicast-address
A WCCP group address can be configured to set up a multicast address that cooperating routers and web caches can use to exchange WCCP protocol messages. If such an address is used, IP multicast routing must be enabled so that the messages that use the configured group (multicast) addresses are received correctly.
This option instructs the router to use the specified multicast IP address to coalesce the "I See You" responses for the "Here I Am" messages that it has received on this group address. The response is also sent to the group address. The default is for no group address to be configured, in which case all "Here I Am" messages are responded to with a unicast reply.
ip wccp [vrf vrf-name] {web-cache | service-number} redirect-list access-list
This option instructs the router to use an access list to control the traffic that is redirected to the web caches of the service group specified by the service name given. The access-list argument specifies either the number or the name of a standard or extended access list. The access list itself specifies which traffic is permitted to be redirected. The default is for no redirect list to be configured (all traffic is redirected).
WCCP requires that the following protocol and ports not be filtered by any access lists:
- UDP (protocol type 17) port 2048. This port is used for control signaling. Blocking this type of traffic will prevent WCCP from establishing a connection between the router and web caches.
- Generic routing encapsulation (GRE) (protocol type 47 encapsulated frames). Blocking this type of traffic will prevent the web caches from ever seeing the packets that are intercepted.
ip wccp [vrf vrf-name] {web-cache | service-number} group-list access-list
This option instructs the router to use an access list to control the web caches that are allowed to participate in the specified service group. The access-list argument specifies either the number of a standard or extended access list or the name of any type of named access list. The access list itself specifies which web caches are permitted to participate in the service group. The default is for no group list to be configured, in which case all web caches may participate in the service group.
Note
The ip wccp {web-cache | service-number} group-list command syntax resembles the ip wccp {web-cache | service-number} group-listen command, but these are entirely different commands. The ip wccp group-listen command is an interface configuration command used to configure an interface to listen for multicast notifications from a cache cluster. Refer to the description of the ip wccp group-listen command in the Cisco IOS IP Application Services Command Reference.
ip wccp [vrf vrf-name] web-cache | service-number} password password
This option instructs the router to use MD5 authentication on the messages received from the service group specified by the service name given. Use this form of the command to set the password on the router. You must also configure the same password separately on each web cache. The password can be up to a maximum of eight characters in length. Messages that do not authenticate when authentication is enabled on the router are discarded. The default is for no authentication password to be configured and for authentication to be disabled.
ip wccp service-number service-list service-access-list mode closed
In applications where the interception and redirection of WCCP packets to external intermediate devices for the purpose of applying feature processing are not available within Cisco IOS software, packets for the application must be blocked when the intermediary device is not available. This blocking is called a closed service. By default, WCCP operates as an open service, wherein communication between clients and servers proceeds normally in the absence of an intermediary device. The service-list keyword can be used only for closed mode services. When a WCCP service is configured as closed, WCCP discards packets that do not have a client application registered to receive the traffic. Use the service-list keyword and service-access-list argument to register an application protocol type or port number.
When the definition of a service in a service list conflicts with the definition received via the WCCP protocol, a warning message similar to the following is displayed:
Sep 28 14:06:35.923: %WCCP-5-SERVICEMISMATCH: Service 90 mismatched on WCCP client 10.1.1.13When there is service list definitions conflict, the configured definition takes precedence over the external definition received via WCCP protocol messages.
Examples
The following example shows how to configure a router to run WCCP reverse-proxy service, using the multicast address of 239.0.0.0:
Router(config)# ip multicast-routing Router(config)# ip wccp 99 group-address 239.0.0.0 Router(config)# interface ethernet 0 Router(config-if)# ip wccp 99 group-listenThe following example shows how to configure a router to redirect web-related packets without a destination of 10.168.196.51 to the web cache:
Router(config)# access-list 100 deny ip any host 10.168.196.51 Router(config)# access-list 100 permit ip any any Router(config)# ip wccp web-cache redirect-list 100 Router(config)# interface ethernet 0 Router(config-if)# ip wccp web-cache redirect outThe following example shows how to configure an access list to prevent traffic from network 10.0.0.0 leaving Fast Ethernet interface 0/0. Because the outbound access control list (ACL) check is enabled, WCCP does not redirect that traffic. WCCP checks packets against the ACL before they are redirected.
Router(config)# ip wccp web-cache Router(config)# ip wccp check acl outbound Router(config)# interface fastethernet0/0 Router(config-if)# ip access-group 10 out Router(config-if)# ip wccp web-cache redirect out Router(config-if)# access-list 10 deny 10.0.0.0 0.255.255.255 Router(config-if)# access-list 10 permit anyIf the outbound ACL check is disabled, HTTP packets from network 10.0.0.0 would be redirected to a cache, and users with that network address could retrieve web pages when the network administrator wanted to prevent this from happening.
The following example shows how to configure a closed WCCP service:
Router(config)# ip wccp 99 service-list access1 mode closedRelated Commands
Command
Description
ip wccp check services all
Enables all WCCP services.
ip wccp group listen
Configures an interface on a router to enable or disable the reception of IP multicast packets for WCCP.
ip wccp redirect exclude in
Enables redirection exclusion on an interface.
ip wccp redirect out
Configures redirection on an interface in the outgoing direction.
ip wccp version
Specifies which version of WCCP you want to use on your router.
show ip wccp
Displays global statistics related to WCCP.
ip wccp group-listen
To configure an interface on a router to enable or disable the reception of IP multicast packets for Web Cache Communication Protocol (WCCP), use the ip wccp group-listen command in interface configuration mode. To disable the reception of IP multicast packets for WCCP, use the no form of this command.
ip wccp [ vrf vrf-name ] { web-cache | service-number } group-listen
no ip wccp [ vrf vrf-name ] { web-cache | service-number } group-listen
Command Default
No interface is configured to enable the reception of IP multicast packets for WCCP.
Command History
Release
Modification
12.0(3)T
This command was introduced.
12.2(17d)SXB
Support was added for the Supervisor Engine 2.
12.2(18)SXD1
Support was added for the Supervisor Engine 720.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Cisco IOS XE Release 2.2
This command was integrated into Cisco IOS XE Release 2.2.
15.0(1)M
This command was modified. The vrf keyword and vrf-name argument were added.
12.2(33)SRE
This command was modified. The vrf keyword and vrf-name argument were added.
Cisco IOS XE Release 3.1S
This command was modified. The vrf keyword and vrf-name argument were added.
12.2(50)SY
This command was modified. The vrf keyword and vrf-name argument were added.
Cisco IOS XE Release 3.3SG
This command was integrated into Cisco IOS XE Release 3.3SG.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
Note
To ensure correct operation on Catalyst 6500 series switches and Cisco 7600 series routers, you must enter the ip pim mode command in addition to the ip wccp group-listen command.
On Cisco 7600 series routers, the value for the service-number argument may be either one of the provided standard keyword definitions or a number representing a cache engine dynamically defined definition. Once the service is enabled, the router can participate in the establishment of a service group.
Note the following requirements on routers that are to be members of a service group when IP multicast is used:
- Configure the IP multicast address for use by the WCCP service group.
- Enable IP multicast routing using the ip multicast-routing command in global configuration mode.
- Configure the interfaces on which the router wants to receive the IP multicast address with the ip wccp {web-cache | service-number} group-listen interface configuration command.
Examples
The following example shows how to enable multicast packets for a web cache with a multicast address of 224.1.1.100:
Router# configure terminal Router(config)# ip multicast-routing Router(config)# ip wccp web-cache group-address 224.1.1.100 Router(config)# interface ethernet 0 Router(config-if)# ip wccp web-cache group-listenip wccp redirect
To enable packet redirection on an outbound or inbound interface using the Web Cache Communication Protocol (WCCP), use the ip wccp redirect command in interface configuration mode. To disable WCCP redirection, use the no form of this command.
ip wccp [ vrf vrf-name ] { web-cache | service-number } redirect { in | out }
no ip wccp [ vrf vrf-name ] { web-cache | service-number } redirect { in | out }
Syntax Description
vrf vrf-name
(Optional) Specifies a virtual routing and forwarding (VRF) instance to associate with a service group.
web-cache
Enables the web cache service.
service-number
Identification number of the cache engine service group controlled by a router; valid values are from 0 to 254.
If Cisco cache engines are used in the cache cluster, the reverse proxy service is indicated by a value of 99.
in
Specifies packet redirection on an inbound interface.
out
Specifies packet redirection on an outbound interface.
Command History
Release
Modification
12.0(3)T
This command was introduced.
12.0(11)S
The in keyword was added.
12.1(3)T
The in keyword was added.
12.2(17d)SXB
Support was added for the Cisco 7600 series router Supervisor Engine 2.
12.2(18)SXD1
Support was added for the Cisco 7600 series router Supervisor Engine 720.
12.2(18)SXF
This command was enhanced to support the Cisco 7600 series router Supervisor Engine 32.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Cisco IOS XE Release 2.2
This command was integrated into Cisco IOS XE Release 2.2.
Note The out keyword is not supported in Cisco IOS XE Release 2.2.
15.0(1)M
This command was modified. The vrf keyword and vrf-name argument were added.
12.2(33)SRE
This command was modified. The vrf keyword and vrf-name argument were added.
Cisco IOS XE Release 3.1S
This command was modified. The vrf keyword and vrf-name argument were added. Support for the out keyword was added.
12.2(50)SY
This command was modified. The vrf keyword and vrf-name argument were added.
Cisco IOS XE Release 3.3SG
This command was integrated into Cisco IOS XE Release 3.3SG.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
WCCP transparent caching bypasses Network Address Translation (NAT) when Cisco Express Forwarding switching is enabled. To work around this situation, configure WCCP transparent caching in the outgoing direction, enable Cisco Express Forwarding on the content engine interface, and specify the ip wccp web-cache redirect out command. Configure WCCP in the incoming direction on the inside interface by specifying the ip wccp redirect exclude in command on the router interface facing the cache. This prevents the redirection of any packets arriving on that interface.
You can also include a redirect list when configuring a service group. The specified redirect list will deny packets with a NAT (source) IP address and prevent redirection. Refer to the ip wccp command for configuration of the redirect list and service group.
The ip wccp redirect in command allows you to configure WCCP redirection on an interface receiving inbound network traffic. When the command is applied to an interface, all packets arriving at that interface will be compared against the criteria defined by the specified WCCP service. Packets that match the criteria will be redirected.
The ip wccp redirect out command allows you to configure the WCCP redirection check at an outbound interface.
Tip
Be careful not to confuse the ip wccp redirect {out | in } interface configuration command with the ip wccp redirect exclude in interface configuration command.
Note
This command can affect the ip wccp redirect exclude in command behavior. (These commands have opposite functions.) If you have the ip wccp redirect exclude in command set on an interface and you subsequently configure the ip wccp redirect in command, the ip wccp redirect exclude in command will be overridden. The opposite is also true: Configuring the ip wccp redirect exclude in command will override the ip wccp redirect in command.
Examples
In the following configuration, the multilink interface is configured to prevent the bypassing of NAT when Cisco Express Forwarding switching is enabled:
Router(config)# interface multilink2 Router(config-if)# ip address 10.21.21.1 255.255.255.0 Router(config-if)# ip access-group IDS_Multilink2_in_1 in Router(config-if)# ip wccp web-cache redirect out Router(config-if)# ip nat outside Router(config-if)# ip inspect FSB-WALL out Router(config-if)# max-reserved-bandwidth 100 Router(config-if)# service-policy output fsb-policy Router(config-if)# no ip route-cache Router(config-if)# load-interval 30 Router(config-if)# tx-ring-limit 3 Router(config-if)# tx-queue-limit 3 Router(config-if)# ids-service-module monitoring Router(config-if)# ppp multilink Router(config-if)# ppp multilink group 2 Router(config-if)# crypto map abc1The following example shows how to configure a session in which reverse proxy packets on Ethernet interface 0 are being checked for redirection and redirected to a Cisco Cache Engine:
Router(config)# ip wccp 99 Router(config)# interface ethernet 0 Router(config-if)# ip wccp 99 redirect outThe following example shows how to configure a session in which HTTP traffic arriving on Ethernet interface 0/1 is redirected to a Cisco Cache Engine:
Router(config)# ip wccp web-cache Router(config)# interface ethernet 0/1 Router(config-if)# ip wccp web-cache redirect inRelated Commands
Command
Description
ip wccp
Enables support of the specified WCCP service for participation in a service group.
ip wccp redirect exclude in
Enables redirection exclusion on an interface.
show ip interface
Displays the usability status of interfaces that are configured for IP.
show ip wccp
Displays the WCCP global configuration and statistics.
ip wccp redirect exclude in
To configure an interface to exclude packets received on an interface from being checked for redirection, use the ip wccp redirect exclude in command in interface configuration mode. To disable the ability of a router to exclude packets from redirection checks, use the no form of this command.
Command History
Release
Modification
12.0(3)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.2
This command was integrated into Cisco IOS XE Release 2.2.
12.2(50)SY
This command was integrated into Cisco IOS Release 12.2(50)SY.
Cisco IOS XE Release 3.3SG
This command was integrated into Cisco IOS XE Release 3.3SG.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
This configuration command instructs the interface to exclude inbound packets from any redirection check. Note that the command is global to all the services and should be applied to any inbound interface that will be excluded from redirection.
This command is intended to be used to accelerate the flow of packets from a cache engine to the Internet and to allow for the use of the WCCPv2 packet return feature.
ip wccp version
To specify the version of Web Cache Communication Protocol (WCCP), use the ip wccp version command in global configuration mode.
Command History
Release
Modification
12.0(5)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.2
This command was integrated into Cisco IOS XE Release 2.2. Only WCCP version 2 is supported in Cisco IOS XE Release 2.2.
12.2(50)SY
This command was integrated into Cisco IOS Release 12.2(50)SY.
Cisco IOS XE 3.3SE
This command was implemented in Cisco IOS XE Release 3.3SE.
Usage Guidelines
Configuring this command does not have any impact on Cisco ASR 1000 Series Aggregation Services Routers because these routers support only WCCPv2. WCCPv2 is enabled by default on Cisco ASR 1000 Series Aggregation Services Routers when a service group is configured or a service group is attached to an interface.
