Configure PacketShaper for WCCP-Based Traffic Redirection
For background on the traffic redirection feature, see Overview of WCCP-Based Traffic Redirection.
Using Packeteer's WCCP-based traffic redirection feature can be as simple as turning it on, assuming your configuration uses the default settings. However, there are additional settings you can configure to ensure the PacketShaper is redirecting the right traffic.
Note: In addition to configuring the PacketShaper for redirection, you need to configure the iShared cache device. See Configure Cache Device for Redirection.
|
|
Note:To perform this task from PolicyCenter, you must first select a unit or draft configuration draft in the Configurations window. Then select the Setup tab from the right pane of this window, and proceed to step 2 of the procedure below. |
To enable redirection and configure WCCP settings:
1. Use the arp show or host show <gateway-IP> CLI command to confirm that the gateway is on the outside. (Redirection works only when the gateway is on the outside of the PacketShaper.)
2. Click the setup tab on the navigation bar.
3. From the Choose Setup Page list, select
wccp settings. The WCCP Settings page appears.  show screen
4. Select the Enable Redirect checkbox to turn on redirection.
5. In the Cache Device IP Address field, define the IP address of the iShared appliance.
Defining the IP address is optional, but it lets PacketShaper know which cache device to use if others are available. When an IP address is configured, the PacketShaper will ignore WCCP messages from other cache devices.
6. In the Password and Retyped Password fields, enter the MD5 password for authentication. The password can be up to 19 characters in length. To enter a password containing spaces, enclose the string in quotes. To avoid confusion, do not use leading or trailing spaces in the password or specify an empty string ("").
Because MD5 authentication is not currently supported in iShared, setting the password in PacketShaper will prevent it from being paired with iShared.
7. In the Service ID field, enter the WCCP v2 service group ID number (0, 51-255).
The default service ID is 99, which is the default ID used by iShared. The service ID configured on the PacketShaper must match the ID configured on iShared. If group ID 0 is specified, the PacketShaper will redirect port 80 (HTTP) traffic only, and the port portion of any defined filters will be ignored.
8. From the drop-down list next to the add interface button, select the PacketShaper interface to be used for WCCP-based traffic redirection, and then click add interface. The interface will be listed in the Interface(s) box.
Notes: If you don't select an interface, the INSIDE built-in interface will be used for redirection. Up to two interfaces on the same LEM can be specified. Most redirections are on the INSIDE port. However, in topologies in which traffic may pass through the PacketShaper multiple times (such as in VLAN topologies), you should select the OUTSIDE interface as well.
9. Repeat step 8 if you want to define a second interface.
The final step to configuring WCCP is to define which outbound traffic PacketShaper should redirect to the cache device. You can filter by source and/or destination IP addresses and/or port numbers. If no IP addresses or port numbers are specified, PacketShaper will redirect traffic of all hosts and ports.
10. In the add filter field, identify the hosts and/or port numbers for redirection.
A port can be a single TCP port number (for example, port 80) or a range of port numbers (such as port 1-80).
Source and destination
hosts can be identified using any of the following specifications:
| <ip-address> |
Single IP address
Note: Domain names cannot be specified.
Examples:
dst ip 192.21.18.160
src ip 172.16.54.120 |
| <ip-address>-<ip-address> |
Range of IP addresses, separated by a dash
Examples:
dst ip 192.21.18.160-192.21.18.170
src ip 172.16.54.100-172.16.54.200 |
| <ip-address>:<netmask> |
Subnet and mask
Examples:
dst ip 192.21.18.0:255.255.255.0
src ip 172.16.54.0:255.255.255.0 |
| <ip-address>/<cidr> |
The address of the subnet; the CIDR number specifies the number of constant bits in the address range
Examples:
dst ip 10.0.0.0/8
src ip 10.0.0.0/8 |
Note: Filters can be combined in a single filter definition. For example, to redirect port 80 from a specific subnet, enter: src ip 10.7.38.0/24 port 80.
11. After each filter definition, click add filter. The filter will be listed in the Filter(s) box.
12. When finished, click apply changes.
Notes:
- Up to 200 filter definitions may be specified; each definition is limited to 256 characters.
- If a filter definition contains only a port number, all source and destination IP addresses for that port number will be redirected.
- If a filter defintion contains only a source IP address, all destination IP addresses and all ports for that source IP will be redirected.
- If a filter defintion contains only a destination IP address, all source IP addresses and all ports for that destination IP will be redirected.
- When specifying destination IP addresses, the dst ip is optional. In other words, entering 192.22.16.78 means the same thing as dst ip 192.22.16.78.
- When specifying port numbers, the port is optional. That is, entering 80 is the same as entering port 80.
- If an error is found in any of the filter definitions when the apply changes button is clicked, the entire set of new definitions is rejected.
See also:
Configure Cache Device for Redirection |
