This document describes how to troubleshoot Web Cache Communication Protocol (WCCP) between a Cisco Web Security Appliance (WSA) and a Cisco router.
WSA FAQ: How do you troubleshoot WCCP between a Cisco WSA and a Cisco router/switch?
When WCCP packet redirection is not working between the WSA and a Cisco router, the first place to look is the WCCP logs on the WSA. By default, there are no WCCP log subscriptions enabled. Follow these steps to enable the WCCP logs and change the logging level.
- From the CLI or the GUI of the WSA, create a new log subscription.
- Select WCCP Module Logs as the log type.
- Select Debug as the Log Level.
- Submit and commit the changes.
Once the logs are configured, WCCP related information can be viewed in the WCCP log.
Additional troubleshooting may be required from the Cisco router/switch if the issue can not be identified from the WCCP log on the WSA. Here is a table of commands that can be run on a Cisco router/switch to view WCCP information.
|show ip wccp
||Displays global WCCP statistics
|show ip wccp <service ID>
||Displays information about all known Content Engines
|show ip interface
||Displays whether web cache redirecting is enabled on an interface
|show ip wccp / show ip wccp <service ID>
||Displays a count of the number of packets redirected
|clear ip wccp
||Clears the counter displayed by the show ip wccp and show ip wccp web-caches
WCCP Debug and Detail Commands
| Debug Command
|show ip wccp web-cache detail
||Display cache server and WCCP router statistics for a particular service group
|show ip wccp <service ID> view
||Displays service group information
|debug ip wccp events
||Displays information about significant WCCP events
|debug ip wccp packets
||Displays information about every WCCP packet received or sent by the router
Special Commands for Debugging (IP Spoofing, etc.)
|show ip wccp <service ID> service
||Shows more data than 'detail.' Hidden command