Cisco Catalyst 4503 + WAAS with WCCP
Hello community!
Do I need to intercept traffic with WCCP on a Cisco Catalyst 4503! Does anyone have a sample configuration for this scenario?
I tried several settings, but without success.
I have this alarm in Cisco WAAS:
WCCP router 10.10.10.10 unusable for service id: 62 reason: Assignment method mismatch with router
Thank's
David Thimotti
WCCP router 10.10.10.10 unusable for service id: 62 reason: Assignment method mismatch with router
That indicates your WAAS device is sending an assignment method (probably HASH) that is not supported by this 4500.
In the 4500 scenario WAAS must be L2 adjacent, and configured for L2-redirect and MASK assignment, and L2-return (if your version of WAAS supports it).
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/12.2/15.02SG/configuration/guide/wccp.html#wp1000978
I'm not sure what version of WAAS you are running.
If running WAAS 5.x your config will look like this (since the defaults are l2-redirct, mask, and l2 return).
wccp router-list 1 10.10.10.10
wccp tcp-promiscuous service-pair 61 62
router-list-num 1
enable
exit
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v531/command/reference/glob_cfg.html#wp2067854
If running WAAS 4.x your config will look like this:
wccp version 2
wccp router-list 1 10.10.10.10
wccp tcp-promiscuous service-pair 61 62 failure-detection 30
wccp tcp-promiscuous service-pair 61 62 router-list-num 1
wccp tcp-promiscuous service-pari 61 62 l2-redirect mask-assign l2-return
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/command/reference/glob_cfg.html#wp2067854
Similar Messages
-
Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working
I have a Cisco Catalyst 4507R+E (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?I have 2 Core switches, single SUP on each.
Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
although the code is newer than 3.2.2SG.
Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
We´ve sent a show tech to Cisco support while the issue was happening.
Current modules on the Core switches.
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1627L48B
2 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1629L0ZY
3 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1629L1PD
5 12 1000BaseX (SFP) WS-X4612-SFP-E JAE163007EO
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1 Ok
2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1 Ok
3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E Ok
5 a493.4c44.13e8 to a493.4c44.13f3 1.1 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor SSO Active -
Hello ,
I have many Qs regarding the WAAS implemntation
1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
Thanks
MoamenHey Moamen,
1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
I hope that helps you out.
Dan -
Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet
I've about pulled what little hair I have out of my head on this one, and need some configuration help.
I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached. All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly. I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet. I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong. When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work. Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers? Here's what I am looking for:
INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESSThe Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
HTH,
John -
Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms
With Wilson Bonilla
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla.
Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms. With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.
Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
Remember to use the rating system to let Wilson know if you've received an adequate response.
Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.Hello NetNavi.
Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
In regards to Private VLANS:
What is a Private Vlan?
A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
What is a primary Vlan?
The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
What is a secondary Vlan?
A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
What does it happen to host within a secondary isolated Vlan?
Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
What does it happen to host within the secondary community Vlan?
Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
What are the benefits of implementing private Vlans?
Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
Examples:
ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
I would like to share this documentation with you for further information and configuration guidelines
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
This document explains what Cisco Catalyst switches support Private Vlans.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
Let me know if you have further questions.
Regards
Wilson B. -
MIB Extension - Cisco Catalyst 2960 -
Hi everyone,
I would like to monitor a cisco catalyst 2960 provided with IOS v15. I accessed mib files and I found that many component are disabled or have no entry in it (check attachment).
So my question is : Can I extend the mib to support more OIDs ? and if so, I'll be glad if you give a tutorial or example !
Thank you so much.
Best regards,Your ipRouteTable and EGP MIBs are disabled because the 2960 is a layer-2 switch only, so it does not have any ip routing or EGP. The MIBs will be disabled for features your switch does not support.
Kevin Dorrell
Luxembourg -
VLAN trunking from Cisco Catalyst 3750 to Cisco SF300-48P issue and related
Hello expert,
I'm having difficulties to configure VLAN trunking between Cisco Catalyst 3750 switch with Cisco SF300-48P switch and my workstation unable to get any DHCP IP from our DHCP server via Cisco SF300-48P switch. Below is the snippet of configuration on both switches:
[Cisco Catalyst 3750 Switch]
interface GigabitEthernet1/0/45
description NCC-CC-1stFlr
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 101-103
spanning-tree portfast
[Cisco SF300-48P Switch]
interface fastethernet48
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 101-103
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
interface fastethernet29
switchport mode general
switchport general allowed vlan add 103 tagged
switchport general pvid 103
Are these are correct? Kindly advice!
Thank you very much!
Regards,
AlexHi Alex,
for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
The configuration on catalyst should :
#config terminal
#interface Gi 1/0/45
# switchport encapsulation
#switchport trunk encapsulation dot1q
#switchport mode trunk
#switchport trunk allowed vlan 101-103
#spanning-tree portfast
For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
#interface fastethernet29
#switchport mode access
#switchport ccess vlan 103
Please let me know after this configuration
Thanks
Mehdi
Please rate or mark as answered to help other Cisco Customers -
Best practice with WCCP flows for WAAS
Hi,
I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
WAAS# sh interface gi 1/0
Internet Address : 10.0.1.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 20631
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 239 bits/sec, 0 packets/sec
Output Throughput : 3270892 bits/sec, 592 packets/sec
Packets Sent : 110062
Auto-negotiation : On
Full Duplex : Yes
Speed : 1000 Mbps
WAAS# sh interface gi 2/0
Internet Address : 10.0.2.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 86558
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 2519130 bits/sec, 579 packets/sec
Output Throughput : 3431 bits/sec, 2 packets/sec
Packets Sent : 1580
Auto-negotiation : On
Full Duplex : Yes
Speed : 100 Mbps
The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
Is there a best practice recommended by Cisco on this ?
Thanks.
StéphaneHi Stephane,
We usually advise the following in such scenario with an internal module:
"ip wccp 61 redirect in" the LAN interface.
"ip wccp 61 redirect in" on the WAN one.
"ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
That way, we are sure that no loops are created because of the WCCP redirection.
Regards,
Nicolas -
Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
ipv6 dhcp database disk0://DHCPV6-DB
ipv6 dhcp pool VLAN206IPV6
prefix-delegation pool VLAN206IPV6-POOL
dns-server 2620:B700:0:1001::53
domain-name global.bio.com
ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
interface Vlan206
description *** IPv6 Subnet ***
ip address 10.2.104.2 255.255.255.0
ipv6 address 2620:B700:0:12C7::2/64
ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server VLAN206IPV6
standby version 2
standby 0 ip 10.2.104.1
standby 0 preempt
standby 6 ipv6 2620:B700:0:12C7::1/64
standby 6 preempt
I'm getting a result from my debug as follows:
Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: dst FF02::1:2
Apr 10 16:28:03.861 PDT: type SOLICIT(1), xid 8277025
Apr 10 16:28:03.861 PDT: option ELAPSED-TIME(8), len 2
Apr 10 16:28:03.861 PDT: elapsed-time 101
Apr 10 16:28:03.861 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.861 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.861 PDT: option IA-NA(3), len 12
Apr 10 16:28:03.861 PDT: IAID 0x0FF01FAF, T1 0, T2 0
Apr 10 16:28:03.861 PDT: option UNKNOWN(39), len 32
Apr 10 16:28:03.861 PDT: option VENDOR-CLASS(16), len 14
Apr 10 16:28:03.861 PDT: option ORO(6), len 8
Apr 10 16:28:03.861 PDT: DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::21D:E6FF:FEE4:4400
Apr 10 16:28:03.861 PDT: dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: type ADVERTISE(2), xid 8277025
Apr 10 16:28:03.861 PDT: option SERVERID(2), len 10
Apr 10 16:28:03.865 PDT: 00030001001DE6E44400
Apr 10 16:28:03.865 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.865 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.865 PDT: option STATUS-CODE(13), len 15
Apr 10 16:28:03.865 PDT: status code NOADDRS-AVAIL(2)
Apr 10 16:28:03.865 PDT: status message: NOADDRS-AVAILHello,
maybe hitting the following bug.
Pv6 Address Assignment Support for IPv6 DHCP Server
CSCse81385
Hope this helps -
WAAS using WCCP with gre tunnel going via vpn
Hello All
I am trying to get WAAS using WCCP to work according to the attached diagram. I would like to know if there is a redirection config that I need to apply to the ASAs?
Many thanks
DonaghHello
Thanks for your reply.
I posted this twice in error.
Original is here
http://preview.tinyurl.com/ygpuehy
You might have a look and see if you agree. I have not deployed yet.
Thanks
Donagh -
The first Qs is
Both the core switches will be acting as a default gateway for the user vlan 23. so half of the users will be sending the traffic to Core SW1 and other half to Core SW2. Since wccp is enabled on the the svi on both the switches so the traffic should be redirected to the WAAS by both the core switches.
Will the WAE be able to differentiate between both the swithches based on their mac addresses and will sent back the traffic to the same router that have sent that traffic. as both the routers are on my router-list.
The complete configuration is attached here.
Data Center Configuration
Configuring Core Switch for WAE CM
Vlan 10
Name Central_Mgr
interface Vlan10
ip address 10.10.1.1 255.255.255.0
Interface gigabit 1/36
Description Connected to Central Manager
Switchport mode access
Swicthport access vlan 10
Configuring Core Switch for Data Center WAE
Vlan 11
Name Data-Center-WAE
Interface vlan 11
Ip address 10.11.1.1 255.255.255.0
Interface gigabit 1/36
Description Connected to WAE
Switchport
Switchport mode access
Swicthport access vlan 11
Configuring Core Switch for WCCP
Ip wccp version 2
Ip wccp 61
Ip wccp 62
Ip cef
Enabling WCCP services on Server Vlan
interface Vlan6
ip address 10.6.1.1 255.255.255.0
ip wccp 61 redirect in
ip wccp 62 redirect out
WAE Configuration
Hostname DA-WAE
Ip default-gateway 10.11.1.1
Wccp router-list 1 10.11.1.1
Wccp tcp-promiscuous router-list 1 l2-redirect mask-assign
The Layer 2 redirect and mask assign option for hardware forwarding
Wccp version 2
FWSM configuration
FWSM version is 3.2(10) which supports the below command as per command reference guide
Conf t
Policy-map global_policy
Class inspection_default
Inspect waas
Exit
Branch configuration
Configuring Primary Core Switch for Branch WAE
Vlan 25
Name Branch-WAE
Interface vlan 25
Ip address 10.94.25.2 255.255.255.0
Standby 25 ip 10.94.25.1
Standby 25 priority 105
Standby 25 preempt
No shutdown
Interface gigabit 1/43
Description Connected to WAE
Switchport mode access
Swicthport access vlan 25
Configuring Secondary Core Switch for Branch WAE
Vlan 25
Name Branch-WAE
Interface vlan 25
Ip address 10.94.25.3 255.255.255.0
Standby 25 ip 10.94.25.1
Standby 25 preempt
Interface gigabit 1/43
Description Connected to WAE
Switchport mode access
Swicthport access vlan 25
Configuring User Vlan for WCCP on Primary Core-Switch
Interface vlan 23
description Data vlan for 23rd Floor
ip address 10.93.23.252 255.255.255.0
ip helper-address 10.96.1.5
glbp 123 ip 10.93.23.254
glbp 123 priority 115
glbp 123 preempt
ip wccp 61 redirect in
ip wccp 62 redirect out
Configuring User Vlan for WCCP on Secondary Core-Switch
Interface vlan 23
description Data vlan for 23rd Floor
ip address 10.93.23.253 255.255.255.0
glbp 123 ip 10.93.23.254
glbp 123 priority 115
glbp 123 preempt
ip wccp 61 redirect in
ip wccp 62 redirect out
no shutdown
WAE Configuration
Hostname DA-WAE
Ip default-gateway 10.94.25.1
Wccp router-list 1 10.94.25.2 10.94.25.3
Since Both the core Switches are running GLBP for user vlans and WAE is in a vlan 25 which is present on both the switches and they are running HSRP for WAE Vlan so both of them will be sending the traffic to the WAE so the WAE should have both the routers in the router-list as it is above which is apart from the gateway.
Wccp tcp-promiscuous router-list 1 l2-redirect mask-assign
The Layer 2 redirect and mask assign option for hardware forwarding
Wccp version 2
ASA Configuration
The current ASA version is 7.2(2) which does not supports then below command and this is required in order for WAAS to work.
Recommended upgrade: This command was introduced in 7.2(3). However the latest IOS release by Cisco is 8.0(4)
Policy-map global_policy
Class inspection_default
Inspect waas
ExitProbably a little late for a reply.
With WCCP you have redirect (traffic from router or switch to WAE) and return traffic (WAE to router or switch).
So this s minefield of confusion and limitations. The return method is the egress method, and that can be seen on the way with show egress. The default egress method is ip forwarding, which means the WAE will use its configured default gateway, and hence have the issue you describe, which I think they call "network path affinity". If you use GRE return and forward the WAE will send it back to the switch/router who sent it. The best return method for a 6500 PFC3 is Generic GRE, which is done in hardware.
Hope this helps. -
Dual MPLS connection to one WAAS with inlinecard
Hi all,
Is it posible to use one Cisco WAAS with dual inlineports connected to two PTT routers?
Both PTT routers is active and load balacing with BGP wth local L3 switches.
Or is it a most to use WCCP?
JanHi Jan,
Just because I've previously ran into problems, because WAAS obfuscates sequence numbers.
On newer (greenfield) implementations of WAAS, BGP is set to pass-through as default.
From this link : http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v511/configuration/guide/cnfg/apx_apps.html
If the policies is migrated from a WAAS Central manager running versions earlier than 4.4, the default was LS+TFO+DRE - from 4.3.x the default changed to Pass-Through.
Best Regards
Finn Poulsen -
I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"Thank you, but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.
So what type of transceiver should I use to connect LC/APC patch cord to cisco switches? Is there another type or SFP+ still can be used? -
Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot
I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
Thanks!
-DannyThe ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
-Danny -
Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS
I`m looking for an alternative to these two switches:
1. WS-C3750V2-24FS-S Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
They are now EOL and not available.
I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
Could anyone please point me in the right direction?
Many thanks,
PaulHi Paul ,
Replacement for both switch is WS-C3650-48TS-S.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
Regards
Don't forget to rate helpful posts
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
Why no support for element factories?
The XML parser should support user supplied element factories. That is, I should be able to instruct the parser to use my class when creating elements and attributes it encounters. Among other things, this would allow me to exclude certain elements/a
-
Windows Media file write failure
Help, I'm using a Gateway computer with Windows XP Professional OS, version 2002 and Service Pack3. It has Intel Core CPU, 6600 @ 2.40GHz, 2.41 GHz, 2.00 GB of RAM. I have both Premiere Pro CS3 and CS4 installed. There's 54.1 GB of free space on my H
-
Photostream not appearing in iPhoto
I had to reset my iPhone, and with that, update to iOS 8. Since then, photos I have taken on my phone are not showing up in my photostream album when i open iPhoto on my laptop.
-
Extraction of InfoCube data from BW system to non SAP system
Hello All, Is the extraction of InfoCube data from BW system to non SAP system availbale only for BW 3.5 release ? If yes, how can we extract the InfoCube data to a non SAP system with SAP BW 3.1 ? Hope to get some help. Best Regards, Loveline.
-
Browser title needs to pick up tab title within a jspx page.
We are using dynamic tabs within a jspx. The requirement is that ,the browser title should pick the tab title when on-focus and the title should change when out-of-focus.We are not in favor of doing a full page refresh. Please advice. Regards, Sudhan