Cisco Catalyst 4503 + WAAS with WCCP

Similar Messages

• Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working

  I have a Cisco Catalyst 4507R+E  (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
  When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
  The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
  I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
  The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?

  I have 2 Core switches, single SUP on each.
  Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
  although the code is newer than 3.2.2SG.
  Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
  otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
  We´ve sent a show tech to Cisco support while the issue was happening.
  Current modules on the Core switches.
  Mod Ports Card Type                              Model              Serial No.
  ---+-----+--------------------------------------+------------------+-----------
  1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1627L48B
  2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1629L0ZY
  3     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1629L1PD
  5    12  1000BaseX (SFP)                        WS-X4612-SFP-E     JAE163007EO
  M MAC addresses                    Hw  Fw           Sw               Status
  --+--------------------------------+---+------------+----------------+---------
  1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1                               Ok      
  2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1                               Ok      
  3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E       Ok      
  5 a493.4c44.13e8 to a493.4c44.13f3 1.1                               Ok      
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+----------------------------------
  3   Active Supervisor   SSO                 Active                           

• WAAS and WCCP

  Hello ,
  I have many Qs regarding the WAAS implemntation
  1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
  2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
  3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
  Thanks
  Moamen

  Hey Moamen,
  1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
  2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
  3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
  I hope that helps you out.
  Dan

• Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

  I've about pulled what little hair I have out of my head on this one, and need some configuration help.
  I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached.  All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly.  I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet.  I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong.  When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work.  Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers?  Here's what I am looking for:
  INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

  The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
  The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
  HTH,
  John

• Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

  With Wilson Bonilla
  Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla. 
  Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms.  With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.  
  Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
  Remember to use the rating system to let Wilson know if you've received an adequate response. 
  Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

  Hello NetNavi.
  Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
  In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
  In regards to Private VLANS:
  What is a Private Vlan?
  A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
  What is a primary Vlan?
  The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
  What is a secondary Vlan?
  A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
  What does it happen to host within a secondary isolated Vlan?
  Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
  What does it happen to host within the secondary community Vlan?
  Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
  What are the benefits of implementing private Vlans?
  Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
  Examples:
  ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
  DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
  I would like to share this documentation with you for further information and configuration guidelines
  http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
  This document explains what Cisco Catalyst switches support Private Vlans. 
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
  Let me know if you have further questions.
  Regards
  Wilson B.

• MIB Extension - Cisco Catalyst 2960 -

  Hi everyone, 
  I would like to monitor a cisco catalyst 2960 provided with IOS v15. I accessed mib files and I found that many component are disabled or have no entry in it (check attachment).
  So my question is : Can I extend the mib to support more OIDs ? and if so, I'll be glad if you give a tutorial or example !
  Thank you so much.
  Best regards,

  Your ipRouteTable and EGP MIBs are disabled because the 2960 is a layer-2 switch only, so it does not have any ip routing or EGP.  The MIBs will be disabled for features your switch does not support.
  Kevin Dorrell
  Luxembourg

• VLAN trunking from Cisco Catalyst 3750 to Cisco SF300-48P issue and related

  Hello expert,
  I'm having difficulties to configure VLAN trunking between Cisco Catalyst 3750 switch with Cisco SF300-48P switch and my workstation unable to get any DHCP IP from our DHCP server via Cisco SF300-48P switch. Below is the snippet of configuration on both switches:
  [Cisco Catalyst 3750 Switch]
  interface GigabitEthernet1/0/45
   description NCC-CC-1stFlr
   no switchport trunk encapsulation dot1q
   no switchport trunk allowed vlan 101-103
   spanning-tree portfast
  [Cisco SF300-48P Switch]
  interface fastethernet48
   spanning-tree link-type point-to-point
   switchport trunk allowed vlan add 101-103
   macro description switch
   !next command is internal.
   macro auto smartport dynamic_type switch
  interface fastethernet29
   switchport mode general
   switchport general allowed vlan add 103 tagged
   switchport general pvid 103
  Are these are correct? Kindly advice!
  Thank you very much!
  Regards,
  Alex

  Hi Alex,
  for the trunk port on Catalyst on port GE 1/0/45, we need to enable the trunk and for on encapsulation dot1q because this catalyst model is ISL capable also and the SF300 working only with Dot1q Encapsultion
  The configuration on catalyst should :
  #config terminal
  #interface Gi 1/0/45
  # switchport encapsulation 
  #switchport trunk encapsulation dot1q
  #switchport mode trunk 
  #switchport trunk allowed vlan 101-103
  #spanning-tree portfast
  For SF300 the port trunk it looks fine but for the port where the PC should receive an IP address
  #interface fastethernet29
   #switchport mode access
   #switchport ccess vlan 103
  Please let me know after this configuration
  Thanks
  Mehdi
  Please rate or mark as answered to help other Cisco Customers

• Best practice with WCCP flows for WAAS

  Hi,
  I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
  All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
  WAAS# sh interface gi 1/0
  Internet Address                    : 10.0.1.1
  Netmask                             : 255.255.255.0
  Admin State                         : Up
  Operation State                     : Running
  Maximum Transfer Unit Size          : 1500
  Input Errors                        : 0
  Input Packets Dropped               : 0
  Packets Received                    : 20631
  Output Errors                       : 0
  Output Packets Dropped              : 0
  Load Interval                       : 30
  Input Throughput                    : 239 bits/sec, 0 packets/sec
  Output Throughput                   : 3270892 bits/sec, 592 packets/sec
  Packets Sent                        : 110062
  Auto-negotiation                    : On
  Full Duplex                         : Yes
  Speed                               : 1000 Mbps
  WAAS# sh interface gi 2/0
  Internet Address                    : 10.0.2.1
  Netmask                             : 255.255.255.0
  Admin State                         : Up
  Operation State                     : Running
  Maximum Transfer Unit Size          : 1500
  Input Errors                        : 0
  Input Packets Dropped               : 0
  Packets Received                    : 86558
  Output Errors                       : 0
  Output Packets Dropped              : 0
  Load Interval                       : 30
  Input Throughput                    : 2519130 bits/sec, 579 packets/sec
  Output Throughput                   : 3431 bits/sec, 2 packets/sec
  Packets Sent                        : 1580
  Auto-negotiation                    : On
  Full Duplex                         : Yes
  Speed                               : 100 Mbps
  The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
  Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
  Is there a best practice recommended by Cisco on this ?
  Thanks.
  Stéphane

  Hi Stephane,
  We usually advise the following in such scenario with an internal module:
  "ip wccp 61 redirect in" the LAN interface.
  "ip wccp 61 redirect in" on the WAN one.
  "ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
  That way, we are sure that no loops are created because of the WCCP redirection.
  Regards,
  Nicolas

• Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

  Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
  Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
  ipv6 dhcp database disk0://DHCPV6-DB
  ipv6 dhcp pool VLAN206IPV6
   prefix-delegation pool VLAN206IPV6-POOL
   dns-server 2620:B700:0:1001::53
   domain-name global.bio.com
  ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
  interface Vlan206
   description *** IPv6 Subnet ***  
   ip address 10.2.104.2 255.255.255.0
   ipv6 address 2620:B700:0:12C7::2/64
   ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
   ipv6 nd managed-config-flag
   ipv6 dhcp server VLAN206IPV6
   standby version 2
   standby 0 ip 10.2.104.1
   standby 0 preempt
   standby 6 ipv6 2620:B700:0:12C7::1/64
   standby 6 preempt
  I'm getting a result from my debug as follows:
  Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   dst FF02::1:2
  Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
  Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
  Apr 10 16:28:03.861 PDT:     elapsed-time 101
  Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
  Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
  Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
  Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
  Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
  Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
  Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
  Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
  Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
  Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
  Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
  Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

  Hello,
  maybe hitting the following bug.
  Pv6 Address Assignment Support for IPv6 DHCP Server
  CSCse81385
  Hope this helps

• WAAS using WCCP with gre tunnel going via vpn

  Hello All
  I am trying to get WAAS using WCCP to work according to the attached diagram. I would like to know if there is a redirection config that I need to apply to the ASAs?
  Many thanks
  Donagh

  Hello
  Thanks for your reply.
  I posted this twice in error.
  Original is here
  http://preview.tinyurl.com/ygpuehy
  You might have a look and see if you agree. I have not deployed yet.
  Thanks
  Donagh

• GLBP with wccp

  The first Qs is
  Both the core switches will be acting as a default gateway for the user vlan 23. so half of the users will be sending the traffic to Core SW1 and other half to Core SW2. Since wccp is enabled on the the svi on both the switches so the traffic should be redirected to the WAAS by both the core switches.
  Will the WAE be able to differentiate between both the swithches based on their mac addresses and will sent back the traffic to the same router that have sent that traffic. as both the routers are on my router-list.
  The complete configuration is attached here.
  Data Center Configuration
  Configuring Core Switch for WAE CM
  Vlan 10
  Name Central_Mgr
  interface Vlan10
  ip address 10.10.1.1 255.255.255.0
  Interface gigabit 1/36
  Description Connected to Central Manager
  Switchport mode access
  Swicthport access vlan 10
  Configuring Core Switch for Data Center WAE
  Vlan 11
  Name Data-Center-WAE
  Interface vlan 11
  Ip address 10.11.1.1 255.255.255.0
  Interface gigabit 1/36
  Description Connected to WAE
  Switchport
  Switchport mode access
  Swicthport access vlan 11
  Configuring Core Switch for WCCP
  Ip wccp version 2
  Ip wccp 61
  Ip wccp 62
  Ip cef
  Enabling WCCP services on Server Vlan
  interface Vlan6
  ip address 10.6.1.1 255.255.255.0
  ip wccp 61 redirect in
  ip wccp 62 redirect out
  WAE Configuration
  Hostname DA-WAE
  Ip default-gateway 10.11.1.1
  Wccp router-list 1 10.11.1.1
  Wccp tcp-promiscuous router-list 1 l2-redirect mask-assign
  The Layer 2 redirect and mask assign option for hardware forwarding
  Wccp version 2
  FWSM configuration
  FWSM version is 3.2(10) which supports the below command as per command reference guide
  Conf t
  Policy-map global_policy
  Class inspection_default
  Inspect waas
  Exit
  Branch configuration
  Configuring Primary Core Switch for Branch WAE
  Vlan 25
  Name Branch-WAE
  Interface vlan 25
  Ip address 10.94.25.2 255.255.255.0
  Standby 25 ip 10.94.25.1
  Standby 25 priority 105
  Standby 25 preempt
  No shutdown
  Interface gigabit 1/43
  Description Connected to WAE
  Switchport mode access
  Swicthport access vlan 25
  Configuring Secondary Core Switch for Branch WAE
  Vlan 25
  Name Branch-WAE
  Interface vlan 25
  Ip address 10.94.25.3 255.255.255.0
  Standby 25 ip 10.94.25.1
  Standby 25 preempt
  Interface gigabit 1/43
  Description Connected to WAE
  Switchport mode access
  Swicthport access vlan 25
  Configuring User Vlan for WCCP on Primary Core-Switch
  Interface vlan 23
  description Data vlan for 23rd Floor
  ip address 10.93.23.252 255.255.255.0
  ip helper-address 10.96.1.5
  glbp 123 ip 10.93.23.254
  glbp 123 priority 115
  glbp 123 preempt
  ip wccp 61 redirect in
  ip wccp 62 redirect out
  Configuring User Vlan for WCCP on Secondary Core-Switch
  Interface vlan 23
  description Data vlan for 23rd Floor
  ip address 10.93.23.253 255.255.255.0
  glbp 123 ip 10.93.23.254
  glbp 123 priority 115
  glbp 123 preempt
  ip wccp 61 redirect in
  ip wccp 62 redirect out
  no shutdown
  WAE Configuration
  Hostname DA-WAE
  Ip default-gateway 10.94.25.1
  Wccp router-list 1 10.94.25.2 10.94.25.3
  Since Both the core Switches are running GLBP for user vlans and WAE is in a vlan 25 which is present on both the switches and they are running HSRP for WAE Vlan so both of them will be sending the traffic to the WAE so the WAE should have both the routers in the router-list as it is above which is apart from the gateway.
  Wccp tcp-promiscuous router-list 1 l2-redirect mask-assign
  The Layer 2 redirect and mask assign option for hardware forwarding
  Wccp version 2
  ASA Configuration
  The current ASA version is 7.2(2) which does not supports then below command and this is required in order for WAAS to work.
  Recommended upgrade: This command was introduced in 7.2(3). However the latest IOS release by Cisco is 8.0(4)
  Policy-map global_policy
  Class inspection_default
  Inspect waas
  Exit

  Probably a little late for a reply.
  With WCCP you have redirect (traffic from router or switch to WAE) and return traffic (WAE to router or switch).
  So this s minefield of confusion and limitations. The return method is the egress method, and that can be seen on the way with show egress. The default egress method is ip forwarding, which means the WAE will use its configured default gateway, and hence have the issue you describe, which I think they call "network path affinity". If you use GRE return and forward the WAE will send it back to the switch/router who sent it. The best return method for a 6500 PFC3 is Generic GRE, which is done in hardware.
  Hope this helps.

• Dual MPLS connection to one WAAS with inlinecard

  Hi all,
  Is it posible to use one Cisco WAAS with dual inlineports connected to two PTT routers?
  Both PTT routers is active and load balacing with BGP wth local L3 switches.
  Or is it a most to use WCCP?
  Jan

  Hi Jan,
  Just because I've previously ran into problems, because WAAS obfuscates sequence numbers.
  On newer (greenfield) implementations of WAAS, BGP is set to pass-through as default.
  From this link : http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v511/configuration/guide/cnfg/apx_apps.html
  If the policies is migrated from a WAAS Central manager running versions earlier than 4.4, the default was LS+TFO+DRE - from 4.3.x the default changed to Pass-Through.
  Best Regards
  Finn Poulsen

• Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

  I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
  I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
  Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

  Thank you,  but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.  
  So what type of transceiver should I use to connect LC/APC patch cord to cisco switches?  Is there another type or SFP+ still can be used? 

• Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot

  I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
  I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
  Thanks!
  -Danny

  The ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
  When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
  So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
  -Danny

• Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS

  I`m looking for an alternative to these two switches:                 
  1.  WS-C3750V2-24FS-S  Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
  2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
  They are now EOL and not available.
  I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
  Could anyone please point me in the right direction?
  Many thanks,
  Paul

  Hi Paul ,
  Replacement for both switch is WS-C3650-48TS-S.
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
  Regards
  Don't forget to rate helpful posts
  Sent from Cisco Technical Support iPhone App