Does WCCP support traffic from different VLANs(mapped to VRFs)?

Similar Messages

• Cisco 881 ISR IPSec VPN Tunnel does not pass traffic from the vlan.

  I have a cisco 881 ISR Router with a site-to-site IPsec vpn tunnel to a mikrotik device on the other end (I inherited this from my client). The tunnel is constructed properly and is up, however traffic does not pass or get routed to the FA4 interface. I see in my packet captures that it hits the vlan1 interface (vlans are required on the L2 ports) and does not pass to the tunnel.
  This is my configuration:
  141Kerioth#sh config
  Using 3763 out of 262136 bytes
  ! Last configuration change at 01:02:41 UTC Mon May 26 2014 by admin
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname 141Kerioth
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  aaa new-model
  141Kerioth#do wr mem
                ^
  % Invalid input detected at '^' marker.
  141Kerioth#wr mem
  Building configuration...
  [OK]
  141Kerioth#sh run
  Building configuration...
  Current configuration : 5053 bytes
  ! Last configuration change at 01:38:06 UTC Mon May 26 2014 by admin
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname 141Kerioth
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  aaa new-model
  aaa authentication login default local
  aaa authentication ppp default local
  aaa session-id common
  memory-size iomem 10
  crypto pki trustpoint TP-self-signed-580381394
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-580381394
   revocation-check none
   rsakeypair TP-self-signed-580381394
  crypto pki certificate chain TP-self-signed-580381394
   certificate self-signed 01
    30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 35383033 38313339 34301E17 0D313430 35323231 38323333
    365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3538 30333831
    33393430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    B001A012 2CA6970C 0648798B 2A786704 84F2D989 83974B19 9B4287F2 4503D2C9
    173F23C4 FF34D160 202A7565 4A1CE08B 60B3ADAE 6E19EE6E 9CD39E72 71F9650E
    930F22FE C4441F9C 2D7DD420 71F75DFC 3CCAC94E BA304685 E0E62658 A3E8D01C
    D01D7D6A 5AF0B0E6 3CF6AF3A B7E51F83 9BF6D38E 65254E1F 71369718 ADADD691
    02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
    23041830 168014D6 24878F12 1FFADF2F 537A438E 6DD7FB6B D79E4130 1D060355
    1D0E0416 0414D624 878F121F FADF2F53 7A438E6D D7FB6BD7 9E41300D 06092A86
    4886F70D 01010505 00038181 00771667 FCA66002 8AB9E5FB F210012F C50B586F
    9A9640BB 45B4CEFD 030A38C0 E610AAC8 B41EF3C4 E55810F9 B2C727CF C1DEFCF1
    0846E7BC 1D95420E 5DADB5F8 EFE7EB37 B5433B80 4FF787D4 B1F2A527 06F065A4
    00522E97 A9D2335C E83C4AE1 E68D7A41 9D0046A7 ADCC282B 7527F84D E71CC567
    14EF37EA 15E57AD0 3C5D01F3 EF
          quit
  ip dhcp excluded-address 10.0.16.1
  ip dhcp pool ccp-pool
   import all
   network 10.0.16.0 255.255.255.0
   default-router 10.0.16.1
   dns-server 8.8.8.8
   lease 0 2
  ip domain name kerioth.com
  ip host hostname.domain z.z.z.z
  ip name-server 8.8.8.8
  ip name-server 4.2.2.2
  ip cef
  no ipv6 cef
  license udi pid CISCO881-K9 sn FTX180483DD
  username admin privilege 15 secret 4 CmmfIy.RPySmo4Q2gEIZ2jlr3J.bTBAszoe5Bry0z4c
  username meadowbrook privilege 0 password 0 $8UBr#Ux
  username meadowbrook autocommand exit
  policy-map type inspect outbound-policy
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 5
  crypto isakmp key 141Township address z.z.z.z
  crypto isakmp keepalive 10
  crypto ipsec transform-set TS esp-3des esp-sha-hmac
   mode tunnel
  crypto map mymap 10 ipsec-isakmp
   set peer z.z.z.z
   set transform-set TS
   match address 115
  interface Loopback0
   no ip address
  interface Tunnel1
   no ip address
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   no ip address
  interface FastEthernet2
   no ip address
  interface FastEthernet3
   no ip address
  interface FastEthernet4
   description $FW_OUTSIDE_WAN$
   ip address 50.y.y.y 255.255.255.240
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   crypto map mymap
  interface Vlan1
   description $ETH_LAN$
   ip address 10.0.16.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 115 interface Vlan1 overload
  ip nat inside source list 199 interface FastEthernet4 overload
  ip nat inside source route-map nonat interface FastEthernet4 overload
  ip route 0.0.0.0 0.0.0.0 50.x.x.x
  access-list 110 deny   ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
  access-list 110 permit ip 10.0.16.0 0.0.0.255 any
  access-list 115 permit ip 10.0.16.0 0.0.0.255 10.0.1.0 0.0.0.255
  access-list 144 permit icmp host c.c.c.c host 10.0.1.50
  access-list 144 permit icmp host p.p.p.p host 10.0.16.105
  access-list 199 permit ip a.a.a.a 0.0.0.255 any
  no cdp run
  route-map nonat permit 10
   match ip address 100
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
   access-class 1 in
   exec-timeout 30 0
   privilege level 15
   transport preferred ssh
   transport input ssh
  line vty 5 15
   access-class 23 in
   privilege level 15
   transport input telnet ssh
  cns trusted-server all-agents x.x.x.x
  cns trusted-server all-agents hostname
  cns trusted-server all-agents hostname.domain
  cns id hardware-serial
  cns id hardware-serial event
  cns id hardware-serial image
  cns event hostname.domain 11011
  cns config initial hostname.domain 80
  cns config partial hostname.domain 80
  cns exec 80
  end

  Why do you have following command on the PIX?
  crypto map outside_map 40 set transform-set 165.228.x.x
  Also you have this transform set on the PIX:
  crypto ipsec transform-set 10.112.60.0 esp-aes-256 esp-sha-hmac
  This does not match the transfor set on the router:
  crypto ipsec transform-set tritest esp-3des esp-md5-hmac
  Where are you using the access-list/route-map
  101 ?

• Re:Can't able to access shared folders from different VLANs in SG300 series switches

  Hi All,
  I supplied 3 numbers of SG300 series switches for the sole reason to have inter-vlan routing. I created 4 VLANs in the switches and made one switch as Layer 3 switch and other 2 as Layer 2 switch. Inter-Vlan routing is working fine. I am able to ping PCs from different VLANs. But I am not to access shared folders. Customer has installed Window 2003 server installed and it is in VLAN 1. There are some folders created in this server and it is very important for users to have access to the folders.Also, I am not able to access shared folders in other VLANs. I have created a case with Cisco small business and I got a reply saying that the switches will not support shared folder feature, which I think is not real. I am getting a very time to implement this solution in the network. I have a Sonicwall firewall after Core switch which is connected to ISP.
  ISP<----->Sonicwall FW<----->Core Switch<------>Layer 2 switch<------>Layer 2 switch
  Kindly help me out to resolve this issue.
  Regards,
  Prashant K

  Hi Prashant,
  I think you're running into a Windows firewall issue. SMB file sharing, by default I believe, is only allowed on your local subnet. Please try disabling windows firewall on the computer hosting the shared folder, then see if you can access the shared file.
  Best,
  David
  PS: It looks like this post got published twice. You can delete the other one using the task bar on the right.
  Please remember to rate helpful resonses and identify correct answers.

• Loadbalance for servers thats belongs from different Vlan

  Hi,
  We are using FWSM and ACE module in our switch. We have to configure our new application in cisco ACE. Our exiciting servers and vip are in vlan5 and new servers and vips are in vlan 6. vlan 6 is defined in FWSM. We have craeated one interface vlan 6 for the application. While checking the interface status  through "show interface vlan 6" we are getting the following error.
    Not assigned from the Supervisor, down on Supervisor
  We have already assigned vlan group to supervisor. We have allocated same interfce vlan to context also.
  kindly suggest what chould be the issue.
  Kindly suggest can we do the loadbalance for servers thats belongs from different Vlan???
  Thanks in advance.
  Regards,
  Ranjith

  Hi Daniel,
  We are using cisco 6509 switch with FWSM and ACE module.
  We have created interface VLAN 6 in FWSM and ACE and assigned the IP as follows.
  FWSM Interface VLAN 6 is 10.6.10.55 and ACE Interfce VLAN 6 is 10.6.10.60.
  We have 2 servers in the same vlan (.49 and .50). and they are physicaly connected to switch vlan 6 and logicaly connected to FWSM interface vlan 6.
  We have defined the VIP as 10.6.10.51 and that is not pinging from our network.
  Server default gateway and ACE default gateway is FWSM interface vlan 6 IP(ie, 10.6.10.55).
  We dont want to change the server gateway as ACE interface vlan 6 ip.
  KIndly suggest how can i achive the loadbalancing with out changing my server gateway to ACE IP.
  Thanks in advance.
  Regards,
  Ranjith

• How to change IP addresses of APs and WLC to the ones from different VLAN

  I'm trying to figure out what is the best practice to change IP addresses on all my access points connected/managed by the WLC.
  I have one WLC2504 controler and three AIR-LAP1041N access points the idea is to change management IP of the WLC from 192.168.2.100 (vlan1) to 192.168.12.100 (vlan79) and all access points accordingly:
  ap1 192.168.2.101 (vlan1) to 192.168.12.101 (vlan79)
  ap2 192.168.2.102 (vlan1) to 192.168.12.102 (vlan79)
  ap3 192.168.2.103 (vlan1) to 192.168.12.103 (vlan79)
  FYI all my APs obtain IP from DHCP server which sits in the vlan1 and each AP is connected to trunk port on Catalyst switch, trunk port (vlan1, vlan79, vlan80, vlan81, vlan82) carries traffic for different WLANs, so my question is what is the best way to change management IP on each device with the minimal downtime.
  Thank you for your advice,
  Luu Manioro

  Well, you will have downtime anyways, but how I would do this is the following:
  Make sure the WLC trunk port has vlan 79 being allowed
  Change the high availability on each AP to point to the hostname of the WLC and the new ip address, you don't need the old ip address anymore
  Console into the WLC or use the service port and change the management ip address and at the same time if possible, move the AP's to the new vlan 79, since they have already joined the WLC, they will know of the ip address of the WLC
  Reboot the AP by shutting down the PoE port or powering off/on the AP
  The AP will find the WLC since you have defined the high availability and also since the AP and WLC are on the same subnet.
  Scott

• Does iPhoto Support RAW from Nikon D90?

  I shoot in RAW. I had a D80 and iPhoto would import my RAW photo files ok. I just got a Nikon D90 and iPhoto will not import my files. Any ideas?
  Lee

  Lee:
  In the meantime you might see if Adobe DNG Converter and Camera Raw 4.6 is compatible with the D90. That would let you convert the RAW files to the DNG (digital negative) format which iPhoto does support. There's other RAW converters available. Go to VersionTracker.com and search for RAW.
  TIP: For insurance against the iPhoto database corruption that many users have experienced I recommend making a backup copy of the Library6.iPhoto (iPhoto.Library for iPhoto 5 and earlier) database file and keep it current. If problems crop up where iPhoto suddenly can't see any photos or thinks there are no photos in the library, replacing the working Library6.iPhoto file with the backup will often get the library back. By keeping it current I mean backup after each import and/or any serious editing or work on books, slideshows, calendars, cards, etc. That insures that if a problem pops up and you do need to replace the database file, you'll retain all those efforts. It doesn't take long to make the backup and it's good insurance.
  I've created an Automator workflow application (requires Tiger or later), iPhoto dB File Backup, that will copy the selected Library6.iPhoto file from your iPhoto Library folder to the Pictures folder, replacing any previous version of it. It's compatible with iPhoto 6 and 7 libraries and Tiger and Leopard. Just put the application in the Dock and click on it whenever you want to backup the dB file. iPhoto does not have to be closed to run the application, just idle. You can download it at Toad's Cellar. Be sure to read the Read Me pdf file.
  Note: There's now an Automator backup application for iPhoto 5 that will work with Tiger or Leopard.

• Z87-G45 Does it support Firewire from a pin position on MB?

  .....an extention from the last post really.....the top panel on the Wavemaster case has a Firewire port and I was just wandering if the G45 supports firewire and where is the connector on board if it does.
  I have no urgent need for firewire but the case has the option. I cannot see any reference to Firewire in the G45 manual.
  As always, any advice and support would be very welcome.....many thanks in advance

  Quote from: badboy2k on 15-December-14, 04:24:50
  simple answer is No!
  firewire is a dead thing as the adoption rate was so low its not even worth putting a connection on a board for it any more since USB 3.0 came along!
  firewire (IEEE1394) Bandwidth 400–3200 Mbit/s (50–400 MB/s)
  USB3.0 Bandwidth is Upto 625 MB/s
  as Firewire has such a low adoption rate its now irrelivent as USB 3.0 is better and is backwards compatible with USB 2.0 and 1.0 devices and nearly everyone has them as it was widely accepted among consumers!
  Hi BB2K....I'm sort of glad about that, but at the same time didn't want to skip it if it was there buried somewhere in the corner. As you say I don't really know anyone using it except the film/video guys. Thanks for clarifying.

• OnLocation does not support input from Aja KONA?

  I'm confused as to what the purpose of OnLocation is if it cannot support input via HDMI/SDI coming through an AJA KONA card?
  Seriously, can anybody explain what the point of this application is? Capturing Firewire sources? Seems like it would be an easy update to add support for real capture cards, no?

  but I did something goofy.........Open to any and all suggestions.
  Figure out what you did goofy and then do the opposite.
  Seriously, what have you done to troubleshoot this? There's any number of goofy things that you could do that may result in this issue. I'd start with reading the Kona manual and the rather extensive part in FCP about external monitoring.

• Does arch support booting from an external firewire cdrom drive?

  as above?

  If the mobo provides that function through bios provisions the arch system should boot.
  EDIT:  There may be issues with udev and mkinitcpio to ensure the boot sequence is not terminated by the udev detection.
  Last edited by lilsirecho (2008-05-14 15:18:04)

• Can you add one L3-class to two different policy maps ?

  Hi Experts;
                  Requirement is to have requests from outside as well as inside from different vlan Server to our Production Servers.At present all requests are coming from inside vlan via policy-map multi-match L3_XYZ.  See Example below
  policy-map multi-match L3_XYZ
  class L3_PROD
     loadbalance vip inservice
     loadbalance policy L7_PROD
     loadbalance vip icmp-reply active
  policy-map multi-match L3_OUTSIDE
  class L3_PROD
     loadbalance vip inservice
     loadbalance policy L7_PROD
     loadbalance vip icmp-reply active
  Many thanks
  Regards

  Hi Hidayat
  yes, class map alone doesn't have any deep meaning and can be reused in many policy maps. Actually policy maps can be reused too, so in your particular example you can put the same policy map on 2 different interfaces. (Sometimes it's a good idea, if requirements are the same for traffic coming from both interfaces or if requirements are diffrent - it's better to create a new one, but class-map definitely can be reused.)

• How can I distinguish different action mapping in one ActionClass file?

  I would like to create a ActionClass which will handle 3 mapping which comes from /add, /show or /del.
  My question is how can I change the code so that the ActionClass servlet can distinguish the request from different url mapping ? Can anyone give me some short hints? Thx.
  struts-config.xml
  <action-mappings>
  <action name="MemberInfoForm" path="/add" scope="request" type="com.myapp.real.MemberAction">
  <action name="MemberInfoForm" path="/show" scope="request" type="com.myapp.real.MemberAction">
  <action name="MemberInfoForm" path="/del" scope="request" type="com.myapp.real.MemberAction">
  </action-mappings>MemberAction.class
  public class MemberAction extends org.apache.struts.action.Action {
      private final static String SUCCESS = "success";
      public ActionForward execute(ActionMapping mapping, ActionForm  form,
              HttpServletRequest request, HttpServletResponse response)
              throws Exception {
          return mapping.findForward(SUCCESS);
  ...

  http://struts.apache.org/1.2.x/api/org/apache/struts/actions/MappingDispatchAction.html
  http://struts.apache.org/1.2.x/api/org/apache/struts/actions/DispatchAction.html
  Thank you so much for all of your suggestion.
  I read the document of MappingDispatchAction and its note say:
  NOTE - Unlike DispatchAction, mapping characteristics may differ between the various handlers, so you can combine actions in the same class that, for example, differ in their use of forms or validation.........
  I wonder in DispatchAction, we can also have various forms or validation as MappingDispatchAction does, just by using different name in the action tag, for example:
  <action input="/p1.jsp" name="MForm1" path="/member" scope="session" parameter="action" type="com.myapp.real.MemberAction">
  <action input="/p2.jsp" name="MForm2" path="/member" scope="session" parameter="action" type="com.myapp.real.MemberAction">
  <action input="/p3.jsp" name="MForm3" path="/member" scope="session" parameter="action" type="com.myapp.real.MemberAction">Hence, it is not the difference as stated from the NOTE, right?
  Edited by: roamer on Jan 22, 2008 10:32 AM

• PSE 8 does not support Nikon 7000D RAW files?

  I just got a Nikon 7000D, and when I tried to open up one of the .NEF (RAW) files in PSE 8, it wasn't supported.  I researched the Camera RAW plug-in, and from what I can tell, PSE 8 is only compatible with Camera RAW up to version 6.2.  It looks like version 6.3 is only useable with PSE 9.
  Camera RAW 6.2 does not support files from the Nikon 7000D, or at least the list I saw does not show it, so I did not download 6.2.  Is my only choice for being able to use PSE 9 with my 7000D to spend the money on PSE 9?   -Bill C

  You could also download the standalone DNG converter and make DNG files (which you may be able to process in 6.2), or use the Nikon software to convert your files and do any additional editing in PSE.

• Does iphone support bluetooth MAP technology

  Does iphone support bluetooth MAP technology?
  I bought a 2015 Jeep Grand Cherokee using Uconnect and it won't read my text message out loud.

  iPhone does support the bluetooth MAP profile as long as it is iPhone 4 and later. Refer to article below for further supported profiles.
  iOS: Supported Bluetooth profiles - Apple Support
  The article also states that certain profiles have different responses to different devices and that is determined on both sides (the Jeep software and the iPhone). Depending on the software that Jeep is running it may have limited usability with the iPhone. Best thing to do is first, update the iPhone and see if that helps. If that does not work, remove the Jeep as a device from the Bluetooth Menu in the iPhone and re-add it. Third, get in contact with Jeep or uConnect to see if the iPhone is supported with the MAP profile. If it is, see if they can assist in getting it working correctly. A lot of car dealers will also help in getting it working.

• Traffic Between 2 Ports on Different VLANs on the Same Switch

  Hi,
  This question probably results from a flaw in my understanding of network layer 2 versus layer 3 and VLANs so any additional context in that regard would be very welcome
  If I've got 2 systems on difference VLANs that are connected to ports on the same switch (e.g. 2950), with that switch being connected via an uplink to a router or layer 3 switch and i want to pass traffic between the 2 systems (e.g. copy a file from a folder shared on one system to another), will the traffic pass directly from one port on the 2950 to the other? Or will it need to go through the uplink? I guess it will need to go through the uplink initially as layer 3 needs to be involved for inter-VLAN routing but wondering if layer 2 MAC address will ultimately be learned, allowing traffic to pass directly between the systems, not over the uplink.
  Thanks in advance,
  cisco_reader.

  If the hosts are on different Layer 2 Vlans and you want to pass data between them, that data needs to be 'Routed'.
  In order to Route data from one Layer 2 Vlan to another, you need a device capable of Layer 3 Routing. That device can be a traditional Router or can be something called a Layer 3 switch.
  A 2950 switch is Layer 2 only so has the ability to create many Layer 2 Vlans which is what you have done. In order to route traffic between those Vlans, you can either use a router or a L3 switch.
  If you decided to use a router, look up something called 'Router on a Stick' which involves creating a Trunk link from the 2950 to the Router and then setting up Subinterfaces on the Routers port to act as the 'Default Gateway' for each of your Vlans.

• "SQL Server 2008 Reporting Services does not support map report items"

  Hi,
  I am trying some new feature that are introduced in SQL Server 2008 R2 version. While I try to use "Map" control within it, it threw the following error:-
  "Error 1 The map, Map1, was removed from the report. SQL Server 2008 Reporting Services does not support map report items. "
  -Also, similar kind of error I am getting for "Indicator" control.

  Hi Tej,
  I think you get this error message when you are deploying a report to report server using BIDS, correct?  If not, please provide more details on your scenario :-)
  If I guessed correctly, then this message is a result of trying to deploy a map report (a SSRS 2008 R2 feature) to a non-R2 2008 report server.  When deploying a report of RDL2010 format to a non-R2 report server, BIDS will downgrade the file to RDL2008 format, so that the non-R2 report server can process it.  Any report elements using features not supported in RDL2008 will be dropped during this downgrade process.
  BIDS gets the server version from a report project property called TargetServerVersion:
  http://technet.microsoft.com/en-us/library/ee635898(SQL.105).aspx
  If your report server is indeed the 2008 R2 version, then the TargetServerVersion property should be set to "SQL Server 2008 R2 Reporting Services."  The project property page also has a "Auto Detect..." option if you are uncertain about the version of your report server.
  Hope this helps!
  Cheers,
  LawrenceThis posting is provided "AS IS" with no warranties, and confers no rights.