WAAS Redirect -list on 4506

I am trying to configure a redirect on my 4506 device to restrict some data from being processed by the WAE located in my datacenter. Outside the redirect-list command, how do I prevent data from being processed by the WAE?
The IOS I am running is bootflash:cat4500-entservicesk9-mz.122-40.SG.bin and I run WCCPv2 on both the edge and the core appliances.
Thanks

Zach,
Thanks for your timely response. Is it possible to use the service group approach to block subnets that I do not want the WAE device to process?
On another note, if I have 2 frame relay subinterfaces. Where do I need to apply the "IP wccp 62 redirect in" command. Should I put them on only the physical interface (S0/0) or on both of the subinterfaces (S0/0.100 and S0/0.109)?
Thanks

Similar Messages

  • WCCP Redirect list ACL mask for WAAS

    Good day,
    I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
    ip access-list extended WCCPLIST-61
    permit tcp 10.112.0.0 0.0.31.255 any
    ip access-list extended WCCPLIST-62
      permit tcp any 10.112.0.0 0.0.31.255
    So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
    Just want to confirm that the mask in the ACL doesn't have to match exactly.
    Thanks in advance.

    Hi Zach,
    Thanks for the response and confirmation.
    I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
    A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
    If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
    Any input would be apprecited.
    Thanks again.
    Paul.

  • Can't make redirect-list on 4507R-E

    I need to deploy WAAS between a branch and HQ.
    The HQ side is a catalyst switch 6509-E (VSS) and branch side is a catalyst 4507R-E.
    The 6509-E supports  "Redirect Filter" (an access-list) filtering just the traffic you want. The following is my access-list on HQ side :
    ip wccp 61 redirect-list WCCPLIST group-list 3
    ip wccp 62 redirect-list WCCPLIST group-list 3
    access-list 3 permit 10.X.X.X     <--------- WAE IP address
    ip access-list extended WCCPLIST
    remark ** ACL used for WCCP redirect-list **
    remark Deny VoIP Control Traffic
    deny tcp any any eq 1300
    deny tcp any any eq 2428
    deny tcp any any eq 2000
    deny tcp any any eq 2001
    deny tcp any any eq 2002
    deny tcp any any eq 2443
    deny tcp any any eq 1718
    deny tcp any any eq 1719
    deny tcp any any eq 1720
    deny tcp any any eq 5060
    deny tcp any any range 11000 11999
    remark Deny MGT Traffic
    deny tcp any any eq telnet
    deny tcp any eq telnet any
    deny tcp any any eq 22
    deny tcp any any eq 161
    deny tcp any any eq 162
    deny tcp any any eq 123
    deny tcp any any eq 8443
    remark Deny Routing
    deny tcp any any eq bgp
    remark Deny Authentication Traffic
    deny tcp any any eq tacacs
    remark Accelerate Traffic between Branch and HQ
    permit tcp 10.Br.Br.0 0.0.0.255 10.HQ.HQ.0 0.0.0.255
    permit tcp 10.HQ.HQ.0 0.0.0.255 10.Br.Br.0 0.0.0.255
    Whereas on the Branch side, the platform 4507R-E doesn't support ACL with WCCP, so it means the WCCP will intercept all the TCP traffic.
    What would be the impact and how do i deal with this situation.
    Or is the WAEintellgent enough to pass through the unwanted traffic ?
    Or do i need to make individual policy for pass-through for each of the unwanted traffic ?
    Regards,
    Jilani

    Hi Jilani,
    Can't see from your mail what kind of supervisor you are using in your 45xx switch.
    But please be aware that if your're using af SUP-7-E or a SUP-7-L-E WCCP is NOT supported for the time being.
    WCCP is supported in Hardware but we're waiting for a software release, which supports this.
    This is according to the release notes :
    SUP-7-L-E : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/release/note/OL_25346.html
    SUP-7-E : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/release/note/OL_24726.html
    Strange thing is that you can actually "configure" some WCCP stuff, but the config will never hit the running-config.
    And you cannot enable WCCP.
    Feature navigator states that WCCP is available in IOS XE 3.2.0XO (for SUP-7-L-E) but release notes tend to be more trustworthy that feature navigator.
    Best Regards
    Finn Poulsen

  • Lots of deny statements in the redirect list

    The following WAAS Configuration Guide has you configure the long redirect list below for "Network Modules."  Does Cisco recommend we us the same redirect list for WAAS appliances as well?
    http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/waas/v421/quick/guide/waasqcg.html#wp1432144
    ip wccp version 2
    ip wccp 61 redirect-list waas-wccp-redirect-list
    ip wccp 62 redirect-list waas-wccp-redirect-list
    ip access-list extended waas-wccp-redirect-list
    remark WAAS WCCP Pilot Redirect list
    deny tcp any any eq telnet
    deny tcp any any eq 22
    deny tcp any any eq 161
    deny tcp any any eq 162
    deny tcp any any eq 123
    deny tcp any any eq bgp
    deny tcp any any eq tacacs
    deny tcp any any eq 2000
    deny tcp any any eq 5060
    deny tcp any any eq 1718
    deny tcp any any eq 1719
    deny tcp any any eq 1720
    deny tcp any any eq 554
    deny tcp any any eq 1755
    deny tcp any eq telnet any
    deny tcp any eq 22 any
    deny tcp any eq 161 any
    deny tcp any eq 162 any
    deny tcp any eq 123 any
    deny tcp any eq bgp any
    deny tcp any eq tacacs any
    deny tcp any eq 2000 any
    deny tcp any eq 5060 any
    deny tcp any eq 1718 any
    deny tcp any eq 1719 any
    deny tcp any eq 1720 any
    deny tcp any eq 554 any
    deny tcp any eq 1755 any
    permit tcp any any
    end

    A short addendum to this post as it causes some confusion for customers:
    You don't have to configure a redirection ACL.
    Some reasons to exclude traffic from WCCP redirection are:
    you know some networks are not behind a WAE, so you can exclude them
    you know some server is doing bad things and want to exclude it from acceleration, for example DC -> DC traffic is signed, so WAAS cannot accelerate it.
    you want to reduce the latency on some very sensitive traffic that cannot get WAAS accelerated
    you want to reduce the amount of redirected traffic on a software platform to reduce the general CPU/traffic load
    Take into account that the WAAS will only ask to redirect TCP IPv4 traffic, so there is no need to exclude UDP for example.
    Please note that on hardware platforms (Catalyst 3750, Catalyst 4500, Catalyst 6500, ASR 1000 or Nexus 7000) the redirection is often accelerated in hardware, so  'free', and the limitation to watch is the amount of TCAM space. Having a complex redirection ACL will eat up that TCAM space very fast so is actually worse.
    Of course if you are redirecting too much traffic and this is causing overload on the attached WAAS devices you should consider having a redirection ACL.
    Also always check the WCCP platform support white paper for platform specific limitations.
    So in short: it depends , many customers take the easy route and don't have one, removing one more component to maintain and check.
    Peter

  • ASR1002 throughput degradation when wccp redirect-list is changed

    We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
    Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
    At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
    As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.

    Thank you very much for sharing that information.  It is great to hear verification that the mask assignment change did resolve your problem.   That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time.   We've been told that TAC will set this up in a lab and test for us by our Cisco SE.  We're hoping to get verfication that this actually resolves the problem before we take the outage.   
         If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment?    We may also need to implement this in our redirects to BlueCoat from our Nexus.  Do you happen to have a link to how to make this change in Bluecoat?   Thanks again!

  • Ip wccp redirect-list acl

    Hi
    İ have 2 different Nexus working diffrent NX-OS (6.0(4) & 6.2(6) )  with different line card (F2  & F2E ) and different Sup (Sup 1 & Sup 2 ) but share the same problem. Sup 2 devices work with VPC Sup 1 device Standalone this is the only difference
     I try to configure WCCP on device your redirect http & https Traffic  to Websense. i create following lines  in boot nexus
    Feature wccp
    ip wccp 1 redirect-list WS_REDIRECT
    ip wccp 5 redirect-list WS_REDIRECT
    ip wccp 70 redirect-list WS_REDIRECT
    ip access-list  WS_REDIRECT
     deny  ip any 10.0.0.0 0.255.255.255
     deny   ip any 172.16.0.0 0.15.255.255
     deny   ip any 192.168.0.0 0.0.255.255
     permit tcp any any eq www
     permit tcp any any eq 443
     permit tcp any any eq ftp
    interface vlan 7
    ip wccp 1 redirect in
    ip wccp 5 redirect in
    ip wccp 70 redirect in
    This redirects all the traffic even deny list.
    No bug reported in but tool kit
    Could you please help me.

    Okay, Its weird you have multiple WCCP groups, 
    Considering you are only using one ACL, just simple use one WCCP Group ID
    Also, here is a sample config:
    Let's say you want to redirect traffic from VLAN 10,11 and 12 to WCCP
    and your WCCP device is at VLAN20
    #conf t
    #ip wccp version 2            -DEFAULT: ver1
    #ip wccp 90 
    #ip wccp 90 password wccp123    -THIS IS OPTIONAL! Place a password on your WCCP instance.
    #interface vlan 10
      #ip wccp 90 redirect in
    #interface vlan 11
    ​  #ip wccp 90 redirect in
    #interface vlan 12
    ​  #ip wccp 90 redirect in
    #interface vlan 20
      #ip wccp redirect exclude in     -avoid optimization loops
    Your WCCP device will be in VLAN 20, and I recommend dedicating that VLAN to WCCP devices:
    Configure your WCCP device(Websense) and define the Service group ID, in this example, its wccp 90 and of course the IP of VLAN 20
    By default, all traffic in interfaces configured with "wccp 90 in" will forward traffic to the WCCP device

  • WAAS Redirect Issues

    I'm trying to setup a simple WAAS setup with a Manager, Core and Edge device. The core and edge devices are seperated across an MPLS cloud. The redirect is configured on the CE routers so I don't believe the MPLS is the problem.
    The Manager can see both the Core and Edge devices but no acceleration is happening. When I check the wccp status on the core I see both LAN and WAN inetrfaces are redirecting packets but the edge router is only showing redirects on the LAN.
    The edge router is a Cisco 2821 with a WAAS Services Module. The router is connected to the MPLS cloud by an ATM interface. (Config Below).
    service timestamps debug datetime
    service timestamps log datetime
    service password-encryption
    hostname xxxxxxxxxxx
    boot-start-marker
    boot-end-marker
    logging buffered 10000 debugging
    aaa new-model
    aaa authentication login default group tacacs+ local
    aaa authentication login conmethod group tacacs+ enable
    aaa authentication enable default group tacacs+ enable
    aaa authorization exec default group tacacs+ local
    aaa authorization network default group tacacs+
    aaa authorization network noauthor none
    aaa session-id common
    resource policy
    clock timezone GMT 0
    clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
    ip wccp 61
    ip wccp 62
    ip telnet source-interface GigabitEthernet0/0
    ip cef
    interface Loopback0
    description MPLS ATM Loopback Address
    ip address 10.0.0.5 255.255.255.255
    interface GigabitEthernet0/0
    description London Corp LAN
    ip address 53.253.7.250 255.255.255.0
    ip access-group dealersubnets in
    ip wccp 61 redirect in
    duplex auto
    speed auto
    interface ATM0/3/0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    interface ATM0/3/0.1 point-to-point
    description MPLS WAN
    bandwidth 2000
    ip unnumbered Loopback0
    ip wccp 62 redirect in
    no snmp trap link-status
    pvc 0/38
    vbr-nrt 248 248
    encapsulation aal5mux ppp Virtual-Template100
    interface Integrated-Service-Engine1/0
    ip address 192.168.1.9 255.255.255.252
    ip wccp redirect exclude in
    service-module ip address 192.168.1.10 255.255.255.252
    service-module ip default-gateway 192.168.1.9
    no keepalive
    interface Virtual-Template100
    ip unnumbered Loopback0
    no peer default ip address
    router bgp 64527
    no synchronization
    bgp log-neighbor-changes
    network 10.0.0.5 mask 255.255.255.255
    network 53.253.7.0 mask 255.255.255.0
    network 192.168.1.8 mask 255.255.255.252
    neighbor x.x.x.x remote-as 2856
    neighbor x.x.x.x ebgp-multihop 3
    neighbor x.x.x.x update-source Loopback0
    no auto-summary
    ip route 0.0.0.0 0.0.0.0 x.x.x.x
    no ip http server
    no ip http secure-server
    ip tacacs source-interface GigabitEthernet0/0
    access-list 120 permit tcp any any log
    If anyone can help me with this I would be most greatful as I need to get WAAS working ASAP.
    The IOS version is c2800nm-spservicesk9-mz.124-9.T2.bin and the WAAS module is running 4.0.3.b.9
    Thanks

    I have implemented the above config and the wccp redirect on tcp 61 and 62 is now working. WAAS is now seeing traffic and optimising.
    Why do you think that wccp want work on the atm interface?

  • WAAS redirection methods

    I have been reading the WAAS config guide and quick config guide and trying to come up with a good understanding of the WAE and router connection methods. The WCCP config in the QCG says this:
    d. Enable WCCP service 61 on the inbound direction, and enable WCCP service 62 on the outbound
    direction of fa1/0.40.
    Core-Router1(config-subif)# ip wccp 61 redirect in
    Core-Router1(config-subif)# ip wccp 62 redirect out
    e. To avoid redirection loops, configure the subinterface where Core-WAE1 will connect to
    Core-Router1. To avoid a routing loop, Core-WAE1 must not be attached to the same segment
    (subnet) as the interface on Core-Router1 that is performing the redirection. Make sure that you have
    a tertiary interface (a separate physical interface) or a subinterface (off the router?s LAN port) from
    which Core-WAE1 connects. In the following example, a subinterface is being used:
    Core-Router1(config-subif)# interface fa1/0.41
    I find this sort of confusing. I am not sure I understand the significance of the distinction between "redirection loop" and "routing loop" and why the two subinterfaces are needed. THoughts? Also, does anyone have any thoughts as to when it is best to use the various types of redirections for the WAAS? Meaning, when is it best to use WCCP? PBR?

    Mike,
    The need for a separate WAE VLAN is due to the L3/L4 transparency of our solution. Since optimized connections use the original src/dst IP addresses and ports, we need some way to tell the WCCP-enabled router not to re-intercept optimized traffic. We do this by placing the WAE's on a dedicated VLAN and excluding that VLAN from WCCP interception.
    Between WCCP and PBR, WCCP is the preferred interception mechanism. PBR is typically only used when WCCP is not available (hardware/software support, SP-managed routers, etc.).
    Zach

  • WAAS Redirection on ACE

    Hi All,
    We are having issues with traffic redirection to WAE devices via an ACE module.
    Does anyone know what troubleshooting steps can be taken on an ace to confirm that traffic redirection is happening to the WAE devices?
    Many Thanks
    Kris

    Hello,
    This document might help.
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/WAASDC11.html
    Thanks
    Eric

  • Muse site on BC - URL Redirects list not working

    Hello. A Muse site has just gone live on BC host.
    The URL redirects don't appear to be working.
    Doing a Google  search on 'parkerandassociates.co.nz Amy Williamson' gives a result leading to http://www.parkerandassociates.co.nz/people/amy-williamson/ From the screen grab below the Redirect is showing that this should be working, but in reality the page is not being found. I tried several times to edit the Action and also imported the Import Redirect Urls method and it imported successfully.
    My import file was CSV and had one row for consisting of the following columns  Old Url (= /people/amy-williamson/) New URL (/amy-williamson.html)  Enabled (True). I wasn't quite sure what to put in the columns for Enabled, so I put 'True' as shown below. But still the redirection is not working.
    Can anybody tell me where I could be going wrong?
    Cheers
    Grant

    Hi Grant Senior,
    Update the source of the redirect from /people/amy-williamson/ to /people/amy-williamson/index.html and the URL http://www.parkerandassociates.co.nz/people/amy-williamson/ should then redirect successfully. This is because BC sees the source as a directory and not an actual page.
    I have done this for http://www.parkerandassociates.co.nz/people/amy-williamson/ on your behalf, and can confirm that it is now working.
    Cheers.

  • Bloo ,,,, Please remove my MAC addresses from hardcoded server redirect list

    Bloo
    Have sent multiple PM's in reply and told you that system was updated and politely asked you remove my MAC addresses from bypass list so that normal updates can be applied.
    Solved!
    Go to Solution.

    Thanks Yogapad. I'll let bloo know about it. Please PM me your Mac Address to get things fixed faster.
    Cheers,
    Cleo
    WW Social Media
    T61, T410, x240, Z500, Flex 14
    Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
    Follow @LenovoForums on Twitter!
    How to send a private message? --> Check out this article.
    English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

  • Wccp redirection for waas on same platform as wccp for websense?

    just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
    seems like the priority value would come into play determining which service group gets handled first?
    we currently do WCCP for WaaS on our 3945s.
    I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
    Thanks,
    Paul

    Hi Paul,
    Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
    Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
    Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
    Regards
    Daniel

  • WAAS WCCP 6500 ACL Redirection

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Hi All
          I'm sure I'm missing something simple here on a new install and I hope some one can point it out easily.  I implemented the following config which worked except it understandably broke connections as everything got redirected.  I'm running the WCCP config on a 6500 running 12.2(18) SXF
    This config showed total redirected packets climbing sharply in a 'show ip wccp' on the 6500 but this config broke other things.
    WAE:
    interface GigabitEthernet 1/0
    ip address 10.254.0.251 255.255.255.248
    ip default-gateway 10.254.0.249
    wccp router-list 1 10.254.0.249
    wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
    6500:
    ip wccp 61
    ip wccp 62
    interface Vlan<vlans to be accelerated>
    description Local VLAN to be accelerated
    ip wccp 61 redirect in
    interface Vlan <WAAS vlan>
    description WAAS Devices(CM and WAE)
    ip address 10.254.0.249 255.255.255.248
    interface Vlan <Vlan for WAN transit>
    description Incoming WAN VLAN
    ip wccp 62 redirect in
    To try and limit redirection to just LAN space I swapped this:
    ip wccp 61
    ip wccp 62
    for this:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Ip access-list ext WAAS_Inbound
      Permit ip 10.22.0.0 0.0.255.255 10.0.0.0 0.0.255.255
    Ip access-l ext WAAS_Outbound
    Permit ip 10.0.0.0 0.0.255.255 10.22.0.0 0.0.255.255
    Ip wccp 62 redirect-list WAAS_Inbound
    Ip wccp 61 redirect-list WAAS_Outbound
    Once I did this, 'show ip wccp'  on the 6500 stopped showing redirected packets but did start showing packets being denied redirect.  Optimization stopped(according to the GUI) and I saw no hits on the access-lists(should I?).
    Thanks for your help in advance.

    A fews questions/comments:
    What type of Supervisor are you using?
    What is the exact version of software you are using?
    The fact that the 'packets redirected' counter is incrementing is a bad thing on the 6500.  It means that the redirection is happening in software.
    Can you also provide the output from the following commands:
    sh ip wccp
    sh ip wccp 61 det
    sh ip wccp 62 det
    Thanks,
    Zach

  • WAAS - WCCP L2-redirection in WS-C6509-E

    Hi,
    I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.
    Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).
    Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Vlan1
    description *** WAN routers and users ***
    ip address 10.0.16.1 255.255.240.0
    ip wccp 62 redirect out
    ip wccp 61 redirect in
    interface Vlan 200
    description *** WAEs ***
    ip address 10.34.114.65 255.255.255.252
    ip wccp redirect exclude in
    interface Vlan201
    description *** Servers and Users 1 ***
    ip address 10.15.240.1 255.255.240.0
    ip wccp 61 redirect in
    interface Vlan202
    description *** Servers and Users 2 ***
    ip address 10.16.128.1 255.255.240.0
    ip wccp 61 redirect in
    But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.
    Can anybody help me with explaining me the way to configure that?

    Dan,
    I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.
    But now, I don't understand the implications of use the command “egress-method negotiated-return intercept-method wccp”. What else should I consider or configure (in the router or in the WAE) to make this interception works?
    I think that the configuration on the routers and in the WAE should be something like this:
    --- Router 1
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.34.113.213 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.2 255.255.240.0
    ip wccp redirect exclude in
    --- Router 2
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.134.143.217 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.3 255.255.240.0
    ip wccp redirect exclude in
    --- WAE
    interface GigabitEthernet 1/0
    ip address 10.0.16.4 255.255.255.0
    exit
    egress-method negotiated-return intercept-method wccp
    wccp router-list 1 10.0.16.2 10.0.16.3
    wccp tcp-promiscuous router-list-num 1
    Thanks and Regards,
    Pablo

  • WAAS - WCCP redirect in Cat 3560

    Are WAAS redirect ACLs supported on Catalyst 3560?
    Thanks

    You can only configure allow ACLs, no denys (except the deny all at the end).
    Dan

Maybe you are looking for