WAAS Redirect -list on 4506
I am trying to configure a redirect on my 4506 device to restrict some data from being processed by the WAE located in my datacenter. Outside the redirect-list command, how do I prevent data from being processed by the WAE?
The IOS I am running is bootflash:cat4500-entservicesk9-mz.122-40.SG.bin and I run WCCPv2 on both the edge and the core appliances.
Thanks
Zach,
Thanks for your timely response. Is it possible to use the service group approach to block subnets that I do not want the WAE device to process?
On another note, if I have 2 frame relay subinterfaces. Where do I need to apply the "IP wccp 62 redirect in" command. Should I put them on only the physical interface (S0/0) or on both of the subinterfaces (S0/0.100 and S0/0.109)?
Thanks
Similar Messages
-
WCCP Redirect list ACL mask for WAAS
Good day,
I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
ip access-list extended WCCPLIST-61
permit tcp 10.112.0.0 0.0.31.255 any
ip access-list extended WCCPLIST-62
permit tcp any 10.112.0.0 0.0.31.255
So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
Just want to confirm that the mask in the ACL doesn't have to match exactly.
Thanks in advance.Hi Zach,
Thanks for the response and confirmation.
I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
Any input would be apprecited.
Thanks again.
Paul. -
Can't make redirect-list on 4507R-E
I need to deploy WAAS between a branch and HQ.
The HQ side is a catalyst switch 6509-E (VSS) and branch side is a catalyst 4507R-E.
The 6509-E supports "Redirect Filter" (an access-list) filtering just the traffic you want. The following is my access-list on HQ side :
ip wccp 61 redirect-list WCCPLIST group-list 3
ip wccp 62 redirect-list WCCPLIST group-list 3
access-list 3 permit 10.X.X.X <--------- WAE IP address
ip access-list extended WCCPLIST
remark ** ACL used for WCCP redirect-list **
remark Deny VoIP Control Traffic
deny tcp any any eq 1300
deny tcp any any eq 2428
deny tcp any any eq 2000
deny tcp any any eq 2001
deny tcp any any eq 2002
deny tcp any any eq 2443
deny tcp any any eq 1718
deny tcp any any eq 1719
deny tcp any any eq 1720
deny tcp any any eq 5060
deny tcp any any range 11000 11999
remark Deny MGT Traffic
deny tcp any any eq telnet
deny tcp any eq telnet any
deny tcp any any eq 22
deny tcp any any eq 161
deny tcp any any eq 162
deny tcp any any eq 123
deny tcp any any eq 8443
remark Deny Routing
deny tcp any any eq bgp
remark Deny Authentication Traffic
deny tcp any any eq tacacs
remark Accelerate Traffic between Branch and HQ
permit tcp 10.Br.Br.0 0.0.0.255 10.HQ.HQ.0 0.0.0.255
permit tcp 10.HQ.HQ.0 0.0.0.255 10.Br.Br.0 0.0.0.255
Whereas on the Branch side, the platform 4507R-E doesn't support ACL with WCCP, so it means the WCCP will intercept all the TCP traffic.
What would be the impact and how do i deal with this situation.
Or is the WAEintellgent enough to pass through the unwanted traffic ?
Or do i need to make individual policy for pass-through for each of the unwanted traffic ?
Regards,
JilaniHi Jilani,
Can't see from your mail what kind of supervisor you are using in your 45xx switch.
But please be aware that if your're using af SUP-7-E or a SUP-7-L-E WCCP is NOT supported for the time being.
WCCP is supported in Hardware but we're waiting for a software release, which supports this.
This is according to the release notes :
SUP-7-L-E : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/release/note/OL_25346.html
SUP-7-E : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/release/note/OL_24726.html
Strange thing is that you can actually "configure" some WCCP stuff, but the config will never hit the running-config.
And you cannot enable WCCP.
Feature navigator states that WCCP is available in IOS XE 3.2.0XO (for SUP-7-L-E) but release notes tend to be more trustworthy that feature navigator.
Best Regards
Finn Poulsen -
Lots of deny statements in the redirect list
The following WAAS Configuration Guide has you configure the long redirect list below for "Network Modules." Does Cisco recommend we us the same redirect list for WAAS appliances as well?
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/waas/v421/quick/guide/waasqcg.html#wp1432144
ip wccp version 2
ip wccp 61 redirect-list waas-wccp-redirect-list
ip wccp 62 redirect-list waas-wccp-redirect-list
ip access-list extended waas-wccp-redirect-list
remark WAAS WCCP Pilot Redirect list
deny tcp any any eq telnet
deny tcp any any eq 22
deny tcp any any eq 161
deny tcp any any eq 162
deny tcp any any eq 123
deny tcp any any eq bgp
deny tcp any any eq tacacs
deny tcp any any eq 2000
deny tcp any any eq 5060
deny tcp any any eq 1718
deny tcp any any eq 1719
deny tcp any any eq 1720
deny tcp any any eq 554
deny tcp any any eq 1755
deny tcp any eq telnet any
deny tcp any eq 22 any
deny tcp any eq 161 any
deny tcp any eq 162 any
deny tcp any eq 123 any
deny tcp any eq bgp any
deny tcp any eq tacacs any
deny tcp any eq 2000 any
deny tcp any eq 5060 any
deny tcp any eq 1718 any
deny tcp any eq 1719 any
deny tcp any eq 1720 any
deny tcp any eq 554 any
deny tcp any eq 1755 any
permit tcp any any
endA short addendum to this post as it causes some confusion for customers:
You don't have to configure a redirection ACL.
Some reasons to exclude traffic from WCCP redirection are:
you know some networks are not behind a WAE, so you can exclude them
you know some server is doing bad things and want to exclude it from acceleration, for example DC -> DC traffic is signed, so WAAS cannot accelerate it.
you want to reduce the latency on some very sensitive traffic that cannot get WAAS accelerated
you want to reduce the amount of redirected traffic on a software platform to reduce the general CPU/traffic load
Take into account that the WAAS will only ask to redirect TCP IPv4 traffic, so there is no need to exclude UDP for example.
Please note that on hardware platforms (Catalyst 3750, Catalyst 4500, Catalyst 6500, ASR 1000 or Nexus 7000) the redirection is often accelerated in hardware, so 'free', and the limitation to watch is the amount of TCAM space. Having a complex redirection ACL will eat up that TCAM space very fast so is actually worse.
Of course if you are redirecting too much traffic and this is causing overload on the attached WAAS devices you should consider having a redirection ACL.
Also always check the WCCP platform support white paper for platform specific limitations.
So in short: it depends , many customers take the easy route and don't have one, removing one more component to maintain and check.
Peter -
ASR1002 throughput degradation when wccp redirect-list is changed
We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.Thank you very much for sharing that information. It is great to hear verification that the mask assignment change did resolve your problem. That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time. We've been told that TAC will set this up in a lab and test for us by our Cisco SE. We're hoping to get verfication that this actually resolves the problem before we take the outage.
If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment? We may also need to implement this in our redirects to BlueCoat from our Nexus. Do you happen to have a link to how to make this change in Bluecoat? Thanks again! -
Hi
İ have 2 different Nexus working diffrent NX-OS (6.0(4) & 6.2(6) ) with different line card (F2 & F2E ) and different Sup (Sup 1 & Sup 2 ) but share the same problem. Sup 2 devices work with VPC Sup 1 device Standalone this is the only difference
I try to configure WCCP on device your redirect http & https Traffic to Websense. i create following lines in boot nexus
Feature wccp
ip wccp 1 redirect-list WS_REDIRECT
ip wccp 5 redirect-list WS_REDIRECT
ip wccp 70 redirect-list WS_REDIRECT
ip access-list WS_REDIRECT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq ftp
interface vlan 7
ip wccp 1 redirect in
ip wccp 5 redirect in
ip wccp 70 redirect in
This redirects all the traffic even deny list.
No bug reported in but tool kit
Could you please help me.Okay, Its weird you have multiple WCCP groups,
Considering you are only using one ACL, just simple use one WCCP Group ID
Also, here is a sample config:
Let's say you want to redirect traffic from VLAN 10,11 and 12 to WCCP
and your WCCP device is at VLAN20
#conf t
#ip wccp version 2 -DEFAULT: ver1
#ip wccp 90
#ip wccp 90 password wccp123 -THIS IS OPTIONAL! Place a password on your WCCP instance.
#interface vlan 10
#ip wccp 90 redirect in
#interface vlan 11
#ip wccp 90 redirect in
#interface vlan 12
#ip wccp 90 redirect in
#interface vlan 20
#ip wccp redirect exclude in -avoid optimization loops
Your WCCP device will be in VLAN 20, and I recommend dedicating that VLAN to WCCP devices:
Configure your WCCP device(Websense) and define the Service group ID, in this example, its wccp 90 and of course the IP of VLAN 20
By default, all traffic in interfaces configured with "wccp 90 in" will forward traffic to the WCCP device -
I'm trying to setup a simple WAAS setup with a Manager, Core and Edge device. The core and edge devices are seperated across an MPLS cloud. The redirect is configured on the CE routers so I don't believe the MPLS is the problem.
The Manager can see both the Core and Edge devices but no acceleration is happening. When I check the wccp status on the core I see both LAN and WAN inetrfaces are redirecting packets but the edge router is only showing redirects on the LAN.
The edge router is a Cisco 2821 with a WAAS Services Module. The router is connected to the MPLS cloud by an ATM interface. (Config Below).
service timestamps debug datetime
service timestamps log datetime
service password-encryption
hostname xxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 10000 debugging
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login conmethod group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa authorization network noauthor none
aaa session-id common
resource policy
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
ip wccp 61
ip wccp 62
ip telnet source-interface GigabitEthernet0/0
ip cef
interface Loopback0
description MPLS ATM Loopback Address
ip address 10.0.0.5 255.255.255.255
interface GigabitEthernet0/0
description London Corp LAN
ip address 53.253.7.250 255.255.255.0
ip access-group dealersubnets in
ip wccp 61 redirect in
duplex auto
speed auto
interface ATM0/3/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0/3/0.1 point-to-point
description MPLS WAN
bandwidth 2000
ip unnumbered Loopback0
ip wccp 62 redirect in
no snmp trap link-status
pvc 0/38
vbr-nrt 248 248
encapsulation aal5mux ppp Virtual-Template100
interface Integrated-Service-Engine1/0
ip address 192.168.1.9 255.255.255.252
ip wccp redirect exclude in
service-module ip address 192.168.1.10 255.255.255.252
service-module ip default-gateway 192.168.1.9
no keepalive
interface Virtual-Template100
ip unnumbered Loopback0
no peer default ip address
router bgp 64527
no synchronization
bgp log-neighbor-changes
network 10.0.0.5 mask 255.255.255.255
network 53.253.7.0 mask 255.255.255.0
network 192.168.1.8 mask 255.255.255.252
neighbor x.x.x.x remote-as 2856
neighbor x.x.x.x ebgp-multihop 3
neighbor x.x.x.x update-source Loopback0
no auto-summary
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
no ip http secure-server
ip tacacs source-interface GigabitEthernet0/0
access-list 120 permit tcp any any log
If anyone can help me with this I would be most greatful as I need to get WAAS working ASAP.
The IOS version is c2800nm-spservicesk9-mz.124-9.T2.bin and the WAAS module is running 4.0.3.b.9
ThanksI have implemented the above config and the wccp redirect on tcp 61 and 62 is now working. WAAS is now seeing traffic and optimising.
Why do you think that wccp want work on the atm interface? -
I have been reading the WAAS config guide and quick config guide and trying to come up with a good understanding of the WAE and router connection methods. The WCCP config in the QCG says this:
d. Enable WCCP service 61 on the inbound direction, and enable WCCP service 62 on the outbound
direction of fa1/0.40.
Core-Router1(config-subif)# ip wccp 61 redirect in
Core-Router1(config-subif)# ip wccp 62 redirect out
e. To avoid redirection loops, configure the subinterface where Core-WAE1 will connect to
Core-Router1. To avoid a routing loop, Core-WAE1 must not be attached to the same segment
(subnet) as the interface on Core-Router1 that is performing the redirection. Make sure that you have
a tertiary interface (a separate physical interface) or a subinterface (off the router?s LAN port) from
which Core-WAE1 connects. In the following example, a subinterface is being used:
Core-Router1(config-subif)# interface fa1/0.41
I find this sort of confusing. I am not sure I understand the significance of the distinction between "redirection loop" and "routing loop" and why the two subinterfaces are needed. THoughts? Also, does anyone have any thoughts as to when it is best to use the various types of redirections for the WAAS? Meaning, when is it best to use WCCP? PBR?Mike,
The need for a separate WAE VLAN is due to the L3/L4 transparency of our solution. Since optimized connections use the original src/dst IP addresses and ports, we need some way to tell the WCCP-enabled router not to re-intercept optimized traffic. We do this by placing the WAE's on a dedicated VLAN and excluding that VLAN from WCCP interception.
Between WCCP and PBR, WCCP is the preferred interception mechanism. PBR is typically only used when WCCP is not available (hardware/software support, SP-managed routers, etc.).
Zach -
Hi All,
We are having issues with traffic redirection to WAE devices via an ACE module.
Does anyone know what troubleshooting steps can be taken on an ace to confirm that traffic redirection is happening to the WAE devices?
Many Thanks
KrisHello,
This document might help.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/WAASDC11.html
Thanks
Eric -
Muse site on BC - URL Redirects list not working
Hello. A Muse site has just gone live on BC host.
The URL redirects don't appear to be working.
Doing a Google search on 'parkerandassociates.co.nz Amy Williamson' gives a result leading to http://www.parkerandassociates.co.nz/people/amy-williamson/ From the screen grab below the Redirect is showing that this should be working, but in reality the page is not being found. I tried several times to edit the Action and also imported the Import Redirect Urls method and it imported successfully.
My import file was CSV and had one row for consisting of the following columns Old Url (= /people/amy-williamson/) New URL (/amy-williamson.html) Enabled (True). I wasn't quite sure what to put in the columns for Enabled, so I put 'True' as shown below. But still the redirection is not working.
Can anybody tell me where I could be going wrong?
Cheers
GrantHi Grant Senior,
Update the source of the redirect from /people/amy-williamson/ to /people/amy-williamson/index.html and the URL http://www.parkerandassociates.co.nz/people/amy-williamson/ should then redirect successfully. This is because BC sees the source as a directory and not an actual page.
I have done this for http://www.parkerandassociates.co.nz/people/amy-williamson/ on your behalf, and can confirm that it is now working.
Cheers. -
Bloo ,,,, Please remove my MAC addresses from hardcoded server redirect list
Bloo
Have sent multiple PM's in reply and told you that system was updated and politely asked you remove my MAC addresses from bypass list so that normal updates can be applied.
Solved!
Go to Solution.Thanks Yogapad. I'll let bloo know about it. Please PM me your Mac Address to get things fixed faster.
Cheers,
Cleo
WW Social Media
T61, T410, x240, Z500, Flex 14
Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
Follow @LenovoForums on Twitter!
How to send a private message? --> Check out this article.
English Community Deutsche Community Comunidad en Español Русскоязычное Сообщество -
Wccp redirection for waas on same platform as wccp for websense?
just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
Thanks,
PaulHi Paul,
Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
Regards
Daniel -
WAAS WCCP 6500 ACL Redirection
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi All
I'm sure I'm missing something simple here on a new install and I hope some one can point it out easily. I implemented the following config which worked except it understandably broke connections as everything got redirected. I'm running the WCCP config on a 6500 running 12.2(18) SXF
This config showed total redirected packets climbing sharply in a 'show ip wccp' on the 6500 but this config broke other things.
WAE:
interface GigabitEthernet 1/0
ip address 10.254.0.251 255.255.255.248
ip default-gateway 10.254.0.249
wccp router-list 1 10.254.0.249
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
6500:
ip wccp 61
ip wccp 62
interface Vlan<vlans to be accelerated>
description Local VLAN to be accelerated
ip wccp 61 redirect in
interface Vlan <WAAS vlan>
description WAAS Devices(CM and WAE)
ip address 10.254.0.249 255.255.255.248
interface Vlan <Vlan for WAN transit>
description Incoming WAN VLAN
ip wccp 62 redirect in
To try and limit redirection to just LAN space I swapped this:
ip wccp 61
ip wccp 62
for this:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Ip access-list ext WAAS_Inbound
Permit ip 10.22.0.0 0.0.255.255 10.0.0.0 0.0.255.255
Ip access-l ext WAAS_Outbound
Permit ip 10.0.0.0 0.0.255.255 10.22.0.0 0.0.255.255
Ip wccp 62 redirect-list WAAS_Inbound
Ip wccp 61 redirect-list WAAS_Outbound
Once I did this, 'show ip wccp' on the 6500 stopped showing redirected packets but did start showing packets being denied redirect. Optimization stopped(according to the GUI) and I saw no hits on the access-lists(should I?).
Thanks for your help in advance.A fews questions/comments:
What type of Supervisor are you using?
What is the exact version of software you are using?
The fact that the 'packets redirected' counter is incrementing is a bad thing on the 6500. It means that the redirection is happening in software.
Can you also provide the output from the following commands:
sh ip wccp
sh ip wccp 61 det
sh ip wccp 62 det
Thanks,
Zach -
WAAS - WCCP L2-redirection in WS-C6509-E
Hi,
I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.
Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).
Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Vlan1
description *** WAN routers and users ***
ip address 10.0.16.1 255.255.240.0
ip wccp 62 redirect out
ip wccp 61 redirect in
interface Vlan 200
description *** WAEs ***
ip address 10.34.114.65 255.255.255.252
ip wccp redirect exclude in
interface Vlan201
description *** Servers and Users 1 ***
ip address 10.15.240.1 255.255.240.0
ip wccp 61 redirect in
interface Vlan202
description *** Servers and Users 2 ***
ip address 10.16.128.1 255.255.240.0
ip wccp 61 redirect in
But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.
Can anybody help me with explaining me the way to configure that?Dan,
I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.
But now, I don't understand the implications of use the command âegress-method negotiated-return intercept-method wccpâ. What else should I consider or configure (in the router or in the WAE) to make this interception works?
I think that the configuration on the routers and in the WAE should be something like this:
--- Router 1
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Serial3/3:1
ip address 10.34.113.213 255.255.255.252
ip wccp 61 redirect in
ip wccp 62 redirect in
interface GigabitEthernet0/1
ip address 10.0.16.2 255.255.240.0
ip wccp redirect exclude in
--- Router 2
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Serial3/3:1
ip address 10.134.143.217 255.255.255.252
ip wccp 61 redirect in
ip wccp 62 redirect in
interface GigabitEthernet0/1
ip address 10.0.16.3 255.255.240.0
ip wccp redirect exclude in
--- WAE
interface GigabitEthernet 1/0
ip address 10.0.16.4 255.255.255.0
exit
egress-method negotiated-return intercept-method wccp
wccp router-list 1 10.0.16.2 10.0.16.3
wccp tcp-promiscuous router-list-num 1
Thanks and Regards,
Pablo -
WAAS - WCCP redirect in Cat 3560
Are WAAS redirect ACLs supported on Catalyst 3560?
ThanksYou can only configure allow ACLs, no denys (except the deny all at the end).
Dan
Maybe you are looking for
-
IOS 6.1.3 / Windows 7 - 64 bit. I am connecting my IPhone 4 to my Windows desktop, in ITunes I click on IPhone and then the "Check for Update" tab. It takes me to a Windows explorer window. How do I get it to find updates?
-
Iphone 4 won't show up in itunes. what do i do?!
I just got my iphone 4 today in the mail and i connected it fine the first time to my computer but somehow it disconnected and now it won't reconnect. I have restarted the phone and my computer multilple times. I also switched usb ports and did the t
-
Hi I have a scenario urgently to be configured for stock transfer from other plant Plant1(Receiving plant): Proc key- F Spl proc key-40 (from plant 2) Strategy: MTO Plant2(Mfg plant) Proc key- 'E' Strategy : MTO My requirement: When i create a SO in
-
Modify layout of a popup screen
Hi Experts, I need a modify a dialog screen( screen built using screen painter) in which data is displayed using table control. Since all the of columns in the table control is not visible in the popup and the user needs to scroll if he/she wants t
-
Dear all, I'm new to this so please excuse any faux pas. I have a mac mini running OSX.6 server. I do not seem to be able to get remote machines (on the internal network) to communicate with the server. For instance in Mail, there is an account name