WAAS - WCCP redirect in Cat 3560

Are WAAS redirect ACLs supported on Catalyst 3560?
Thanks

You can only configure allow ACLs, no denys (except the deny all at the end).
Dan

Similar Messages

  • WAAS - WCCP redirect inbound

    Hello Everyone,
    I notice on our 1841 router running version 12.4(22)T, the wccp redirect inbound method does not process through CEF. It will only process it through an outbound redirection. The 61 redirect inbound is applied to the subinterface on fas 0/0.
    Any ideas ?
    interface FastEthernet0/0.999
    description ****Dublin User Vlan****
    encapsulation dot1Q 999 native
    ip address x.x.x.x 255.255.255.192
    ip helper-address 134.65.181.11
    no ip redirects
    no ip proxy-arp
    ip wccp 61 redirect in
    ip wccp 62 redirect out
    ip flow ingress
    no ip mroute-cache
    service-policy input DBN_LAN

    You must configure these devices to use WCCP Version 2 instead of WCCP Version 1 because WCCP Version 1 supports web traffic (port 80) only. When you enable the TCP promiscuous mode service (WCCP Version 2 services 61 and 62) on a WAE and a router, you do not need to enable the CIFS caching service (WCCP Version 2 service 89) on the router or WAE.
    http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v401/quick/guide/wsqcg401.html#wp1357416

  • WCCP redirection issues over 3560 E

    Hello everybody
    I have a WS-C3560E-24PD-S in my Data Center, in this switch I have vlan configuration and it is connected with a switch 4503 Core via a Port channel (4 interfases).
    My problem is that the switch is not accepting any command related to the redirection (ip wccp version 2, ip wccp 61 (62), etc.)
    I used this link:
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_52_se/configuration/guide/swwccp.html#wp1031033
    I updated the IOS to be the same as the version in the Link. So to this moment I've done everything the link has suggested and i'm not getting the switch to accept the commands.
    Do you have any suggestion I can take?

    Hi Rene,
    The 3560-E (and 3750-E) models have a universal IOS image, and dependant on a license and a PAK code you'll either run IP Base or IP Services.
    If you do a show version you'll probably see something like this :
    License Level: ipbase   Type: Default. No license found.
    Next reboot license Level: ipbase
    To run IP Services on a 3560-E you'll neeed to purchase an IP Services license (product number 3560E-IPSLCB-QTY - IP Services for 3560 E, upgrade from the IP Base Feature Set ) which have a list price of 4K US $ -  so you don't have to buy a new switch ... just an expensive license :-(
    In order to run WCCP on a CAT4503 with Sup IV - you'll only need IP Base (at least from version 12.2(31)SGx)
    Best Regards
    Finn

  • WCCP Supported on Cat 3560?

    Anyone know *first-hand* if WCCP is supported on Catalyst 3650s? and with what code revs?
    Posted documentation on CCO seems to conflict both itself and with the CCO feature navigator -- I actually bought a pair of 3750s based on several published documents saying WCCP is supported -- only to find out that is not the case. There is even more documentation (including a how-to configuration doc) on enabling WCCP on a 3550 and 3650 switch -- yet the feature navigator says WCCP isn't supported on ANY Catalyst switches except 6500s.
    Anyone know the deal for sure?
    -Jeremy

    Hi Jeremy
    we do not support WCCP on either platform. It _is_ on the roadmap, but at this time, there is no ETA for supporting the feature. There are several mentions of WCCP support in the documentation, but they are in error, and documentation bugs have been filed to get this fixed.
    HTH,
    Bobby

  • WCCP redirect not working on Cat 3560

    We have a 3560 running 12.2(37)SE1, IP services image.
    Through debug, we can see WCCP communication betweeen the 3560 and our content engine (for web caching).
    However, web traffic isn't being redirected to the CE at all. Instead, it goes straight out to the Internet.
    Does anyone have the same issue? Has anyone got their 3560 to work w/ their WCCP products (web caching or WAAS)?

    The 3560 does not support GRE redirection (layer3), so you need to use layer 2 redirection on your Content Engine for your 3560 to work fine with WCCP, also you need to use mask assignment since hash is non-supported as well.
    Check this link:
    http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a008081db5b.html#wp1051427
    Hope it helps!!

  • Does introducing WCCP redirect for WAAS disrupt Netflow information?

    Before installing WAAS and WCCP redirect on some 6500 interfaces in our data center, those interfaces showed Netflow flows for users at a remote location accessing servers at our data center. Now with WCCP redirecting that traffic to the WAEs, I notice the only netflow flows for that remote location are UDP flows and some ICMP stuff.
    Is this an unintended consequence of installing WAAS - that netflow statistics are going to be skewed by not showing flows that are now accelerated?

    I believe your problem may be due to the fact that you are redirecting http
    based traffic per the ACL configuration. The sup720 uses wccp v2 as a default
    version,however, the Sup720 does NOT support the hardware-based redirection for the TCP port 80 when we enable wccpv2.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/wccp.
    htm#wp1017009
    Support for Non-HTTP Services:
    WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80)traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and real audio, video, and telephony applications.

  • Wccp redirection for waas on same platform as wccp for websense?

    just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
    seems like the priority value would come into play determining which service group gets handled first?
    we currently do WCCP for WaaS on our 3945s.
    I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
    Thanks,
    Paul

    Hi Paul,
    Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
    Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
    Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
    Regards
    Daniel

  • Router WCCP redirect ACLs for WAAS

    Since WAAS accelerates TCP connections only, would it be more efficient to code my router WCCP redirect ACLS for protocol TCP instead of all IP traffic between my source and dest subnets I want redirected?

    Greg,
    The protocol (TCP) is an attribute of the WCCP service group, so using IP in your ACL is fine.
    Regards,
    Zach

  • WAAS - WCCP L2-redirection in WS-C6509-E

    Hi,
    I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.
    Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).
    Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Vlan1
    description *** WAN routers and users ***
    ip address 10.0.16.1 255.255.240.0
    ip wccp 62 redirect out
    ip wccp 61 redirect in
    interface Vlan 200
    description *** WAEs ***
    ip address 10.34.114.65 255.255.255.252
    ip wccp redirect exclude in
    interface Vlan201
    description *** Servers and Users 1 ***
    ip address 10.15.240.1 255.255.240.0
    ip wccp 61 redirect in
    interface Vlan202
    description *** Servers and Users 2 ***
    ip address 10.16.128.1 255.255.240.0
    ip wccp 61 redirect in
    But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.
    Can anybody help me with explaining me the way to configure that?

    Dan,
    I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.
    But now, I don't understand the implications of use the command “egress-method negotiated-return intercept-method wccp”. What else should I consider or configure (in the router or in the WAE) to make this interception works?
    I think that the configuration on the routers and in the WAE should be something like this:
    --- Router 1
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.34.113.213 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.2 255.255.240.0
    ip wccp redirect exclude in
    --- Router 2
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.134.143.217 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.3 255.255.240.0
    ip wccp redirect exclude in
    --- WAE
    interface GigabitEthernet 1/0
    ip address 10.0.16.4 255.255.255.0
    exit
    egress-method negotiated-return intercept-method wccp
    wccp router-list 1 10.0.16.2 10.0.16.3
    wccp tcp-promiscuous router-list-num 1
    Thanks and Regards,
    Pablo

  • WCCP Redirect list ACL mask for WAAS

    Good day,
    I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
    ip access-list extended WCCPLIST-61
    permit tcp 10.112.0.0 0.0.31.255 any
    ip access-list extended WCCPLIST-62
      permit tcp any 10.112.0.0 0.0.31.255
    So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
    Just want to confirm that the mask in the ACL doesn't have to match exactly.
    Thanks in advance.

    Hi Zach,
    Thanks for the response and confirmation.
    I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
    A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
    If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
    Any input would be apprecited.
    Thanks again.
    Paul.

  • WAAS: ASR for WCCP redirect

    Has anyone deployed an ASR for WCCP redirection? How stable is this platform?
    Thanks,
    DG

    DG,
    I work for Cisco Systems.
    WCCP support on ASR has been there for a while now. Many of our customers do run WCCP on ASR and happy with the stability and performance. As you may know it is a h/w based platform and hence it processes WCCP in h/w. Pl ensure that you are using mask assignment to take advantage of h/w processing on ASR.
    thanks
    Nat

  • WAAS: WCCP Mask or Hash on Routers?

    I'm starting thinking about using mask assign on an ISR router running 12:4(24)T with GRE/GRE. Has anyone done this before and can you use mask assign with GRE/GRE? We need to use it with GRE/GRE because our egress method has to be WCCP return. My thought was mask assign will be much better at load balancing across multiple WAEs in a cluster than hash because you can specify a long mask assignment. Right now, see more load on WAE than the other and are sometimes getting TFO overload.

    The page you linked contains recommendations (in bold) for each platform. On the ISR G2 specifically, you should be able to use any combination of GRE/L2 and MASK/HASH assignment. Some other platforms require specific disribution and redirection methods to maintain the hardware acceleration of WCCP traffic. However, the ISR G2 does not have this requirement.
    WCCP GRE and HASH distribution on ISR G2 is typically recommended to make deployment easier. With GRE, content devices can be an L3 hop away (if needed), and it reduces the chance of customers accidentally creating a WCCP redirect loop.
    L2 distribution and HASH redirection method should typically require the least CPU and memory load on the ISR. These should perform the best in most cases.
    The MASK distribution method gives better controls on how load is divided between multiple content devices, typically at the cost of more CPU and memory utilization. If you have only one or two content devices in your cluster, typically HASH will meet the need for slightly less CPU. As Zach said, most times MASK is used on the Datacenter side to give the ability to 'tweak' how the load is distributed across multiple devices.
    Thanks,
    Aaron

  • WAAS WCCP Errors

    Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
    Transparent GRE packets received: 0
    Transparent non-GRE packets received: 1940435323
    Transparent non-GRE non-WCCP packets received: 0
    Total packets accepted: 461319375
    Invalid packets received: 731
    Packets received with invalid service: 0
    Packets received on a disabled service: 0
    Packets received too small: 0
    Packets dropped due to zero TTL: 0
    Packets dropped due to bad buckets: 617
    Packets dropped due to no redirect address: 0
    Packets dropped due to loopback redirect: 227
    Pass-through pkts dropped on assignment update:61
    Connections bypassed due to load: 0
    Packets sent back to router: 1829
    GRE packets sent to router (not bypass): 0
    Packets sent to another WAE: 63037
    GRE fragments redirected: 1116193
    GRE encapsulated fragments received: 0
    Packets failed encapsulated reassembly: 0
    Packets failed GRE encapsulation: 0
    Packets dropped due to invalid fwd method: 0
    Packets dropped due to insufficient memory: 0
    Packets bypassed, no conn at all: 0
    Packets bypassed, no pending connection: 0
    Packets due to clean wccp shutdown: 0
    Packets bypassed due to bypass-list lookup: 166
    Packets received with client IP addresses: 460833489
    Spoofed packets dropped: 57416
    Conditionally Accepted connections: 0
    Conditionally Bypassed connections: 0
    L2 Bypass packets destined for loopback: 0
    Packets w/WCCP GRE received too small: 0
    Packets dropped due to received on loopback: 219
    Packets dropped due to IP access-list deny: 0
    Packets fragmented for bypass: 0
    Packets fragmented for egress: 0
    Packet pullups needed: 5484
    Packets dropped due to no route found: 0

    Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
    Transparent GRE packets received: 0
    Transparent non-GRE packets received: 1940435323
    Transparent non-GRE non-WCCP packets received: 0
    Total packets accepted: 461319375
    Invalid packets received: 731
    Packets received with invalid service: 0
    Packets received on a disabled service: 0
    Packets received too small: 0
    Packets dropped due to zero TTL: 0
    Packets dropped due to bad buckets: 617
    Packets dropped due to no redirect address: 0
    Packets dropped due to loopback redirect: 227
    Pass-through pkts dropped on assignment update:61
    Connections bypassed due to load: 0
    Packets sent back to router: 1829
    GRE packets sent to router (not bypass): 0
    Packets sent to another WAE: 63037
    GRE fragments redirected: 1116193
    GRE encapsulated fragments received: 0
    Packets failed encapsulated reassembly: 0
    Packets failed GRE encapsulation: 0
    Packets dropped due to invalid fwd method: 0
    Packets dropped due to insufficient memory: 0
    Packets bypassed, no conn at all: 0
    Packets bypassed, no pending connection: 0
    Packets due to clean wccp shutdown: 0
    Packets bypassed due to bypass-list lookup: 166
    Packets received with client IP addresses: 460833489
    Spoofed packets dropped: 57416
    Conditionally Accepted connections: 0
    Conditionally Bypassed connections: 0
    L2 Bypass packets destined for loopback: 0
    Packets w/WCCP GRE received too small: 0
    Packets dropped due to received on loopback: 219
    Packets dropped due to IP access-list deny: 0
    Packets fragmented for bypass: 0
    Packets fragmented for egress: 0
    Packet pullups needed: 5484
    Packets dropped due to no route found: 0

  • Does wccp redirect break routing protocol?

    This may be a dumb question to ask, sorry i don't have equipment to test it at this moment.
    If wccp redirect is configured on an interface running routing protocol (such as eigrp or ospf), will this redirect the "unicast" ospf database or eigrp topology update to WAAS?  and/or will this also redirect ospf & eigrp "multicast" update which maintains neighbor relationship to WAAS?
    Should this type of traffic be denied on wccp redirect-list?
    Thanks

    Hi Joe,
    Since WAAS normally uses TCP promiscuous mode services, based on service group number 61 and 62 - you'll only get TCP redirected ... and neither OSPF nor EIGRP runs on top of TCP, so don't worry.
    If you run a TCP based routing protocol like BGP, it will get redirected.
    Later versions of WAAS don't, by default, try to optimize on BGP, as it has given some problems in the past due to sequence number manipulation.
    Best Regards
    Finn Poulsen

  • Urgent ! Router-WAAS WCCP problem

    I have dot1q enabled 7507 connecting frame relay branch to data centre.
    Core WAAS sits on a VLAN subinterface.
    As soon as I enable "ip wcccp redirect 61 in" on VLAN trunked interface, I am loosing connection to the branch.
    the config is here..
    interface GigabitEthernet4/0/0
    description Core Data Centre Trunk VLAN 3,120 to SWDC03 3/16
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    load-interval 30
    negotiation auto
    no cdp enable
    interface GigabitEthernet4/0/0.3
    description Core Data Centre VLAN
    encap dot1q 3
    ip address xxxx
    ip wccp 61 redirect in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nbar protocol-discovery
    ip route-cache flow
    no cdp enable
    standby 3 ip 10.64.205.17
    standby 3 priority 150
    standby 3 preempt
    interface GigabitEthernet4/0/0.120
    description Core WAAS VLAN120
    encap dot1q 120
    ip address yyyyyyy
    ip wccp redirect exclude in
    no ip redirects
    no ip unreachables
    interface Serial0/0/3.64 point-to-point
    ip wccp 62 redirect in
    The IOS version is rsp-jsv-mz.123-17b and WAAS version 4.0.13.I have tested this before without VLAN trunking on another router using a seperate interface and it was working.Any idea ?
    thanks

    thanks guys. I will explain the problem a bit more.When WAAS sits on a seperate i/f on WAN router, it works fine. i.e "wccp redirect 61 in " on interface connecting WAN router to Data Centre and "wccp redirect 62 in" on WAN frame relay. Then I configured the i/f connecting WAN router to Data Centre as dot1q trunk and a dedicated VLAN is created for WAAS. The default gateway for WAAS is HSRP address in 6509s. The WCCP router address configured in WAAS is the loopback0 address of the WAN router. The "wccp redirect 62 in" on WAN frame relay stays same. However, " wccp redirect 61 in " carried to a new subinterface on the same access as WAAS VLAN.
    All WCCP commands show that there is a connection between WAAS and WAN router, packet count goes up. However, all TCP sessions to the brach (initiated from the Data Centre) fail. I have also tested with and without "wccp redirect exclude in" on WAAS VLAN subinterface without success. Since I had to install the branch the WAAS on the weekend, I moved WAAS back to dedicated interface on WAN router. It works fine but I can not implement redundancy.
    The suggestion was to make WAN router subinterface HSRP active rather than 6509 MSFCs.So WAAS talks to WAN routers loopback address and default gateway also points to the same router rather than MSFC. I have not had a chance to test this but I will test in the coming weeks. I was also suggested to use layer2 redirection on 6509 but did not have any chance to look at it closely.
    thanks
    Serhat

Maybe you are looking for

  • Does apple have a link or video showing how to use this program with Flip

    Ultra HD I tried dragging the files and other things from the video 1000 part thanks?

  • Hold on iPod 7th gen

    How do I put the iPod nano inta a "hold" mode so that it doesn't change tracts while I'm walking etc. The old versions had a hold button

  • Outbound Idoc 03 status - SM58 error

    Hi , For Oubound Idoc, I am getting Idoc with status 03 but is not there in Receipient system. When I check Idoc in Sm58, Idoc has error <b>"The ABAP/4 Open SQL array insert results in duplicate database records".</b> Can anybody help me how to solve

  • CS5 Design premium download problem,

    i hope the group can help me, I ahve downloaded the CS5DP suite for the mac and it says download complete. When it tries to mount the DMG file it says verify fail, checksum error, this is bad. I have tried both Akami and the alternative link. The fil

  • Visual Basic 5/Oracle DB

    Hi, I need help to insert a date in a oracle table through VB 5. I am using ODBCDirect, but always I have run time error '3146: ODBC -- Call faild; ORA-00932:inconsistent datatypes. I can do this with text and numeric fields but I can't with date fie