WAAS - WCCP redirect inbound

Hello Everyone,
I notice on our 1841 router running version 12.4(22)T, the wccp redirect inbound method does not process through CEF. It will only process it through an outbound redirection. The 61 redirect inbound is applied to the subinterface on fas 0/0.
Any ideas ?
interface FastEthernet0/0.999
description ****Dublin User Vlan****
encapsulation dot1Q 999 native
ip address x.x.x.x 255.255.255.192
ip helper-address 134.65.181.11
no ip redirects
no ip proxy-arp
ip wccp 61 redirect in
ip wccp 62 redirect out
ip flow ingress
no ip mroute-cache
service-policy input DBN_LAN

You must configure these devices to use WCCP Version 2 instead of WCCP Version 1 because WCCP Version 1 supports web traffic (port 80) only. When you enable the TCP promiscuous mode service (WCCP Version 2 services 61 and 62) on a WAE and a router, you do not need to enable the CIFS caching service (WCCP Version 2 service 89) on the router or WAE.
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v401/quick/guide/wsqcg401.html#wp1357416

Similar Messages

  • WAAS - WCCP redirect in Cat 3560

    Are WAAS redirect ACLs supported on Catalyst 3560?
    Thanks

    You can only configure allow ACLs, no denys (except the deny all at the end).
    Dan

  • Wccp redirection for waas on same platform as wccp for websense?

    just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
    seems like the priority value would come into play determining which service group gets handled first?
    we currently do WCCP for WaaS on our 3945s.
    I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
    Thanks,
    Paul

    Hi Paul,
    Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
    Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
    Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
    Regards
    Daniel

  • Does introducing WCCP redirect for WAAS disrupt Netflow information?

    Before installing WAAS and WCCP redirect on some 6500 interfaces in our data center, those interfaces showed Netflow flows for users at a remote location accessing servers at our data center. Now with WCCP redirecting that traffic to the WAEs, I notice the only netflow flows for that remote location are UDP flows and some ICMP stuff.
    Is this an unintended consequence of installing WAAS - that netflow statistics are going to be skewed by not showing flows that are now accelerated?

    I believe your problem may be due to the fact that you are redirecting http
    based traffic per the ACL configuration. The sup720 uses wccp v2 as a default
    version,however, the Sup720 does NOT support the hardware-based redirection for the TCP port 80 when we enable wccpv2.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/wccp.
    htm#wp1017009
    Support for Non-HTTP Services:
    WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80)traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and real audio, video, and telephony applications.

  • Router WCCP redirect ACLs for WAAS

    Since WAAS accelerates TCP connections only, would it be more efficient to code my router WCCP redirect ACLS for protocol TCP instead of all IP traffic between my source and dest subnets I want redirected?

    Greg,
    The protocol (TCP) is an attribute of the WCCP service group, so using IP in your ACL is fine.
    Regards,
    Zach

  • WAAS - WCCP L2-redirection in WS-C6509-E

    Hi,
    I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.
    Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).
    Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Vlan1
    description *** WAN routers and users ***
    ip address 10.0.16.1 255.255.240.0
    ip wccp 62 redirect out
    ip wccp 61 redirect in
    interface Vlan 200
    description *** WAEs ***
    ip address 10.34.114.65 255.255.255.252
    ip wccp redirect exclude in
    interface Vlan201
    description *** Servers and Users 1 ***
    ip address 10.15.240.1 255.255.240.0
    ip wccp 61 redirect in
    interface Vlan202
    description *** Servers and Users 2 ***
    ip address 10.16.128.1 255.255.240.0
    ip wccp 61 redirect in
    But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.
    Can anybody help me with explaining me the way to configure that?

    Dan,
    I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.
    But now, I don't understand the implications of use the command “egress-method negotiated-return intercept-method wccp”. What else should I consider or configure (in the router or in the WAE) to make this interception works?
    I think that the configuration on the routers and in the WAE should be something like this:
    --- Router 1
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.34.113.213 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.2 255.255.240.0
    ip wccp redirect exclude in
    --- Router 2
    ip wccp version 2
    ip wccp 61 redirect-list 101
    ip wccp 62 redirect-list 101
    interface Serial3/3:1
    ip address 10.134.143.217 255.255.255.252
    ip wccp 61 redirect in
    ip wccp 62 redirect in
    interface GigabitEthernet0/1
    ip address 10.0.16.3 255.255.240.0
    ip wccp redirect exclude in
    --- WAE
    interface GigabitEthernet 1/0
    ip address 10.0.16.4 255.255.255.0
    exit
    egress-method negotiated-return intercept-method wccp
    wccp router-list 1 10.0.16.2 10.0.16.3
    wccp tcp-promiscuous router-list-num 1
    Thanks and Regards,
    Pablo

  • WCCP Redirect list ACL mask for WAAS

    Good day,
    I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
    ip access-list extended WCCPLIST-61
    permit tcp 10.112.0.0 0.0.31.255 any
    ip access-list extended WCCPLIST-62
      permit tcp any 10.112.0.0 0.0.31.255
    So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
    Just want to confirm that the mask in the ACL doesn't have to match exactly.
    Thanks in advance.

    Hi Zach,
    Thanks for the response and confirmation.
    I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
    A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
    If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
    Any input would be apprecited.
    Thanks again.
    Paul.

  • WAAS: ASR for WCCP redirect

    Has anyone deployed an ASR for WCCP redirection? How stable is this platform?
    Thanks,
    DG

    DG,
    I work for Cisco Systems.
    WCCP support on ASR has been there for a while now. Many of our customers do run WCCP on ASR and happy with the stability and performance. As you may know it is a h/w based platform and hence it processes WCCP in h/w. Pl ensure that you are using mask assignment to take advantage of h/w processing on ASR.
    thanks
    Nat

  • Ip wccp redirection direction at ethernet and serial interface.

    hi all.
    commonly, we use 'ip wccp 62 redirect in' at serial interface to grap packet for sending cisco waas.
    but some document is mentioned that 'ip wccp 62 redirect out' ethernet interface facing data center side.
    I guess, there is same meaning, I think that It's better to apply 'ip wccp 62 redirect in' at serial interface due to router performance. Right?
    Can you explain clarify for me?
    Thank you.

    You are correct redirect in is less cpu intensive as compared to redirect out
    WCCP redirection can be configured to occur as packets enter a router or switch interface (inbound, or ingress, redirection) or as they are beginning to leave a router or switch interface (outbound, or egress, redirection).
        * Inbound redirection - the WCCP process inspects traffic to find packets that should be optimized before the packets enter the router or switch forwarding/routing selection process.  Inbound redirection is less CPU intensive than outbound redirection (when using process or other SW based switching).
        * Outbound redirection - the WCCP process inspects traffic to find packets that should be optimized as the packets are ready to leave a router or switch interface, after the packet has gone through the router or switch forwarding/routing selecting process.  Outbound redirection is more CPU intensive than inbound redirection.
    Thanks
    -Smita

  • WAAS: WCCP Mask or Hash on Routers?

    I'm starting thinking about using mask assign on an ISR router running 12:4(24)T with GRE/GRE. Has anyone done this before and can you use mask assign with GRE/GRE? We need to use it with GRE/GRE because our egress method has to be WCCP return. My thought was mask assign will be much better at load balancing across multiple WAEs in a cluster than hash because you can specify a long mask assignment. Right now, see more load on WAE than the other and are sometimes getting TFO overload.

    The page you linked contains recommendations (in bold) for each platform. On the ISR G2 specifically, you should be able to use any combination of GRE/L2 and MASK/HASH assignment. Some other platforms require specific disribution and redirection methods to maintain the hardware acceleration of WCCP traffic. However, the ISR G2 does not have this requirement.
    WCCP GRE and HASH distribution on ISR G2 is typically recommended to make deployment easier. With GRE, content devices can be an L3 hop away (if needed), and it reduces the chance of customers accidentally creating a WCCP redirect loop.
    L2 distribution and HASH redirection method should typically require the least CPU and memory load on the ISR. These should perform the best in most cases.
    The MASK distribution method gives better controls on how load is divided between multiple content devices, typically at the cost of more CPU and memory utilization. If you have only one or two content devices in your cluster, typically HASH will meet the need for slightly less CPU. As Zach said, most times MASK is used on the Datacenter side to give the ability to 'tweak' how the load is distributed across multiple devices.
    Thanks,
    Aaron

  • WAAS WCCP Errors

    Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
    Transparent GRE packets received: 0
    Transparent non-GRE packets received: 1940435323
    Transparent non-GRE non-WCCP packets received: 0
    Total packets accepted: 461319375
    Invalid packets received: 731
    Packets received with invalid service: 0
    Packets received on a disabled service: 0
    Packets received too small: 0
    Packets dropped due to zero TTL: 0
    Packets dropped due to bad buckets: 617
    Packets dropped due to no redirect address: 0
    Packets dropped due to loopback redirect: 227
    Pass-through pkts dropped on assignment update:61
    Connections bypassed due to load: 0
    Packets sent back to router: 1829
    GRE packets sent to router (not bypass): 0
    Packets sent to another WAE: 63037
    GRE fragments redirected: 1116193
    GRE encapsulated fragments received: 0
    Packets failed encapsulated reassembly: 0
    Packets failed GRE encapsulation: 0
    Packets dropped due to invalid fwd method: 0
    Packets dropped due to insufficient memory: 0
    Packets bypassed, no conn at all: 0
    Packets bypassed, no pending connection: 0
    Packets due to clean wccp shutdown: 0
    Packets bypassed due to bypass-list lookup: 166
    Packets received with client IP addresses: 460833489
    Spoofed packets dropped: 57416
    Conditionally Accepted connections: 0
    Conditionally Bypassed connections: 0
    L2 Bypass packets destined for loopback: 0
    Packets w/WCCP GRE received too small: 0
    Packets dropped due to received on loopback: 219
    Packets dropped due to IP access-list deny: 0
    Packets fragmented for bypass: 0
    Packets fragmented for egress: 0
    Packet pullups needed: 5484
    Packets dropped due to no route found: 0

    Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
    Transparent GRE packets received: 0
    Transparent non-GRE packets received: 1940435323
    Transparent non-GRE non-WCCP packets received: 0
    Total packets accepted: 461319375
    Invalid packets received: 731
    Packets received with invalid service: 0
    Packets received on a disabled service: 0
    Packets received too small: 0
    Packets dropped due to zero TTL: 0
    Packets dropped due to bad buckets: 617
    Packets dropped due to no redirect address: 0
    Packets dropped due to loopback redirect: 227
    Pass-through pkts dropped on assignment update:61
    Connections bypassed due to load: 0
    Packets sent back to router: 1829
    GRE packets sent to router (not bypass): 0
    Packets sent to another WAE: 63037
    GRE fragments redirected: 1116193
    GRE encapsulated fragments received: 0
    Packets failed encapsulated reassembly: 0
    Packets failed GRE encapsulation: 0
    Packets dropped due to invalid fwd method: 0
    Packets dropped due to insufficient memory: 0
    Packets bypassed, no conn at all: 0
    Packets bypassed, no pending connection: 0
    Packets due to clean wccp shutdown: 0
    Packets bypassed due to bypass-list lookup: 166
    Packets received with client IP addresses: 460833489
    Spoofed packets dropped: 57416
    Conditionally Accepted connections: 0
    Conditionally Bypassed connections: 0
    L2 Bypass packets destined for loopback: 0
    Packets w/WCCP GRE received too small: 0
    Packets dropped due to received on loopback: 219
    Packets dropped due to IP access-list deny: 0
    Packets fragmented for bypass: 0
    Packets fragmented for egress: 0
    Packet pullups needed: 5484
    Packets dropped due to no route found: 0

  • WCCP redirect on 4507 to ironport

    I am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out what I'm doing wrong here!
    ip wccp web-cache group-list IRONPORT-GROUPLIST
    ip wccp source-interface GigabitEthernet2/24
    Interface Vlan160
    ip address 10.10.16.1 255.255.254.0
    ip wccp web-cache redirect out
    ip access-list IRONPORT-GROUPLIST
    permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
    On the ironport I setup web-cache under transparent redirection and provided the IP address I used to source from above (GigabitEthernet2/24). Here is the output I get on the 4507:
    10CSW-LAN1#sh ip wccp web-cache
    Global WCCP information:
        Router information:
            Router Identifier:                   10.11.1.9
            Configured source-interface:         GigabitEthernet2/24
            Protocol Version:                    2.0
        Service Identifier: web-cache
            Number of Service Group Clients:     1
            Number of Service Group Routers:     1
            Total Packets Redirected:            0
              Process:                           0
              CEF:                               0
              Platform:                          0
            Service mode:                        Open
            Service Access-list:                 -none-
            Total Packets Dropped Closed:        0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   IRONPORT_GROUPLIST
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total GRE Bypassed Packets Received: 0
              Process:                           0
              CEF:                               0
              Platform:                          0
    Here is the debug output:
    2w3d: WCCP-EVNT:Process: Start V2 (138)
    2w3d: WCCP-EVNT:Successfully opened UDP socket
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
    2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
    2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
    2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
    2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
    2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
    10CSW-LAN1(config)#
    2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
    2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
    2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
    2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: setting up wc mask assignments
    2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
    2w3d: WCCP-EVNT:S0: copy blank current info
    2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
    10CSW-LAN1(config)#
    2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5
    2w3d: WCCP-EVNT:Process: Start V2 (138)
    2w3d: WCCP-EVNT:Successfully opened UDP socket
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
    2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
    2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
    2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
    2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
    2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
    10CSW-LAN1(config)#
    2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
    2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
    2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
    2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: setting up wc mask assignments
    2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
    2w3d: WCCP-EVNT:S0: copy blank current info
    2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
    10CSW-LAN1(config)#
    2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

    I would recommend doing the following. Also feel free to call into the ironport support line. It is listed at the bottom of the page.
    Change the wccp service to service-number 90
    Try to redirect inbound traffic not outbound traffic.
    Set Load-balancing to mask
    Set forward method to L2
    Set return method to L2
    ip wccp 90 group-list IRONPORT-GROUPLIST  <- Set the wccp service-number
    ip wccp source-interface GigabitEthernet2/24
    Interface Vlan160
    ip address 10.10.16.1 255.255.254.0
    ip wccp 90 redirect out  <- Set the WCCP Service-number try to redirect inbound traffic
    ip access-list IRONPORT-GROUPLIST
    permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
    Below is an example of how you should setup your ironport for a customer service number. Place the port numbers that you want to redirect.
    Christian Rahl
    Customer Support Engineer                      
    Cisco IronPort - Web Security Appliances
    Cisco Technical Assistance Center RTP
    United States Ironport: 1-877-641-IRON (4766)

  • Does wccp redirect break routing protocol?

    This may be a dumb question to ask, sorry i don't have equipment to test it at this moment.
    If wccp redirect is configured on an interface running routing protocol (such as eigrp or ospf), will this redirect the "unicast" ospf database or eigrp topology update to WAAS?  and/or will this also redirect ospf & eigrp "multicast" update which maintains neighbor relationship to WAAS?
    Should this type of traffic be denied on wccp redirect-list?
    Thanks

    Hi Joe,
    Since WAAS normally uses TCP promiscuous mode services, based on service group number 61 and 62 - you'll only get TCP redirected ... and neither OSPF nor EIGRP runs on top of TCP, so don't worry.
    If you run a TCP based routing protocol like BGP, it will get redirected.
    Later versions of WAAS don't, by default, try to optimize on BGP, as it has given some problems in the past due to sequence number manipulation.
    Best Regards
    Finn Poulsen

  • WAAS WCCP Interception

    Is there any performance issues with redirecting wccp 62 on an SVI of the 6500 series switch? The WAN interfaces are not layer 3 but are associated with a vlan that has an SVI configured. I will be using redirect lists for interception.
    Regards,

    Clifton,
    On the 6500 platform, you need to follow these recommendations to ensure WCCP redirection happens completely in hardware:
    - L2 Forwarding (configured on WAE)
    - Mask Assignment (configured on WAE)
    - Inbound redirection (configured on 6500)
    - No 'ip wccp redirect exclude in' configured (on 6500)
    Zach

  • Urgent ! Router-WAAS WCCP problem

    I have dot1q enabled 7507 connecting frame relay branch to data centre.
    Core WAAS sits on a VLAN subinterface.
    As soon as I enable "ip wcccp redirect 61 in" on VLAN trunked interface, I am loosing connection to the branch.
    the config is here..
    interface GigabitEthernet4/0/0
    description Core Data Centre Trunk VLAN 3,120 to SWDC03 3/16
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    load-interval 30
    negotiation auto
    no cdp enable
    interface GigabitEthernet4/0/0.3
    description Core Data Centre VLAN
    encap dot1q 3
    ip address xxxx
    ip wccp 61 redirect in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nbar protocol-discovery
    ip route-cache flow
    no cdp enable
    standby 3 ip 10.64.205.17
    standby 3 priority 150
    standby 3 preempt
    interface GigabitEthernet4/0/0.120
    description Core WAAS VLAN120
    encap dot1q 120
    ip address yyyyyyy
    ip wccp redirect exclude in
    no ip redirects
    no ip unreachables
    interface Serial0/0/3.64 point-to-point
    ip wccp 62 redirect in
    The IOS version is rsp-jsv-mz.123-17b and WAAS version 4.0.13.I have tested this before without VLAN trunking on another router using a seperate interface and it was working.Any idea ?
    thanks

    thanks guys. I will explain the problem a bit more.When WAAS sits on a seperate i/f on WAN router, it works fine. i.e "wccp redirect 61 in " on interface connecting WAN router to Data Centre and "wccp redirect 62 in" on WAN frame relay. Then I configured the i/f connecting WAN router to Data Centre as dot1q trunk and a dedicated VLAN is created for WAAS. The default gateway for WAAS is HSRP address in 6509s. The WCCP router address configured in WAAS is the loopback0 address of the WAN router. The "wccp redirect 62 in" on WAN frame relay stays same. However, " wccp redirect 61 in " carried to a new subinterface on the same access as WAAS VLAN.
    All WCCP commands show that there is a connection between WAAS and WAN router, packet count goes up. However, all TCP sessions to the brach (initiated from the Data Centre) fail. I have also tested with and without "wccp redirect exclude in" on WAAS VLAN subinterface without success. Since I had to install the branch the WAAS on the weekend, I moved WAAS back to dedicated interface on WAN router. It works fine but I can not implement redundancy.
    The suggestion was to make WAN router subinterface HSRP active rather than 6509 MSFCs.So WAAS talks to WAN routers loopback address and default gateway also points to the same router rather than MSFC. I have not had a chance to test this but I will test in the coming weeks. I was also suggested to use layer2 redirection on 6509 but did not have any chance to look at it closely.
    thanks
    Serhat

Maybe you are looking for

  • Colors don't match between PS and AI (CS 3)

    CMYK images are displaying differently for me between PS and AI. In PS when they look "good" (and print similarly on my profiled Epson), in AI they look more contrasty and saturated, with a little color shift in the greens (towards blue). My monitor

  • Real Time Screen Updation in the Front End

    I working for a banking sector, My requirement is that, there is a screen which stays open 24 hours 365 days , there are some database changes happening in the backend , the data needs to get refreshed in the page without actually clicking any refesh

  • User defined record types in package header

    hi. is there a way in sql developer to view just the record type names? for example, i have: TYPE my_rec_type_1 IS RECORD(...); TYPE my_rec_type_2 IS RECORD(...); TYPE my_rec_type_3 IS RECORD(...); and all i want to see is a list showing my_rec_type_

  • Data usage z1

    Very new to my phone so please excuse my dumbness.ive had the z1 for 3 days and already used 314mb onI google play store.my husband has the same as me bought at the same time but his seems to be ok,am I doing something wrong.sorry if this doesn't mak

  • Please send tables used for this report.

    hi pls any one send all the tables names are used in this given report report: <b>Created report that display month-wise sales details by comparing with previous month and yearly sales details with selection criteria based on date.</b> thanks in adva