WAE and WCCP mismatch
Hello,
I seem to be having a lot of trouble with a very simple implementation. I have 2 routers and a data centre WAE via WCCP. These devices are on the same L2/L3 segment (x.x.x.0/24). The WAN interfaces on the routers are in different networks. The remote WAE is inline. I configured ip wccp 61 redirect in on the LAN interface of each router and ip wccp 62 redirect in on the WAN interface of each router. I get the alarm "WCCP router x.x.x.1(LAN) unusable for service id:61 reason redirection mismatch with router" and "WCCP router x.x.x.1(LAN) unusable for service id:62 reason redirection mismatch with router". For the WAN interfaces I get the alarm they are unreachable for the service ID.
Snadard router config
ip wccp version 2
ip wccp 61
ip wccp 62
int gi0/0
description LAN
ip address x.x.x.1
ip wccp 61 redirect in
int gi0/1
description WAN
ip address y.y.y.1
ip wccp 62 redirect in
Should I only be trapping inbound traffic on the LAN interface ?
The other thing I noticed was these messages from the PIX on the same L2/L3 segment
Dec 20 2011 05:49:52: %PIX-2-106006: Deny inbound UDP from WADMZJA02/2048 to IROUTER1/2048 on interface outside
Dec 20 2011 05:49:52: %PIX-2-106006: Deny inbound UDP from WADMZJA02/2048 to IROUTER2/2048 on interface outside
Dec 20 2011 05:49:52: %PIX-2-106006: Deny inbound UDP from WADMZJA02/2048 to IROUTER1/2048 on interface outside
Dec 20 2011 05:49:52: %PIX-2-106006: Deny inbound UDP from WADMZJA02/2048 to IROUTER2/2048 on interface outside
Access list
access-list outside_access_in extended permit udp host WADMZJA02 host IROUTER1 log notifications
access-list outside_access_in extended permit udp host WADMZJA02 host IROUTER2 log notifications
access-list outside_access_in extended permit udp host IROUTER1 host WADMZJA02 log notifications
access-list outside_access_in extended permit udp host IROUTER2 host WADMZJA02 log notifications
Best regards
Stephen
WAE config
sh run
2011 Dec 20 07:06:27 WADMZJA02 -admin-shell: %WAAS-PARSER-6-350232: CLI_LOG log_cli_command: sh run
! waas-universal-k9 version 4.3.1 (build b6 Nov 13 2010)
device mode application-accelerator
hostname WADMZJA02
clock timezone Europe/Brussels 1 0
ip domain-name fibe.fortis
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address x.x.x.248 255.255.255.0
exit
interface GigabitEthernet 2/0
shutdown
exit
ip default-gateway x.x.x.4 <== firewall
no auto-register enable
! ip path-mtu-discovery is disabled in WAAS by default
! <== traffic to be rerouted outbound ==>
ip route a.a.a.0 255.255.255.0 x.x.x.1 <== Outbound HSRP
ip access-list extended HK
permit ip any 0.0.0.0 255.255.255.0
exit
logging console enable
logging console priority debug
interception access-list HKWAAS
wccp router-list 1 z.z.z.202 y.y.y.122 x.x.x.1 x.x.x.2 x.x.x.3
wccp tcp-promiscuous router-list-num 1 hash-source-ip hash-destination-ip l2-redirect l2-return
wccp version 2
egress-method negotiated-return intercept-method wccp
ip icmp rate-limit unreachable df 0
directed-mode enable
transaction-logs flow enable
--More--
! [K
inetd enable rcp
sshd allow-non-admin-users
sshd enable
tfo tcp optimized-send-buffer 2048
tfo tcp optimized-receive-buffer 2048
accelerator http metadatacache enable
accelerator http metadatacache https enable
accelerator http dre-hints enable
central-manager address x.x.x.247
cms enable
! End of WAAS configuration
Hi Stephen,
The "Redirection mismatch" messages indicate that the redirection or return method configured on the WAE is not compatible with the router. Probably, the routers you are using don't support L2 redirection
Moving forward, I would recommend you to change the line "wccp tcp-promiscuous router-list-num 1 hash-source-ip hash-destination-ip l2-redirect l2-return" for "wccp tcp-promiscuous router-list-num 1". This will negotiate hash assignment, as well as GRE redirection and return, which are the parameters supported by most platforms.
As for the firewall messages, it seems that some WCCP negotiation packets (UDP port 2048) are being dropped. Unfortunately, my firewall knowledge is very limited, so I cannot really help you with that part.
Regards
Daniel
Similar Messages
-
L2 redirection between a 3750 and WAE 674 WCCP
hi
we are using a WAE 674 on a cisco 3750 in WCCP
WCCP is configured to use L2 redirection
but we saw this on the switch
Global WCCP information:
Router information:
Router Identifier: 192.168.100.1
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 1
Process: 0
CEF: 1
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 62
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 11
Process: 0
CEF: 11
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
switch configuration
vlan 1 and 2 : data
vlan 3 routeurs
vlan 4 : WAE
interface Vlan1
ip address 10.0.0.1 255.255.0.0
ip wccp 61 redirect in
standby 0 preempt
standby 1 ip 10.0.0.6
standby 1 priority 150
standby 1 preempt
standby 1 name hsrp_vlan_1
interface Vlan2
ip address 10.1.0.1 255.255.0.0
ip wccp 61 redirect in
standby 2 ip 10.1.0.6
standby 2 priority 150
standby 2 preempt
standby 2 name hsrp_vlan_2
interface Vlan3
description Routage-FT
ip address 192.168.1.4 255.255.255.0
ip wccp 62 redirect in
standby 3 ip 192.168.1.6
standby 3 priority 150
standby 3 preempt
standby 3 name hsrp_vlan_3
interface Vlan4
description VLAN WCCP
ip address 192.168.100.1 255.255.255.0
WAE configuration
wccp router-list 8 192.168.100.1
wccp tcp-promiscuous mask src-ip-mask 0x1741 dst-ip-mask 0x0
wccp tcp-promiscuous router-list-num 8 l2-redirect mask-assign l2-return
wccp version 2Hi,
This counter on the 3750 is a software counter, but all WCCP redirection should be happening in hardware. Thus, it is expected the number of redirected packets to be zero or very low. The proper way to tell if WCCP is redirecting traffic to your WAE is to issue the command "show wccp gre" on the WAE and look for the line "transparent non-GRE packets received."
Example:
pdi-7341-19#sh wccp gre
Transparent GRE packets received: 0
Transparent non-GRE packets received: 28887345
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 26012975
Invalid packets received: 0
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
----output omitted ------
Cheers,
Mike Korenbaum
Cisco WAAS PDI Help Desk
http://www.cisco.com/go/pdihelpdesk -
Hello ,
I have many Qs regarding the WAAS implemntation
1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
Thanks
MoamenHey Moamen,
1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
I hope that helps you out.
Dan -
How to enable SSL optimization only for a single remote WAE and specific website?
Hi guys.
I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
The scenario is as follows:
Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
There is a central manager and core WAE in the main site (central site).
There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
I saw this great and useful doc, but I still have some concerns.
https://supportforums.cisco.com/docs/DOC-16452
Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
- export the certificate and keys;
- enable secure store in the central manager;
- In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
- In the core WAE, import the CA certificate (upload PEM file);
- In the core WAE, create the SSL Accelerated Service by:
--importing the client certificate and the key;
-- Match interesting traffic;
-- Put the SSL Acc Service in service;
- Finally, make sure SSL acceleration is enabled in both remote and core WAE.
The concerns:
I only need to enable SSL optimization for a specific location accessing a specific website.
Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
how will the other remote locations behave?
Will they access the website normally with no SSL optimization even passing thru the core WAE?
What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
If the site uses proxy, will any flow be impacted?
If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
Thanks in advance.
importing the client certificate and key (client.crt and client.key exported from the Web server - See more at: https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpuHi guys.
I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
The scenario is as follows:
Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
There is a central manager and core WAE in the main site (central site).
There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
I saw this great and useful doc, but I still have some concerns.
https://supportforums.cisco.com/docs/DOC-16452
Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
- export the certificate and keys;
- enable secure store in the central manager;
- In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
- In the core WAE, import the CA certificate (upload PEM file);
- In the core WAE, create the SSL Accelerated Service by:
--importing the client certificate and the key;
-- Match interesting traffic;
-- Put the SSL Acc Service in service;
- Finally, make sure SSL acceleration is enabled in both remote and core WAE.
The concerns:
I only need to enable SSL optimization for a specific location accessing a specific website.
Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
how will the other remote locations behave?
Will they access the website normally with no SSL optimization even passing thru the core WAE?
What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
If the site uses proxy, will any flow be impacted?
If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
Thanks in advance.
importing the client certificate and key (client.crt and client.key exported from the Web server - See more at: https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu -
We have a test and a production environment with portal 9.0.2.2.14A.
We Use the exp/imp utilities to publish our portal.
In the test env we dropped and re-created a corrupted dynamic page.
When importing this component in the prod env we have the following message:
Checking for type = DYNAMIC Name = MENU_PAGINE Id = 4867642631 ...
MENU_PAGINE cannot be overwritten as the id and name mismatch.
Import of MENU_PAGINE will fail.
We cannot drop this component because we don't find it with the Navigator (I think that the previous import didn't create it correctly because of the corruption in the test env).
Can anyone help me?Any component created wil have information gets stored in the tables wwv_modules$,wwv_module_details$,wwapp_application$
Try to find the module_id of the dynamic page created, and delete it from all the 3 tables. -
Hi all, just wonder what is the difference between wide area application engine (WAE) and wide area virtualization engine (WAVE)? I read the data sheet for WAE and WAVE, both stating they provide :
• Improve employee productivity by enhancing the user experience for important business applications delivered over the WAN
• Reduce the cost of branch-office operations by centralizing IT resources in the data center and lowering the cost of WAN bandwidth
• Increase IT agility by reducing the time and resources required to deliver new IT services to the branch office
• Simplify branch-office data protection for regulatory compliance purposes
Really appreciate if anyone can explain to me about it.
ThanksHi Lieu,
The are some key differences.. for example:
-WAVE 574 and WAE 674 support virtual blades and WAE 512 and WAE 612 don't
-WAE 674 can support 8 inline ports ( using 2 4-port inline cards) and WAE 612 supports only 4ports.
-WAVE 574 and WAE 674 has better hard drive redundancy..etc
if you are working on a project that requires detailed info I suggest to contact your Cisco Account Manager or Cisco Partner as it is critical to choose the right device depending on your topology, applications, number of users..etc
cheers! -
MF8580 prints two pages, then gives paper size and settings mismatch error. Help!
Hello, I have been dealing with this problem for weeks now. When i called support, they told me it was my computer, that it was "running slow" and that i need to pay for their service - that fixing errors in my registry would fix the problem. However, i have my own registry cleaner and that isnt the problem. Every time i print something, the printer will print the first two pages, and then beep, giving me the error "paper size and settings mismatch Drawer 1" - I have everything set to letter - in the driver, on the printer, etc. I do nto understand why it prints two pages and then tells me there is a mismatch. If i open and close the drawer, it will print the second page again and then the third page, and give me the same error again. rinse and repeat. This also happens when multiple documents are spooled. I send three - one page documents, it will print the first and second, give me the error, i open and close the paper drawer 1, then it prints document two and three - then gives me the same error - i open and reclose and it prints the thrid document... I am just baffeled.
Hi!
To ensure the most accurate information is provided, we will need to know the version of Windows or Mac in use. Also, we wanted to mention that it sounds like the number you reached was not an official Canon support number, as we do not charge for support. If this is a time-sensitive matter, our US-based technical support team is standing by, ready to help 24/7 via Email at http://bit.ly/EmailCanon or by phone at 1-800-OK-CANON (1-800-652-2666) weekdays between 10 AM and 10 PM ET (7 AM to 7 PM PT).
Thanks and have a great day! -
WAAS and WCCP - looping packet detected
Hi,
Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
Any advise?no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
LOOPING PACKET DETECTION:
from router console
Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
Router configuration:
ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
interface Loopback0
ip address 132.242.11.18 255.255.255.255
h323-gateway voip bind srcaddr 132.242.11.18
interface GigabitEthernet0/0.83
description << data vlan 83 >>
encapsulation dot1Q 83
ip address 153.61.83.3 255.255.255.192
ip helper-address 192.127.250.22
ip helper-address 149.25.1.182
no ip proxy-arp
ip wccp 61 redirect in
standby 83 ip 153.61.83.1
standby 83 priority 200
standby 83 preempt
standby 83 track Serial0/1/0:0.99 100
interface GigabitEthernet0/1
description << WHQ LAB CE connection >>
ip address 153.61.83.65 255.255.255.192
load-interval 30
duplex full
speed 100
ip access-list standard remote-waas-box
permit 153.61.83.70
ip access-list extended REDIRECT-WAAS-SUBNETS-61
permit ip 153.61.83.0 0.0.0.63 any
WAE configuration:
device mode application-accelerator
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 153.61.83.70 255.255.255.192
no autosense
bandwidth 100
full-duplex
exit
wccp router-list 1 153.61.83.65
wccp tcp-promiscuous router-list-num 1
wccp version 2
wccp slow-start enable -
Is it possible to transition between two different WAAS appliances if using WCCP redirection? Currently I'm using a WAVE 274 and want to migrate to a recently installed NM-WAE-522. WCCP is currently being used to redirect traffic to the WAVE. Can I simply add the WAE to the WCCP config and then remove the WAVE?
Does it matter that they are in the same subnet or not? The NM-WAE-522 is obviously on the same subnet as one of the router interfaces, but the WAVE-274 is actually on a different subnet off of our 6509. I thought I remembered reading that it was at least recommended that WCCP devices be on the same subnet for load balancing, but I'm guessing it doesn't matter as I'm using L3 GRE redirection.
-
Using WAVE-7371-K9 with inline and WCCP Interception together
Hi guys,
I have an WAVE-7371-K9 with WAE-INLN-4CG.
Is there any way to use both modes inline (in-path) and WCCPv2 Interception at the same time in this appliance ?
I think you can use just one mode (in-path or off-path), but I wanna confirm that
Thanks in Advanced
My Best Regards,
Andre Lomonacohi lomonaco
yes ahsan, is Right, you can use only one interception method, Either WCCP or INLINE, But For INLINE Feature you need Inline Card which got Supported in Your Device.
Also There is NO Need To have Same Interception Method to be used if you are Using Waas Devices in Two or more Branches.
Thanks
A.Dixit -
WAAS and WCCP router selection
Hi
Is there some information about that how much of wccp traffic can be handled by different model of routers?
I'm not looking for throughput report like Process\CEF switching per routers but I would like to see some info about wccp treshold on each models, what's the maximum amount of redirected traffic what the router can handle?
thanksno "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
LOOPING PACKET DETECTION:
from router console
Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
Router configuration:
ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
interface Loopback0
ip address 132.242.11.18 255.255.255.255
h323-gateway voip bind srcaddr 132.242.11.18
interface GigabitEthernet0/0.83
description << data vlan 83 >>
encapsulation dot1Q 83
ip address 153.61.83.3 255.255.255.192
ip helper-address 192.127.250.22
ip helper-address 149.25.1.182
no ip proxy-arp
ip wccp 61 redirect in
standby 83 ip 153.61.83.1
standby 83 priority 200
standby 83 preempt
standby 83 track Serial0/1/0:0.99 100
interface GigabitEthernet0/1
description << WHQ LAB CE connection >>
ip address 153.61.83.65 255.255.255.192
load-interval 30
duplex full
speed 100
ip access-list standard remote-waas-box
permit 153.61.83.70
ip access-list extended REDIRECT-WAAS-SUBNETS-61
permit ip 153.61.83.0 0.0.0.63 any
WAE configuration:
device mode application-accelerator
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 153.61.83.70 255.255.255.192
no autosense
bandwidth 100
full-duplex
exit
wccp router-list 1 153.61.83.65
wccp tcp-promiscuous router-list-num 1
wccp version 2
wccp slow-start enable -
Hello all,
This is a new install, I am trying to bring up a WAE-674 box at one my remote sites with 2 routers (a 3725 and a 2621) at this remote site and I am using WCCP for traffic redirection. I am having an issue with WCCP on the 3725 router, for some reason when I enable the command "IP wccp 62 redirect in" under the WAN serial interface I suddenly can no longer telnet to the fastethernet interface on the router but I can still ping it and still able to telnet to the loopback interface. And I have no issue with WCCP on the other 2621 router with the same config setup.
Has anyone run into this issue before ? I appreciate any feedbacks on this !!!!
I am running IOS version 12.3(14)T7 on the 3725 router and WAAS software version 4.1.1c
Thanks in advance !!
DannyYou will want to explore CSCsg30875 to see how it applies to your installation
CSCsg30875 wccp blocking telnet to router
Since 12.3T is EOL, it probably was not tested and may or may not exist in that Cisco IOS track.
End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.3T
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/prod_bulletin0900aecd803a0ffe.html
Thank You,
Dan Laden -
Issue Details- WAAS Optimizers were not optimizing traffic between two locations, drastically dropping performance on FTP connections and also seeing disconnection WAE from CM.There is somthing which is being pushed from CM that causing WCCP disconnect but not sure about it.
Jun 14 01:58:46 APDC4R10-NWAE02 wccp: %WAAS-WCCP-5-500024: Removing router 0.0.0.0 from router table.
Issue is sporadic in nature, SR has been open and TAC has given action plan when issue come again but, i am sure same issue happened earlier somewhere and solution must be in place rather reactive approch to wait for issue to come.
Appreciate if any one has already know the solution on this.
TkxHello Kiran,
Because your WCCP tunnel is going randomly down, I believe this is either a design issue or a WCCP configuration problem.
Because is randomly happening is hard to run captures at the same time of failure but we can still review the captures when it is actually working.
There are four WCCP V2 messages:
* Here I AM
* I See You
* Redirect Assign
* Removal Query
Each WCCP message comprises a WCCP Message Header followed by a number of message components, for example if the length value or any component header is not set as expected one might expect to see WCCP errors.
here are Nexus WCCP compatibilities notes:
-Assignment methods supports only mask assisments. this is the same as saying that the Nexus and the WAAS device are L2 connected and should be properly configure to run mask assigments .. not hash.
-In addition any packets being " bypass return" should go via L2.
-Packet egress redirection goes via IP forwarding and negotiated L2 return as well.
-WCCP GRE return is not supported, WCCP GRE redirection is not supported
It will be nice if you upgrade to a newer WAAS version you're about 30 versions away from the latest one, there have been many open/fix caveats for WCCP/WAAS previous codes, in addition to the enhacements you're missing.
good luck, -
Hi all
We have a cisco network and in our smaller branch offices, are using 3750 L3 switches as the core. From this switch, we are running WCCP to a pair of WAE-674 WAAS appliances.
This is all working well, and redirection is occuring in hardware on the 3750 (running 12.2(52))
I think I know the answer to this question, but would like validation.
If we apply a redirect list to the WCCP statement in the 3750, and then put a deny in the corresponding ACL, will this deny statement be processed in hardware, or punted to the cpu? My feeling is processed software, but haven't found a rock solid cisco dodument to confirm.
thx in advance
MichaelMichael,
Considering you are running latest code, deny statement will be processed in Software, if ACL is large and has lot of hits, then you may see CPU issues on the switch. Thanks
Ahsan -
Hello Team,
Please let us know any standard report for we can run to view GRIR mismatch but the IR and GR quantity is already equal and the IR and GR price has mismatch.
Regards
SANGEETHAHi,
it is not solution, what i am sating GR QTY 10 amount value 1000 rs and IR Qty 10 but amount value is 950. Theeir is differenece between GR amount value and IR amount value.
Is their any standard report to check list of po's difference between GR and IR quanity match and amount value is not match.
Regards
Sangeetha
Maybe you are looking for
-
The major issue here is that the test systems must be documented and validated before being released to the production floor. Given this if a test station has multiple test systems deployed on it that have been developed on various versions of LV, TS
-
Ng An exception occurred during the execution of the current web request.
An exception occurred during the execution of the current web request. Please contact the administrator to review the stack trace in the event log for more information about the error. this error occured while making changes to the mapings, there was
-
Please give me advised I want order iphone4, which one should I go to? AT&T store or Apple store? Thank you
-
PREMIERE ELE9 MISSING CODEC FOR JPG FILE
Basically, I want to import still photos into the timeline but when I import it into the project adobe says the file is not supported or the codec is missing. This is weird because I have done this before with no problem. What do I do? Please help. T
-
K9A2 booting from SAS (Serial Attached Scsi)
I have been looking all over the place and cannot find any references to booting off the SAS-able Promise controller. Have anyone tried this or know if it is possible to boot off a SAS-drive? [Edit to clarify question]