WAE and WCCP mismatch

Similar Messages

• L2 redirection between a 3750 and WAE 674 WCCP

  hi
  we are using a WAE 674 on a cisco 3750 in WCCP
  WCCP is configured to use L2 redirection
  but we saw this on the switch
  Global WCCP information:
      Router information:
          Router Identifier:                   192.168.100.1
          Protocol Version:                    2.0
      Service Identifier: 61
          Number of Service Group Clients:     1
          Number of Service Group Routers:     1
          Total Packets s/w Redirected:        1
            Process:                           0
            CEF:                               1
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total Bypassed Packets Received:     0
      Service Identifier: 62
          Number of Service Group Clients:     1
          Number of Service Group Routers:     1
          Total Packets s/w Redirected:        11
            Process:                           0
            CEF:                               11
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            0
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total Bypassed Packets Received:     0
  switch configuration
  vlan 1 and 2 : data
  vlan 3 routeurs
  vlan 4 : WAE
  interface Vlan1
  ip address 10.0.0.1 255.255.0.0
  ip wccp 61 redirect in
  standby 0 preempt
  standby 1 ip 10.0.0.6
  standby 1 priority 150
  standby 1 preempt
  standby 1 name hsrp_vlan_1
  interface Vlan2
  ip address 10.1.0.1 255.255.0.0
  ip wccp 61 redirect in
  standby 2 ip 10.1.0.6
  standby 2 priority 150
  standby 2 preempt
  standby 2 name hsrp_vlan_2
  interface Vlan3
  description Routage-FT
  ip address 192.168.1.4 255.255.255.0
  ip wccp 62 redirect in
  standby 3 ip 192.168.1.6
  standby 3 priority 150
  standby 3 preempt
  standby 3 name hsrp_vlan_3
  interface Vlan4
  description VLAN WCCP
  ip address 192.168.100.1 255.255.255.0
  WAE configuration
  wccp router-list 8 192.168.100.1
  wccp tcp-promiscuous mask src-ip-mask 0x1741 dst-ip-mask 0x0
  wccp tcp-promiscuous router-list-num 8 l2-redirect mask-assign l2-return
  wccp version 2

  Hi,
  This counter on the 3750 is a software counter, but all WCCP redirection should be happening in hardware.  Thus, it is expected the number of redirected packets to be zero or very low.  The proper way to tell if WCCP is redirecting traffic to your WAE is to issue the command "show wccp gre" on the WAE and look for the line "transparent non-GRE packets received."
  Example:
  pdi-7341-19#sh wccp gre
  Transparent GRE packets received:              0
  Transparent non-GRE packets received:          28887345
  Transparent non-GRE non-WCCP packets received: 0
  Total packets accepted:                        26012975
  Invalid packets received:                      0
  Packets received with invalid service:         0
  Packets received on a disabled service:        0
  Packets received too small:                    0
  Packets dropped due to zero TTL:               0
  ----output omitted ------
  Cheers,
  Mike Korenbaum
  Cisco WAAS PDI Help Desk
  http://www.cisco.com/go/pdihelpdesk

• WAAS and WCCP

  Hello ,
  I have many Qs regarding the WAAS implemntation
  1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
  2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
  3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
  Thanks
  Moamen

  Hey Moamen,
  1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
  2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
  3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
  I hope that helps you out.
  Dan

• How to enable SSL optimization only for a single remote WAE and specific website?

  Hi guys.
  I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
  The scenario is as follows:
  Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
  There is a central manager and core WAE in the main site (central site).
  There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
  For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
  I saw this great and useful doc, but I still have some concerns.
  https://supportforums.cisco.com/docs/DOC-16452
  Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
  - export the certificate and keys;
  - enable secure store in the central manager;
  - In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
  - In the core WAE, import the CA certificate (upload PEM file);
  - In the core WAE, create the SSL Accelerated Service by:
      --importing the client certificate and the key;
      -- Match interesting traffic;
      -- Put the SSL Acc Service in service;
  - Finally, make sure SSL acceleration is enabled in both remote and core WAE.
  The concerns:
  I only need to enable SSL optimization for a specific location accessing a specific website.
  Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
  how will the other remote locations behave?
  Will they access the website normally with no SSL optimization even passing thru the core WAE?
  What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
  If the site uses proxy, will any flow be impacted?
  If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
  Thanks in advance.
  importing  the client certificate and key (client.crt and client.key exported from  the Web server - See more at:  https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

  Hi guys.
  I have to enable SSL optimization for a specifc HTTPS website only and for a specific remote site only (branch office).
  The scenario is as follows:
  Multiple sites connected via a MPLS cloud. Each site has its own WAE device (module or appliance).
  There is a central manager and core WAE in the main site (central site).
  There is a website accessed via HTTPS by all the remote sites. This specific website is hosted within the main site.
  For only a specific branch office (remote site) we want to enable SSL optimization for this specific website.
  I saw this great and useful doc, but I still have some concerns.
  https://supportforums.cisco.com/docs/DOC-16452
  Basically, according to I see, I should do the following if I want to enable SSL optimization with the entire environment:
  - export the certificate and keys;
  - enable secure store in the central manager;
  - In the remote and core WAE, Check "initialize CMS secure store" and "Open CMS Secure Store";
  - In the core WAE, import the CA certificate (upload PEM file);
  - In the core WAE, create the SSL Accelerated Service by:
      --importing the client certificate and the key;
      -- Match interesting traffic;
      -- Put the SSL Acc Service in service;
  - Finally, make sure SSL acceleration is enabled in both remote and core WAE.
  The concerns:
  I only need to enable SSL optimization for a specific location accessing a specific website.
  Should the steps above work fine If I enable the SSL service for this specific website in the core WAE and enabling secure store only in a single remote site (brach office)?
  how will the other remote locations behave?
  Will they access the website normally with no SSL optimization even passing thru the core WAE?
  What about the other SSL sites which have no certificate? They will be treated as normal HTTPS with no optimization, right?
  If the site uses proxy, will any flow be impacted?
  If the steps above do not fit my case, how can I configure SSL optimization for only one remote WAE?
  Thanks in advance.
  importing  the client certificate and key (client.crt and client.key exported from  the Web server - See more at:  https://supportforums.cisco.com/docs/DOC-16452#sthash.3BKz05zU.dpu

• Import fails with: ... cannot be overwritten as the id and name mismatch.

  We have a test and a production environment with portal 9.0.2.2.14A.
  We Use the exp/imp utilities to publish our portal.
  In the test env we dropped and re-created a corrupted dynamic page.
  When importing this component in the prod env we have the following message:
  Checking for type = DYNAMIC Name = MENU_PAGINE Id = 4867642631 ...
  MENU_PAGINE cannot be overwritten as the id and name mismatch.
  Import of MENU_PAGINE will fail.
  We cannot drop this component because we don't find it with the Navigator (I think that the previous import didn't create it correctly because of the corruption in the test env).
  Can anyone help me?

  Any component created wil have information gets stored in the tables wwv_modules$,wwv_module_details$,wwapp_application$
  Try to find the module_id of the dynamic page created, and delete it from all the 3 tables.

• WAE and WAVE

  Hi all, just wonder what is the difference between wide area application engine (WAE) and wide area virtualization engine (WAVE)? I read the data sheet for WAE and WAVE, both stating they provide :
  • Improve employee productivity by enhancing the user experience for important business applications delivered over the WAN
  • Reduce the cost of branch-office operations by centralizing IT resources in the data center and lowering the cost of WAN bandwidth
  • Increase IT agility by reducing the time and resources required to deliver new IT services to the branch office
  • Simplify branch-office data protection for regulatory compliance purposes
  Really appreciate if anyone can explain to me about it.
  Thanks

  Hi Lieu,
  The are some key differences.. for example:
  -WAVE 574 and WAE 674 support virtual blades and WAE 512 and WAE 612 don't
  -WAE 674 can support 8 inline ports ( using 2 4-port inline cards) and WAE 612 supports only 4ports.
  -WAVE 574 and WAE 674 has better hard drive redundancy..etc
  if you are working on a project that requires detailed info I suggest to contact your Cisco Account Manager or Cisco Partner  as it is critical to choose the right device depending on your topology, applications, number of users..etc
  cheers!

• MF8580 prints two pages, then gives paper size and settings mismatch error. Help!

  Hello, I have been dealing with this problem for weeks now. When i called support, they told me it was my computer, that it was "running slow" and that i need to pay for their service - that fixing errors in my registry would fix the problem. However, i have my own registry cleaner and that isnt the problem. Every time i print something, the printer will print the first two pages, and then beep, giving me the error "paper size and settings mismatch Drawer 1" - I have everything set to letter - in the driver, on the printer, etc. I do nto understand why it prints two pages and then tells me there is a mismatch. If i open and close the drawer, it will print the second page again and then the third page, and give me the same error again. rinse and repeat. This also happens when multiple documents are spooled. I send three - one page documents, it will print the first and second, give me the error, i open and close the paper drawer 1, then it prints document two and three - then gives me the same error - i open and reclose and it prints the thrid document... I am just baffeled.  

  Hi!
  To ensure the most accurate information is provided, we will need to know the version of Windows or Mac in use. Also, we wanted to mention that it sounds like the number you reached was not an official Canon support number, as we do not charge for support.  If this is a time-sensitive matter, our US-based technical support team is standing by, ready to help 24/7 via Email at http://bit.ly/EmailCanon or by phone at 1-800-OK-CANON (1-800-652-2666) weekdays between 10 AM and 10 PM ET (7 AM to 7 PM PT).
  Thanks and have a great day!

• WAAS and WCCP - looping packet detected

  Hi,
  Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
  I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
  For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
  The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
  Any advise?

  no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
  LOOPING PACKET DETECTION:
  from router console
  Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
  src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
  in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
  options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
  Router configuration:
  ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
  interface Loopback0
  ip address 132.242.11.18 255.255.255.255
  h323-gateway voip bind srcaddr 132.242.11.18
  interface GigabitEthernet0/0.83
  description << data vlan 83 >>
  encapsulation dot1Q 83
  ip address 153.61.83.3 255.255.255.192
  ip helper-address 192.127.250.22
  ip helper-address 149.25.1.182
  no ip proxy-arp
  ip wccp 61 redirect in
  standby 83 ip 153.61.83.1
  standby 83 priority 200
  standby 83 preempt
  standby 83 track Serial0/1/0:0.99 100
  interface GigabitEthernet0/1
  description << WHQ LAB CE connection >>
  ip address 153.61.83.65 255.255.255.192
  load-interval 30
  duplex full
  speed 100
  ip access-list standard remote-waas-box
  permit 153.61.83.70
  ip access-list extended REDIRECT-WAAS-SUBNETS-61
  permit ip 153.61.83.0 0.0.0.63 any
  WAE configuration:
  device mode application-accelerator
  primary-interface GigabitEthernet 1/0
  interface GigabitEthernet 1/0
  ip address 153.61.83.70 255.255.255.192
  no autosense
  bandwidth 100
  full-duplex
  exit
  wccp router-list 1 153.61.83.65
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  wccp slow-start enable

• WAAS and WCCP question

  Is it possible to transition between two different WAAS appliances if using WCCP redirection? Currently I'm using a WAVE 274 and want to migrate to a recently installed NM-WAE-522.  WCCP is currently being used to redirect traffic to the WAVE.  Can I simply add the WAE to the WCCP config and then remove the WAVE?

  Does it matter that they are in the same subnet or not? The NM-WAE-522 is obviously on the same subnet as one of the router interfaces, but the WAVE-274 is actually on a different subnet off of our 6509.  I thought I remembered reading that it was at least recommended that WCCP devices be on the same subnet for load balancing, but I'm guessing it doesn't matter as I'm using L3 GRE redirection.

• Using WAVE-7371-K9 with inline and WCCP Interception together

  Hi guys,
     I have an WAVE-7371-K9 with WAE-INLN-4CG.
     Is there any way to use both modes inline (in-path) and WCCPv2 Interception at the same time in this appliance ?
     I think you can use just one mode (in-path or off-path), but I wanna confirm that
     Thanks in Advanced
     My Best Regards,
     Andre Lomonaco

  hi lomonaco
  yes ahsan, is Right, you can use only one interception method, Either WCCP or INLINE, But For INLINE Feature you need Inline Card which got Supported in Your Device.
  Also There is NO Need To have Same Interception Method to be used if you are Using Waas Devices in Two or more Branches.
  Thanks
  A.Dixit

• WAAS and WCCP router selection

  Hi
  Is there some information about that how much of wccp traffic can be handled by different model of routers?
  I'm not looking for throughput report like Process\CEF switching per routers but I would like to see some info about wccp treshold on each models, what's the maximum amount of redirected traffic what the router can handle?
  thanks

  no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
  LOOPING PACKET DETECTION:
  from router console
  Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
  src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
  in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
  options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
  Router configuration:
  ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
  interface Loopback0
  ip address 132.242.11.18 255.255.255.255
  h323-gateway voip bind srcaddr 132.242.11.18
  interface GigabitEthernet0/0.83
  description << data vlan 83 >>
  encapsulation dot1Q 83
  ip address 153.61.83.3 255.255.255.192
  ip helper-address 192.127.250.22
  ip helper-address 149.25.1.182
  no ip proxy-arp
  ip wccp 61 redirect in
  standby 83 ip 153.61.83.1
  standby 83 priority 200
  standby 83 preempt
  standby 83 track Serial0/1/0:0.99 100
  interface GigabitEthernet0/1
  description << WHQ LAB CE connection >>
  ip address 153.61.83.65 255.255.255.192
  load-interval 30
  duplex full
  speed 100
  ip access-list standard remote-waas-box
  permit 153.61.83.70
  ip access-list extended REDIRECT-WAAS-SUBNETS-61
  permit ip 153.61.83.0 0.0.0.63 any
  WAE configuration:
  device mode application-accelerator
  primary-interface GigabitEthernet 1/0
  interface GigabitEthernet 1/0
  ip address 153.61.83.70 255.255.255.192
  no autosense
  bandwidth 100
  full-duplex
  exit
  wccp router-list 1 153.61.83.65
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  wccp slow-start enable

• WAE-674 WCCP with 3725 router

  Hello all,
  This is a new install, I am trying to bring up a WAE-674 box at one my remote sites with 2 routers (a 3725 and a 2621) at this remote site and I am using WCCP for traffic redirection. I am having an issue with WCCP on the 3725 router, for some reason when I enable the command "IP wccp 62 redirect in" under the WAN serial interface I suddenly can no longer telnet to the fastethernet interface on the router but I can still ping it and still able to telnet to the loopback interface. And I have no issue with WCCP on the other 2621 router with the same config setup.
  Has anyone run into this issue before ? I appreciate any feedbacks on this !!!!
  I am running IOS version 12.3(14)T7 on the 3725 router and WAAS software version 4.1.1c
  Thanks in advance !!
  Danny

  You will want to explore CSCsg30875 to see how it applies to your installation
  CSCsg30875 wccp blocking telnet to router
  Since 12.3T is EOL, it probably was not tested and may or may not exist in that Cisco IOS track.
  End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.3T
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/prod_bulletin0900aecd803a0ffe.html
  Thank You,
  Dan Laden

• WAE and N7K issue

  Issue Details- WAAS Optimizers were not optimizing traffic between two locations, drastically dropping performance on FTP connections and also seeing disconnection WAE from CM.There is somthing which is being pushed from CM that causing WCCP disconnect but not sure about it.
  Jun 14 01:58:46 APDC4R10-NWAE02 wccp: %WAAS-WCCP-5-500024: Removing router 0.0.0.0 from router table.
  Issue is sporadic in nature, SR has been open and TAC has given action plan when issue come again but, i am sure same issue happened earlier somewhere and solution must be in place rather reactive approch to wait for issue to come.
  Appreciate if any one has already know the solution on this.
  Tkx

  Hello Kiran,
  Because your  WCCP tunnel is going randomly down, I  believe this is  either  a design issue or a WCCP configuration  problem.
  Because is randomly  happening  is hard to run captures at the same time of failure but we can still review the captures when it is actually working.
  There are four WCCP V2 messages:
     * Here I AM
     * I See You
     * Redirect Assign
     * Removal Query
  Each WCCP message comprises a WCCP Message Header followed by a number of message components, for example if the length value  or any  component header is not set as expected one might expect to see WCCP errors.
  here are Nexus WCCP compatibilities notes:
  -Assignment methods supports only mask assisments. this is the  same as saying that the Nexus and the WAAS device are L2 connected and  should be properly configure to run mask assigments .. not hash.
  -In addition any packets being " bypass return" should  go via L2.
  -Packet egress redirection goes via IP forwarding and negotiated L2 return as well.
  -WCCP GRE return is not supported, WCCP GRE  redirection is not supported
  It will be nice if you  upgrade to a newer WAAS version  you're  about 30 versions away from the latest one, there  have been many open/fix caveats for WCCP/WAAS previous codes, in   addition to the enhacements you're missing.
  good luck,

• 3750 and WCCP

  Hi all
  We have a cisco network and in our smaller branch offices, are using 3750 L3 switches as the core. From this switch, we are running WCCP to a pair of WAE-674 WAAS appliances.
  This is all working well, and redirection is occuring in hardware on the 3750 (running 12.2(52))
  I think I know the answer to this question, but would like validation.
  If we apply a redirect list to the WCCP statement in the 3750, and then put a deny in the corresponding ACL, will this deny statement be processed in hardware, or punted to the cpu? My feeling is processed software, but haven't found a rock solid cisco dodument to confirm.
  thx in advance
  Michael

  Michael,
     Considering you are running latest code, deny statement will be processed in Software, if ACL is large and has lot of hits, then you may see CPU issues on the switch. Thanks
  Ahsan

• GR and IR mismatch report

  Hello Team,
  Please let us know any standard report for we can run to view GRIR mismatch but the IR and GR quantity is already equal and the IR and GR price has mismatch.
  Regards
  SANGEETHA

  Hi,
  it is not solution, what i am sating GR QTY 10  amount value 1000 rs and IR Qty 10 but amount value is 950. Theeir is differenece between GR amount value and IR amount value.
  Is their any standard report to check list of po's difference between GR and IR quanity match and amount value is not match.
  Regards
  Sangeetha