WCCP Multivendor Group

Hello,
I'm trying to build a WCCP service group with a CE500 ACNS 5.2.3,
Cisco Router with 12.2.8T5 and
CE BlueCoat ProxySG 3.2.4.8,
At this time the router can build the service just with one of them, but not with both.
Do you know if there is some restriction to form this multivendor service group in order to do load-balancing?
Your responses will be greatly appreciated...
Erick

Thanks for your response,
As Release notes http://www.cisco.com/en/US/products/sw/conntsw/ps491/prod_release_note09186a008034fc5d.html appoints:
"Because of these enhancements, receivers using ACNS 5.2 software cannot interact with senders using ACNS 5.0 or 5.1 software. The ACNS 5.2 multicast receiver will ignore files sent from an ACNS 5.0 or 5.1 multicast sender. However, an ACNS 5.2 multicast sender can interoperate with ACNS 5.0 or 5.1 multicast receivers because the software detects the lower software version and disables the checkpoint feature. Therefore, we recommend that you upgrade your multicast sender to ACNS 5.2 software first and then upgrade your receivers to ACNS 5.2 software"
After reading this note, I have open this case, please note that I'm dealing with a CacheFlow running another operating system not ACNS and I hope to add my Cisco ACNS CE to his group.
Regards,
Erick

Similar Messages

  • WAAS, wccp service groups and DC/Branch deployment

    Hi,
    I have two design queries relating to wccp service groups and WAAS in DC and branch deployments.
    Firstly, lets say at the DC end I use wccp service 61 (source address) on the WAN interface of my edge-layer switches. I configure the L3 interfaces on the same switches (connecting to the LAN side) to use use wccp service 62 (destination address). The WAEs are using L2 at the edge layer; with masking etc.
    I've read that at the branch office you need to 'reverse' the service group setup - so that if I have the same sort of setup at the branch using 3750s and WAEs then the WAN interface should be using wccp service 62 and the LAN side using wccp service 61.
    If I assume that is correct, then how does this affect things when two branches are communicating with each other (and they are both setup the same) - will be waas not be effective in this scenario? (Assume that the DC waas does not see any branch-to-branch communication).
    What happens if you have a consistent design across your network (61 on WAN, and 62 at LAN interfaces across all WAAS sites)?
    Secondly, when using L2 wccp redirection and masking; do most deployments leave the mask as default (0x1741)? I'm thinking that in some situations it might be better to have an entire geographic location covering a few branches being sent to the same DC end WAE. For example, I might want everyone on a /24 subnet in one branch to be using the same WAE/dre cache at the DC; rather than the possibility of duplicate dre caches on DC end WAEs service the same branch subnet (I realise that redundancy might be an advantage should one DC WAE fail).
    Is there a table/calculator somewhere that can work out what mask I could use to cover /24 or /22 or even /16 subnets to direct requests to the same WAE at the DC?
    Thanks
    Cameron

    Cameron,
    Excellent questions. Rule of thumb is to use source IP based load balancing, so in the branches 61/LAN - 62/WAN and in the DC 61/WAN and 62/LAN. That being said, if there is some site to site traffic at the edges, you may get some splitting, however, unless there is enough traffic to make it a "mini-dc", changing the services around is generally a wash. Also, if you only have a single WAE at the edge, it won't matter either.
    On the mask, default mask is definitely not desirable. I generally use Calc and convert my desired Mask from Binary to Hex. The following examples are assuming 4 bit masks, but you can use from 1 up to 6 or 7 max bits if you need more buckets.
    If you are looking to group /24, you could be 0xF00 or similar.
    If you are looking to group /22, use 0x3C00 or similar
    When calculating your mask, don't put your bits in the host bits, only in the network bits. Also, remember that the leftmost bit is usually the decision maker, so don't make it too far to the left or all your traffic will be on one WAE. The less WAEs in your WCCP cluster, the less bits you should use in your mask (allow some extras for fault tolerence).
    Hope that helps,
    Dan

  • WAAS / WCCP service groups / L2 adjacencies

    Hi all,
    I'm having trouble finding a definitive answer on this one. I'm working on a WAAS deployment in a network with asymmetric routing. I want to deploy WAAS accelerators at two geographically dispersed data centre sites (head end). Do the WAAS boxes themselves need to be L2 adjacent with each other in this configuration? i.e. can the service group consist of two routers (one at each DC) and two WAEs (one at each site), with routed links between the DCs (WAEs in separate IP subnets)?
    Something like:
    - two routers (rtr-A, rtr-B)
    - two WAAS accelerators (waas-A, waas-B)
    - rtr-A and waas-A are L2 adjacent and use WCCP w/L2 redirection
    - rtr-B and waas-B are L2 adjacent and use WCCP w/L2 redirection
    - rtr-A and waas-B are not L2 adjacent and use WCCP w/GRE redirection
    - rtr-B and waas-A are not L2 adjacent and use WCCP w/GRE redirection
    Here's a quick diagram:
    http://i4.tinypic.com/62nhf5u.jpg
    (all links are L3/routed)
    cheers!

    Dale,
    There is no requirement for the WAE's to be L2 adjacent to each other. Note that the WCCP Forwarding Method is negotiated per Service Group -- so it can either be L2 or GRE. Based on your description, you would want to use GRE Forwarding.
    Regards,
    Zach

  • WCCP src group & redirect/return method

    Has anyone here implemented 3rd party WAN optimization such as Bluecoat or Riverbed w/ WCCP?
    What service groups and redirect/return methods did you use, and on which Cisco switch/router platforms?
    I'd like to know what works, and what doesn't...
    It looks like you generally use service group 61 & 62 to redirect all TCP traffic to WAAS, based on source/destination IP's.
    Do those two service groups also work w/ 3rd party devices?
    If they don't, do I just pick some random service groups, other than the well known ones?
    How would the switch/router know what traffic to redirect, if no redirect-list is used?
    The Networkers' wccp presentation slides say if GRE is to be used w/ 6500's, generic GRE needs to be used instead of WCCP GRE.
    Where would you configure what type of GRE is used, within WAAS?
    Does anyone know if such setting exists on 3rd party devices?
    Our Bluecoat SE isn't even aware of two different versions of GRE, and neither was I, before I watched the Networkers session.

    Hi,
    I know with Riverbed you can use wccp 61/62 as well. I don't have experience with other vendors though.
    The router knows what to redirect based on the WCCP service number. It can be a well-known service or a custom service where you define what to redirect directly on the optimizer/web-cache device. The redirect list is only used to further limit what is redirected.
    In h/w forwarding platform WCCP GRE is handled in s/w, this is why using generic GRE is suggested. On WAAS you can configure it using "egress-method generic-gre intercept-method wccp"
    For more details check the "Egress Method" section in the following doc:
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
    Here you have WCCP redirection method supported and suggested for different Cisco platforms:
    http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html
    hope this helps,
    Fabrizio

  • Wccp service groups query

    Hi Experts,
    I am trying to understand how wccp service redirect determines when to and not to redirect traffic.
    Given the below:
    Router
    int gi0/0 ---> inside lan interface
    int gi1/0 ---> WAE connected interface with redirect exlude in
    int s0/1 ---> WAN interface
    ip wccp 61 redirect out
    ip wccp 62 redirect in
    From what i've understood so far, traffic coming from a client will enter the inside interface and hit the serial interface and given the redirect 61 statement will be redirected to the WAE via int gi1/0. After the WAE optimizes the traffic, it sends it back to the router and the packet then makes it way out the serial interface to a remote destination where another WAE is set.
    My question is, does the WAE tag the optimized traffic that when it reaches the serial interface of the router, wccp of the router sees this and does not redirect it back to the WAE?
    Thanks in advance.

    The wccp redirect exclude in configured on the WAE connected interface (gig 1/0 in your example) is what tells the router to not redirect the traffic coming from the WAE on this interface.
    Regards,
    Mike

  • Help with EEM TCL / CLI scripting for re-direction/wccp counters

    Being new with EEM scripting I wanted to see if I was on the right track and get some help to finish my idea.
    Our problem I am trying to fix is our remote sites utilize pairs of Cat3650's for some routing and WCCP redirection.  We are encountering ACL denial issues causing slow down and access issues.  The fix for the issue we remove the WCCP service groups to break peering with our wan optimizers and re-insert the configuration thus re-establishing peering and restoring service.
    My idea is to use a TCL scipt on a watchdog timer to parse the "sh ip wccp | inc denied (or unassign)" output for denial and unassignable error counters.  If a counter is found I wanted to create a syslog message that would then kick off a simple EEM CLI script to remove the service groups, wait 10 seconds, then re-add the service groups.  Please point me in the right direction if I am off track as I am not sure if I can use the EEM CLI for all this or since I want to retreive specific info from the sh ip wccp output if I do need to utilize TCL.  I am also unsure if the "total denied" ascii string pulled via the "sh ip wccp | inc denied" will cause issues when attempting to just pull the counter information.
    sh ip wccp | inc Denied Red
            Total Packets Denied Redirect:       0
            Total Packets Denied Redirect:       0
    Script thus far :
    TCL
    if [catch {context_retrieve "EEM_WCCP_ERROR_COUNTER" "count"} result] {
    set wccpcounter 0
    } else {
    set wccpcounter $result
    } if [catch {cli_open} result] {
    error $result
    } else {
    array set cli $result
    } if [catch {cli_exec $cli(fd) "show ip wccp | incl Denied"} result] {
    error $result
    } else {
    set cmd_output $result
    set count ""
    catch [regexp {receive ([0-9]+),} $cmd_output} ignore count]
    set count
    set diff [expr $count - $wccpcounter]
    if {$diff != 0} {
    action_syslog priority emergencies msg "WCCP counters showing incremental Denied packet counts"
    if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result
    context_save EEM_WCCP_ERROR_COUNTER count
    CLI
    event manager applet WCCP_COUNTER_WATCH
    event syslog priority emergencies pattern "WCCP counters showing incremental Denied packet counts"
    action 001 cli command "enable"
    action 002 cli command "config t"
    action 003 cli command "no ip wccp 61"
    action 004 cli command "no ip wccp 62"
    action 005 wait 10
    action 006 cli command "ip wccp 61"
    action 007 cli command "ip wccp 62"
    action 008 wait 15
    action 009 cli command "clear ip wccp"
    action 010 cli command "end"
    Thanks for all the help

    This won't work as EEM cannot intercept its own syslog messages.  However, I'm not sure why you need this form of IPC anyway.  Why not just make the Tcl script perform the needed CLI commands?
    And, yes, you could use all applets here.  But since you've written the hard stuff in Tcl already, it might be best just to add the missing calls to reconfigure WCCP to that script.

  • C3750 & WCCP redirection

    Hi all,
    I am trying to setup a web cache using a WAE-612 and a C3750 switch. The switch is configured with three interfaces:
    CLIENTS ----- VLAN 1 ----- SWITCH ----- GI1/0/1 routed ---- SERVER(s)
            WAE-ENGINE ---- VLAN2--|
    I have configured inbound redirection on vlan 1 and inbound redirection on gi1/0/1
    ip wccp web-cache redirect in
    I am using L2 redirect & L2 return & my state is "enabled":
    Switch#show ip wccp web-cache detail
    WCCP Client information:
            WCCP Client ID:          10.101.2.202
            Protocol Version:        2.0
            State:                   Usable
            Redirection:             L2
            Packet Return:           L2
            Packets Redirected:    0
            Connect Time:          02:24:08
            Assignment:            MASK
    First, the "packets redirected" counter doesn't increment, is this normal (maybe due to hardware redirection ?)
    Second, i am seeing HTTP GET requests from my clients going to my WAE-engine and i am also seeing the WAE-engine sending them back to the switch (changed mac address, L2 redirection)
    Third, my  cache savings are 0 %
    Fourth, i don't see any traffic returning into the WAE-engine. How can the WAE cache traffic if he never sees the server return traffic ?
    Fifth, i have "spoof client ip" enabled on the WAE (need this for security reasons, web server verifies source ip address)
    Now i am thinking it is logical that my cache savings are 0% . The web-cache service group redirects port 80 packets and the switch supports only "inbound" direction. This means that the switches never redirects the ANSWER of the server,so how on earth can it ever "cache" the response ?
    Am i correct or am i wrong ? How to solve it ?
    Should i use different WCCP service groups on the interfaces (for example: based on source ip redirection, the other on destination ip redirection)
    PS. I am running 12.2(44)SE6 on the switch and 5.5.9.B9 on the WAE
    regards,
    Geert

    Hi Geert,
    With L2 redirection 'packets redirected' counter won't increment since its Hardware redirection. You might want to
    check on WAE counter 'Transparent non-GRE packets received:' by running 'show wccp gre'
    With wccp ip-spoofing enabled, requests will be sent to web server with Clients IP address. So yes you will need
    to configure WCCP to catch return traffic coming from web server to be redirected to WAE.
    To redirect return traffic you will need to configure WCCP Dynamic Service group ,
    By default web-cache service will Mask on Destination address. Since we need to make sure return traffic is sent to
    same WAE as forwarding traffic, we need to Mask return traffic on Source IP address.
    This will config Service group 95 and it will Mask on Source IP which will be Webservers IP address
    wccp service-number 95 mask src-ip-mask 0x1741 dst-ip-mask 0x0 
    wccp service-number 95 router-list-num 1 port-list-num 1 application cache l2-redirect mask-assign l2-return
    wccp version 2
    wccp spoof-client-ip enable
    You will then need to enable 'ip wccp 95 redirect in' on the WAN interface.
    Hope this helps,
    Best Regards,
    Rahul

  • WCCP redirect on 4507 to ironport

    I am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out what I'm doing wrong here!
    ip wccp web-cache group-list IRONPORT-GROUPLIST
    ip wccp source-interface GigabitEthernet2/24
    Interface Vlan160
    ip address 10.10.16.1 255.255.254.0
    ip wccp web-cache redirect out
    ip access-list IRONPORT-GROUPLIST
    permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
    On the ironport I setup web-cache under transparent redirection and provided the IP address I used to source from above (GigabitEthernet2/24). Here is the output I get on the 4507:
    10CSW-LAN1#sh ip wccp web-cache
    Global WCCP information:
        Router information:
            Router Identifier:                   10.11.1.9
            Configured source-interface:         GigabitEthernet2/24
            Protocol Version:                    2.0
        Service Identifier: web-cache
            Number of Service Group Clients:     1
            Number of Service Group Routers:     1
            Total Packets Redirected:            0
              Process:                           0
              CEF:                               0
              Platform:                          0
            Service mode:                        Open
            Service Access-list:                 -none-
            Total Packets Dropped Closed:        0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   IRONPORT_GROUPLIST
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total GRE Bypassed Packets Received: 0
              Process:                           0
              CEF:                               0
              Platform:                          0
    Here is the debug output:
    2w3d: WCCP-EVNT:Process: Start V2 (138)
    2w3d: WCCP-EVNT:Successfully opened UDP socket
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
    2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
    2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
    2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
    2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
    2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
    10CSW-LAN1(config)#
    2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
    2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
    2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
    2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: setting up wc mask assignments
    2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
    2w3d: WCCP-EVNT:S0: copy blank current info
    2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
    10CSW-LAN1(config)#
    2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5
    2w3d: WCCP-EVNT:Process: Start V2 (138)
    2w3d: WCCP-EVNT:Successfully opened UDP socket
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
    2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
    2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
    2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
    2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
    2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
    2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
    10CSW-LAN1(config)#
    2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
    2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
    2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
    2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: setting up wc mask assignments
    2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
    2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
    2w3d: WCCP-EVNT:S0: Building new router view
    2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
    2w3d: WCCP-EVNT:S0: copy blank current info
    2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
    2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
    2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
    10CSW-LAN1(config)#
    2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
    10CSW-LAN1(config)#
    2w3d: WCCP-EVNT:S0: updating wc orig assign info
    2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
    2w3d: WCCP-EVNT:S0: wc assignment validated
    2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

    I would recommend doing the following. Also feel free to call into the ironport support line. It is listed at the bottom of the page.
    Change the wccp service to service-number 90
    Try to redirect inbound traffic not outbound traffic.
    Set Load-balancing to mask
    Set forward method to L2
    Set return method to L2
    ip wccp 90 group-list IRONPORT-GROUPLIST  <- Set the wccp service-number
    ip wccp source-interface GigabitEthernet2/24
    Interface Vlan160
    ip address 10.10.16.1 255.255.254.0
    ip wccp 90 redirect out  <- Set the WCCP Service-number try to redirect inbound traffic
    ip access-list IRONPORT-GROUPLIST
    permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
    Below is an example of how you should setup your ironport for a customer service number. Place the port numbers that you want to redirect.
    Christian Rahl
    Customer Support Engineer                      
    Cisco IronPort - Web Security Appliances
    Cisco Technical Assistance Center RTP
    United States Ironport: 1-877-641-IRON (4766)

  • WCCP assignment method mismatch

    Hi all,
    I am using a Cisco 3825 running 12.4(25G) code. I just upgraded my WAE (oe674) to 5.1.1c.
    The WAE and router wouldnt peer due to assignment method mismatch when i do a show wccp router.
    Router Information for Service Id: 61
            Routers Seeing this Wide Area Engine(0)
                    -NONE-
            Routers not Seeing this Wide Area Engine
            10.204.28.1     - Assignment Method Mismatch
            Routers Notified of from other WAE's
                    -NONE-
    Router Information for Service Id: 62
            Routers Seeing this Wide Area Engine(0)
                    -NONE-
            Routers not Seeing this Wide Area Engine
            10.204.28.1     - Assignment Method Mismatch
            Routers Notified of from other WAE's
                    -NONE-
    The WAE is configured as follows:
    wccp router-list 1 10.204.28.1
    wccp tcp-promiscuous service-pair 61 62
    router-list-num 1
    assignment-method mask
    password ****
    redirect-method gre
    egress-method wccp-gre
    enable
    exit
    wccp flow-redirect enable
    When i changed the assignment method to hash, everything worked. I believe Cisco 3825 should support Mask.
    Any advice?

    Hi Leonardo,
    Did you try disabling wccp on router as well as WAE and re-enable it on router and then WAE and see if that makes a difference? If you have already done that and since as per documentation MASK assignment is supported in version you are running on router and it was working prior to upgrade, i would suggest capturing WCCP communication i.e HIA and ISU and opening a TAC case for further investigation. Did you follow the procedure as suggested in release notes during upgrade?
    WCCP Interoperability
    Central Managers running Version 5.1.1x can manage WAEs running software Versions 4.2.1 and later. However, we recommend that all WAEs in a given WCCP service group be running the same version.
    Note All WAEs in a WCCP service group must have the same mask.
    To upgrade the WAEs in your WCCP service group, follow these steps:
    Step 1 You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:
    Router(config)# no ip wccp 61
    Router(config)# no ip wccp 62
    Step 2 Perform the WAAS software upgrade on all WAEs using the WAAS Central Manager GUI.
    Step 3 Verify that all WAEs have been upgraded in the Devices pane of the WAAS Central Manager GUI. Choose Devices to view the software version of each WAE.
    Step 4 If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same WCCP mask value.
    Step 5 Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:
    Router(config)# ip wccp 61
    Router(config)# ip wccp 62
    Release notes for your reference.
    http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v511/release/notes/ws511xrn.html#wp151010
    Regards,
    Kanwal

  • Is it okay to use different service group numbers?

    A new deployment of vWAAS in a DC connected to a Cat 6509 with existing WCCP redierection from an old WAAS deployment on that switch using service groups 61 and 62. I have researched service group numbers but only find a handful and want to ask the community if there are any issues using service groups 51 and 52, or 71 and 72 for this new deployment.
    Thanks, Karl

    Hi Karl,
    Service groups 61 and 62 are tcp promiscous groups and will redirect all TCP traffic. Also, in case of the wccp web-cache , this is going to redirect all the traffic from TCP port 80 from routers to Cisco Cache/ACNS devices. Other Custom WCCP services c will use custom wccp number (90 - 97) . So if you want to redirect port 8080 you can use custom WCCP service group.
    Some of the well known service groups are listed below and you can use which ever you want according to your requirement.
    Service Name
    Service Number
    Protocol
    Port
    Priority
    web-cache
    0
    tcp
    80
    240
    dns
    53
    udp
    53
    202
    ftp-native
    60
    tcp
    200
    tcp-promiscuous
    61
    tcp
    34
    tcp-promiscuous
    62
    tcp
    34
    https-cache
    70
    tcp
    443
    231
    rtsp
    80
    tcp
    554
    200
    wmt
    81
    tcp
    1755
    201
    mmsu
    82
    udp
    1755
    201
    rtspu
    83
    udp
    5005
    201
    cifs-cache
    89
    tcp
    139, 445
    224
    custom
    90
    220
    custom
    91
    221
    custom
    92
    222
    custom
    93
    223
    custom
    94
    224
    custom
    95
    225
    custom
    96
    226
    custom
    97
    227
    custom-web-cache
    98
    tcp
    80
    230
    reverse-proxy
    99
    tcp
    80
    235
    Regards,
    Kanwal

  • WCCP not working

    Hi, 
    I have issued these commands in my ASA 5520 to activate WCCP to redirect web traffic from a PC with IP 192.168.120.6 to a McAfee Web Gateway with IP 10.250.2.33:
    access-list wccp-servers extended permit ip host 10.250.2.33 any
    access-list wccp-traffic extended permit ip host 192.168.120.6 any
    wccp 51 redirect-list wccp-traffic group-list wccp-servers password aspirina
    wccp interface INSIDE_IF_FWSM 51 redirect in
    We are seeing traffic in the WCCP statistics in ASA:
    Global WCCP information:
        Router information:
            Router Identifier:                   19X.5X.12X.9X
            Protocol Version:                    2.0
        Service Identifier: 51
            Number of Cache Engines:             1
            Number of routers:                   1
            Total Packets Redirected:            906
            Redirect access-list:                wccp-traffic
            Total Connections Denied Redirect:   0
            Total Packets Unassigned:            10
            Group access-list:                   wccp-servers
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0
    However, the PC can't access the internet. Moreover, in the MWG we don't see GRE traffic.
    Thanks in advance.

    Though this is in the wrong forum, maybe I can help.  Can you do 'show wccp 51 detail' ?  Did you already do a packet capture on your proxy?  What are you seeing there?
     

  • ASR1002 throughput degradation when wccp redirect-list is changed

    We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
    Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
    At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
    As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.

    Thank you very much for sharing that information.  It is great to hear verification that the mask assignment change did resolve your problem.   That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time.   We've been told that TAC will set this up in a lab and test for us by our Cisco SE.  We're hoping to get verfication that this actually resolves the problem before we take the outage.   
         If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment?    We may also need to implement this in our redirects to BlueCoat from our Nexus.  Do you happen to have a link to how to make this change in Bluecoat?   Thanks again!

  • Configure WCCP on a 4510 switch

    I have to configure an instance of a WCCP on a 4510 switch and I have to admit  have read the examples given by Cisco but dont have understanding of the example config
    Router(config)#
    ip wccp web-cache group-address 224.1.1.100 password alaska1
    I have attached the config in question above and could someone please clarify what the group address  224.1.1.100 is ?
    Many Thanks
    Mark

    Now I have used what you say which is
    ip wccp 99 group-list websense_proxy (Proxy server) but it does not give the option to create redirect list and this is the out put of sh ip wccp
    Service Identifier: 99
            Number of Service Group Clients:     0
            Number of Service Group Routers:     0
            Total Packets s/w Redirected:        0
              Process:                           0
              CEF:                               0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   websense_proxy
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0 Service Identifier: 99
            Number of Service Group Clients:     0
            Number of Service Group Routers:     0
            Total Packets s/w Redirected:        0
              Process:                           0
              CEF:                               0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   websense_proxy
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0

  • VRF Aware WCCP !!!!!! PLEASE!!!!!!

    I am looking for a forcast of when WCCP will have VRF support. Head-End scalability is pretty tough to achieve with out it. ywa I can stack WAE's ( up to 32) in a WCCP service group but if the Edge WAE's are in A VRF, it breaks.
    Any Ideas?

    The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.
    It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.
    at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in
    Kindly find here GRE Tunnel with VRF Configuration Example:
    http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
    I have gotten as far as the WAE registering the router:
    "WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.
    WCCP configuration for TCP Promiscuous succeeded.Please remember to
    configure WCCP service 61 and 62 on the corresponding router."
    wae01#sh wccp router
    Router Information for Service: TCP Promiscuous 61
    Routers Configured and Seeing this Wide Area Engine(1)
    Router Id Sent To Recv ID
    0.0.0.0 209.1.1.1 0000022F
    The router registers the WAE as a WCCP client:
    router04#
    "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP
    client 209.1.1.2"
    "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP
    client 209.1.1.2"
    The router however cannot figure out what its ID is and does not see
    itself as a WCCP group router.
    router04#sh ip wccp
    Global WCCP information:
    Router information:
    Router Identifier: -not yet determined-
    Protocol Version: 2.0
    Service Identifier: 61
    Number of Service Group Clients: 1
    Number of Service Group Routers: 0
    Total Packets s/w Redirected: 0
    Process: 0
    Fast: 0
    CEF: 0
    Redirect access-list: ACCELERATED-TRAFFIC
    Total Packets Denied Redirect: 0
    Total Packets Unassigned: 25957
    Group access-list: -none-
    Total Messages Denied to Group: 0
    Total Authentication failures: 0
    Total Bypassed Packets Received: 0
    This is a short summary of important commands for working with VRF's.
    View the VRF instances and the associated interfaces.
    ml-mr-c6-gs#show ip vrf
    Name Default RD Interfaces
    blurvrf 100:2 Vlan215
    Vlan326
    tgvrf 100:1 Vlan132
    Vlan325
    TenGigabitEthernet1/1
    ml-mr-c6-gs#
    Show the routing table for a specific VRF.
    ml-mr-c6-gs#show ip route vrf tgvrf
    Routing Table: tgvrf
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external,
    ---More--
    Gateway of last resort is 128.117.243.57 to network 0.0.0.0
    O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325
    O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325
    172.17.0.0/29 is subnetted, 3 subnets
    O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325
    O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325
    O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325
    --More--
    Debugging should otherwise be similar to a regular switch or router.
    Final Teragrid VRF Design and Diagrams
    http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml
    Teragrid Testbed Design
    http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml
    Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
    Configuring VRF-Lite
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
    sachin garg

  • Cisco WCCP (multicast method ) with Bluecoat Implementation

    hi
    Cisco WCCP with Bluecoat Implementation  . during implemetation multicast packet not flow to other vlan interface.
    few observation .
    Cisco wccp with bluecoat proxy ( Multicast method )  - Multicast IP # 224.1.1.103 , Group 11, dense-mode
    Same Vlan  its working ( user and Proxy SG )
    Different Vlan not working ( user Vlan 10 and server Vlan 20 )
    sample configuration :
    ip multicast-routing
    ip wccp 11 group-address 224.1.1.103 redirect-list 103
    sh ip access-lists 103
    Extended IP access list 103
        40 permit tcp 10.10.10.0 0.0.0.31 any eq 443
        50 permit tcp 10.10.10.0 0.0.0.31 any eq www
        60 permit tcp 10.10.10.0 0.0.0.31 any eq ftp
        70 deny ip any any
    interface Vlan10 description "AP_User_Range"
     ip address 10.10.10.0 255.255.255.0
     ip helper-address 10.10.20.100
     ip wccp 11 redirect in
     ip wccp 11 group-listen
     ip pim dense-mode

    Dear Jon,
    After changes the WCCP Command  ,still  WCCP not working
    but  both client and Proxy Same VLAN its working fine with Multicast mode
    interface Vlan10
     description "AP_User_Range"
     ip address 10.10.10.10 255.255.255.0
     ip helper-address 10.10.10.100
     ip wccp 11 redirect in
    interface Vlan20
     description PROXY_WAN_VLAN
     ip address 10.10.20.10 255.255.255.0
     ip helper-address 10.10.10.100
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip wccp 11 group-listen
    ip wccp 11 group-address 224.1.1.103 redirect-list 103
    sh ip access-lists 103
    Extended IP access list 103
        40 permit tcp 10.10.10.0 0.0.0.255 any eq 443
        50 permit tcp 10.10.10.0 0.0.0.255 any eq www
        60 permit tcp 10.10.10.0 0.0.0.255 any eq ftp
        70 deny ip any any
    sh ip wccp
    Global WCCP information:
        Router information:
            Router Identifier:                   -not yet determined-
            Protocol Version:                    2.0
        Service Identifier: 11
            Number of Service Group Clients:     0
            Number of Service Group Routers:     0
            Total Packets s/w Redirected:        0
              Process:                           0
              CEF:                               0
            Service mode:                        Open
            Service Access-list:                 -none-
            Total Packets Dropped Closed:        0
            Redirect access-list:                103
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   -none-
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total GRE Bypassed Packets Received: 0

Maybe you are looking for

  • File Sharing without a Network

    im trying to share files with my friend who is not on the same network as me. he is in a different college all together. what we have accomplished is sharing itunes with eachother. we had to do this through hamachi. i was wondering if anyone knew how

  • I cant get camera raw update 8.7.1 to work with lightroom 5.7 after downloading and opening zip file

    When I try to open a raw file from lightroom 5.7 I get a message that I need camera raw 8.7.1. I downloaded the update as a zip file I extracted file then went through the install wizard process but still I cant get it to work. If I go to photoshop c

  • C2 03 and C2 02 WARNING for buyers

    Hi all nokia fans and sufferers ... Recently it has been brought to my attention that all the phones with sliders and clamshells have a belt installed behind the display to convey the information. I have been told that the high end models of nokia ha

  • Lexical Parsing exception using JXQI for function in XQuery

    How to parse Xquery containing new declared namespace, functions and then use the same function to operate upon Xquery along with it..... When i try to execute that XQuery using JXQI library, i get lexical parsing exception....... i m quite new to XQ

  • Business errors in E-filing

    Hi Experts, We trying to submit e-fling , but getting some buiness errors as follows and then file is rejecting by Inland Revenue. Could someone please advise how to resolvethis. We are using SAP 4.6C with Business Connector 4.7. ===================