WCCP - no ip route-cache cef
I have the above command on the LAN interface on all of my WAN routers performing WCCP. Per this disccussion topic:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2a947
it is recommended to remove that statement. Can someone confirm if the recommendation by dstolt is accurate?
Andy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
Rgds
-Jorge
Similar Messages
-
Hi,
We have two datacenters same logical LAN.
Two ISP routers and two WAE 674 and using WCCP "egress-method negotiated-return intercept-method wccp"
See attached file.
The problem is when one of the "line" WAN interface goes down, some of the network are not reach from the LAN side and some are.
We are using BGP as routing protocol in the ISP routers.
Any suggestion for the problem?
JanHello I am from the ISP and wanted to address these issues
2. When WAN goes down and LAN remains up, your WCCP is still UP and hence, it continues to forward packets out of same WAN interface but because that interface is down, packets ultimately die / gets blackholed.
3. Another speculation is: Asymmetric routing. When WAN is down but LAN is up, you are forwarding soem traffic out of LAN but as WAN goes down, the return packets then come up on different interface and creates asymmetric routing.
On question 2 with WCCP the router would still try to send packets out the wan interface even though its down? Wouldn't the router be able to tell that routing changed to the source/dest subnets and not blindly send packets to a down interface? If not then this most likely is what happened.
Here is the WAN interface config WCCP is enabled for inbound redirection but the same for the actual data LAN interface
interface GigabitEthernet0/0
description link to PE
bandwidth 9000
no ip address
ip route-cache flow
duplex full
speed 10
media-type rj45
no cdp enable
interface GigabitEthernet0/0.22
encapsulation dot1Q 22
ip address **********omit ****** 255.255.255.252
ip wccp 62 redirect in
no cdp enable
and here is the LAN side
interface GigabitEthernet0/1
no ip address
ip access-group 113 in
ip route-cache flow
duplex full
speed 100
media-type rj45
service-policy output CE_OUT_MARK_0
interface GigabitEthernet0/1.2450
description Customer LAN
encapsulation dot1Q 2450
ip address ********* 255.255.255.224
ip wccp 61 redirect in
no cdp enable
interface GigabitEthernet0/1.2459
description Connection to customer-managed WAE Device For WCCP
encapsulation dot1Q 2459
ip address ******** 255.255.255.224
ip wccp redirect exclude in
no cdp enable
interface GigabitEthernet0/1.2460
encapsulation dot1Q 2460
ip address ******* 255.255.255.224
ip wccp redirect exclude in
no cdp enable
The sister router is configured in much the same way.
On question 3
3. Another speculation is: Asymmetric routing. When WAN is down but LAN is up, you are forwarding soem traffic out of LAN but as WAN goes down, the return packets then come up on different interface and creates asymmetric routing.
Wouldn't Asymetric routing just result in non optimized connections as it would never see the tcp option set for optimization?
We are going to run this same test this weekend and I will look at all these things but it seems as though asymetric routing would result in no optimization but not packet blockage. Regarding question 2 if wccp remains up and is black holing traffic I can see this as an issue for sure.
One last question also regarding the loopbacks and GRE return. There are distribute lists that block each router from learning the others loopback when the WAN is down. Do you think this would matter? Reason I ask is because on the Asymetric side again lets say a packet comes into router #1 via the lan and gets redirected to the WAE with source ip of the Loopback. When the Was returns the packet to the router I would think it would not need routing to the #2 routers loopback as the destination at this point would be back to the client/server. Also when the router forwards to the WAE what ip on the WAE does it use? -
Having a problem with a configuration of our guest network and our content filter (S170 IronPort). The 1841 has 3 interfaces. 0/0 is on the LAN side, 0/1/0 is connected to the Ironport, 0/1 is connected to the ISP. So we would like to redirect all traffic from the LAn interface to the Ironport and then out to the internet. For some reason with the configuration below it does not redirect the traffic. When I apply WCCP to the LAN interface it redirects but the cleints stop gettin g internet traffic. Does anyone have any expereince or ideas on how to make this work in the environment?
The ironport is 10.x.5.30 and conneted to fa0/1/0
ip wccp web-cache redirect-list https-cache
ip wccp 80 redirect-list https-cache
interface FastEthernet0/1/0
description WCCP port
ip address 10.x.5.10 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp web-cache redirect in
ip wccp 80 redirect in
no ip nat inside
ip virtual-reassembly
ip route-cache flow
exit
interface FastEthernet0/0
description $ES_LAN$$FW_INSIDE$
ip address 10.x.4.20 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
description outside$ETH-WAN$
ip address 50.x.89.145 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
no mop enabled
ip access-list extended https-cache
permit ip 10.245.4.0 0.0.0.255 any
ip route 0.0.0.0 0.0.0.0 50.x.89.150
ip route 10.0.0.0 255.0.0.0 10.x.4.1
ip route 172.16.0.0 255.248.0.0 10.x.4.1Hi Corey,
CME is not supported on the 1841 (minimum 1861)
Here's why;
Both slots on the Cisco 1841 router are HWIC slots and provide compatibility with WICs and multiflex trunk (VWICs) interface cards
(for data only).
VoIP Support
Voice-over-IP (VoIP) pass-through only
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
Cheers!
Rob -
Regarding no ip route-cache on Cisco 2960
The users have been complaining about the network is slowness , after checking each lay2 switches, I found under each vlan the no ip route-cache is configured, the module is 2960, I am not sure if the command is there by default or configured manually, it is configured under the vlan interface only, not under each interface, will this be the reason that causing the slow performance? by the way will there be downtime by removing this command?
ThanksNetwork Latency is hard to troubleshoot.
-Isolate which customers are complaining about slow services
-ID the services(is is just shared drive access or just web access or is it everything accross the board)
If its the entire network, you probably have issues at the core or backbone so start looking for something that changed or is not meshing with the original design baseline.
If its isolated to one leg of the network, you can look at interface counters for errors or protocol implementations(maybe STP reconverged to a new link that is slower or root bridge problems are occuring.
You can also look at the CPU on the switches supporting the laggy hosts. If its through the roof, then you probably have a loop or broadcast storm.
Hope this helps, but latency is really hard to troubleshoot until you can isolate the problem down.
Also, ip route-cache is just a higher level of switching. The 2960 is perfectly capable of switching traffic for all of its user ports with the default switching method. -
Netflow and IP route-cache flow on a serial Int?
Hi, i was wondring if turning the ip route-cache on a serial Int connecting to a T1 line to the ISP is having adverse affect on the router or not assuming more processing power.
is there a collector by Cisco thatcan be downloaded for free and use to collect the flow?
Can CiscoWorks LMS be used "or VMS" to collect the netflow information?
Thanks very much for your help/feedback.
Thx,
MasoodMasood,
Cisco have produced an excellent white paper on netflow performance - try searching for "NetFlow Performance Analysis".
Also, in the netflow section on Cisco's web site there is an extensive list of both commercial and freeware netflow applications. (You can't use CiscoWorks though.)
Andrew. -
'no ip route-cache' on Tunnel interfaces
Hi,
A quick and hopefully simple question. Is there any reason why 'no ip route-cache' and 'no ip mroute-cache' should be configured on Tunnel interfaces?
Generally, when should 'no ip route-cache' be configured on an interface?
Many thanks,
AndyAndy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
Rgds
-Jorge -
Is there any benifit of using this command, is it by default on ?
HI Carl,
It enabled fast switching.
There are differet switching methods which can be used,To control the use of switching methods for forwarding IP packets use the ip route-cache command in interface configuration mode.
Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on a per-destination basis rather than on a per-packet basis. The ip route-cache command with no additional keywords enables fast switching.
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hisw_r/ips_a1h.htm#wp1160847
HTH
Ankur -
Does wccp redirect break routing protocol?
This may be a dumb question to ask, sorry i don't have equipment to test it at this moment.
If wccp redirect is configured on an interface running routing protocol (such as eigrp or ospf), will this redirect the "unicast" ospf database or eigrp topology update to WAAS? and/or will this also redirect ospf & eigrp "multicast" update which maintains neighbor relationship to WAAS?
Should this type of traffic be denied on wccp redirect-list?
ThanksHi Joe,
Since WAAS normally uses TCP promiscuous mode services, based on service group number 61 and 62 - you'll only get TCP redirected ... and neither OSPF nor EIGRP runs on top of TCP, so don't worry.
If you run a TCP based routing protocol like BGP, it will get redirected.
Later versions of WAAS don't, by default, try to optimize on BGP, as it has given some problems in the past due to sequence number manipulation.
Best Regards
Finn Poulsen -
Hello all,
This is a new install, I am trying to bring up a WAE-674 box at one my remote sites with 2 routers (a 3725 and a 2621) at this remote site and I am using WCCP for traffic redirection. I am having an issue with WCCP on the 3725 router, for some reason when I enable the command "IP wccp 62 redirect in" under the WAN serial interface I suddenly can no longer telnet to the fastethernet interface on the router but I can still ping it and still able to telnet to the loopback interface. And I have no issue with WCCP on the other 2621 router with the same config setup.
Has anyone run into this issue before ? I appreciate any feedbacks on this !!!!
I am running IOS version 12.3(14)T7 on the 3725 router and WAAS software version 4.1.1c
Thanks in advance !!
DannyYou will want to explore CSCsg30875 to see how it applies to your installation
CSCsg30875 wccp blocking telnet to router
Since 12.3T is EOL, it probably was not tested and may or may not exist in that Cisco IOS track.
End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.3T
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/prod_bulletin0900aecd803a0ffe.html
Thank You,
Dan Laden -
NetFlow with WCCP on the router
I have a Router Interface enabled with WCCP, no matter I put ingress or egress on the interfaces, I end up with traffic double counting on Analyzer tools. Is there any specfic issue related to WCCP enabled on the router. Please provide me with a solution. Your help is deeply appreciated.
I agree that this is strange. I have looked again at the config and do not see what would cause this behavior. I wonder if it has something to do with the Service Policy configured. But I have looked through the logic and do not see a problem.
I do notice that the version of IOS running is quite old. I wonder if there is some bug in that version of code. And I wonder if you upgraded the router to more recent code whether the problem would be resolved.
HTH
Rick -
WCCP L2 support (Router or Switches only)
From the other conversations with this forum I understand that the routers support WCCP with GRE as the redirection option while the Catalyst family uses L2 redirection for WCCP. Is this confirmed or not. Nothing on Cisco's home page spells this one out.
HI,
that's not totaly true. If you have a look at the feature navigator (www.cisco.com/go/fn) and search for WCCP Layer 2 PFC Redirection, you will see that there are a lot of plattform supporting this.
From my knowledge this feature was introduced on the Cat6k plattform.
Just have a look at the FN to verify if your HW/SW supports this feature.
Kind Regards,
Jerg foerster -
Ip route cache-flow Vs ip flow ingress Vs ip flow egress
Hi,
Can anyone explain the diference and when i should use these?
RegardsHi,
There's a nice exlanation on the following link:
http://www.plixer.com/blog/scrutinizer/netflow-version-9-egress-vs-ingress
Best regards,
Giorgos -
Hello,
I am trying to redirect packets to a bluecoat proxy sg using WCCP on a 3750x stack with IP services.
I cant get the packets to redirect.
The bluecoat device is on the same vlan as the client traffic that I am trying to redirect.
It seems that when I apply the redirect on the vlan interface, the Bluecoat can see the traffic though.
(After it is applied, I can no longer access the websites, but the bluecoat device shows some activity)
SDM prefer is enabled.
Here is the config:
SiteA#sh run
Building configuration...
Current configuration : 7699 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SiteA
boot-start-marker
boot-end-marker
enable secret 5 $1$V1w8$6bmKd6oXWk//FH7/BaoFG.
username systemsgo privilege 15 secret 5 $1$vu8O$1uMdtS1Gzk12.YT3RObZO1
no aaa new-model
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
ip routing
ip wccp 90 redirect-list 115 group-list 15
vtp mode transparent
track 1 ip sla 1 reachability
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
ip ssh version 2
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
interface GigabitEthernet1/0/1
no switchport
ip address 192.168.20.2 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/0/2
no switchport
ip address 192.168.20.9 255.255.255.252
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/0/1
description *BlueCoat Proxy*
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/0/2
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
no ip address
interface Vlan10
ip address 10.10.20.3 255.255.255.0
standby 10 ip 10.10.20.1
standby 10 priority 110
standby 10 preempt
ip wccp 90 redirect in
router eigrp 1
network 10.10.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.3
redistribute static
ip local policy route-map IP_SLA_SiteA
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.20.10 track 1
ip sla 1
icmp-echo 4.2.2.2 source-ip 192.168.20.9
threshold 300
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
logging esm config
access-list 15 permit 10.10.20.220
access-list 101 permit icmp host 192.168.20.9 host 4.2.2.2
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq 443
route-map IP_SLA_SiteA permit 10
match ip address 101
set ip next-hop 192.168.20.10
SiteA#
SiteA#show ip wccp 90
Global WCCP information:
Router information:
Router Identifier: 192.168.20.9
Protocol Version: 2.0
Service Identifier: 90
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: 115
Total Packets Denied Redirect: 52389
Total Packets Unassigned: 71
Group access-list: 15
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
SiteA#show ip wccp 90 detail
WCCP Client information:
WCCP Client ID: 10.10.20.220
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 00:19:36
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x00000000 0x0000003F 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0001: 0x00000000 0x00000001 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0002: 0x00000000 0x00000002 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0003: 0x00000000 0x00000003 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0004: 0x00000000 0x00000004 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0005: 0x00000000 0x00000005 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0006: 0x00000000 0x00000006 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0007: 0x00000000 0x00000007 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0008: 0x00000000 0x00000008 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0009: 0x00000000 0x00000009 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0010: 0x00000000 0x0000000A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0011: 0x00000000 0x0000000B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0012: 0x00000000 0x0000000C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0013: 0x00000000 0x0000000D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0014: 0x00000000 0x0000000E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0015: 0x00000000 0x0000000F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0016: 0x00000000 0x00000010 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0017: 0x00000000 0x00000011 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0018: 0x00000000 0x00000012 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0019: 0x00000000 0x00000013 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0020: 0x00000000 0x00000014 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0021: 0x00000000 0x00000015 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0022: 0x00000000 0x00000016 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0023: 0x00000000 0x00000017 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0024: 0x00000000 0x00000018 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0025: 0x00000000 0x00000019 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0026: 0x00000000 0x0000001A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0027: 0x00000000 0x0000001B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0028: 0x00000000 0x0000001C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0029: 0x00000000 0x0000001D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0030: 0x00000000 0x0000001E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0031: 0x00000000 0x0000001F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0032: 0x00000000 0x00000020 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0033: 0x00000000 0x00000021 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0034: 0x00000000 0x00000022 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0035: 0x00000000 0x00000023 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0036: 0x00000000 0x00000024 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0037: 0x00000000 0x00000025 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0038: 0x00000000 0x00000026 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0039: 0x00000000 0x00000027 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0040: 0x00000000 0x00000028 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0041: 0x00000000 0x00000029 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0042: 0x00000000 0x0000002A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0043: 0x00000000 0x0000002B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0044: 0x00000000 0x0000002C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0045: 0x00000000 0x0000002D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0046: 0x00000000 0x0000002E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0047: 0x00000000 0x0000002F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0048: 0x00000000 0x00000030 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0049: 0x00000000 0x00000031 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0050: 0x00000000 0x00000032 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0051: 0x00000000 0x00000033 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0052: 0x00000000 0x00000034 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0053: 0x00000000 0x00000035 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0054: 0x00000000 0x00000036 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0055: 0x00000000 0x00000037 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0056: 0x00000000 0x00000038 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0057: 0x00000000 0x00000039 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0058: 0x00000000 0x0000003A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0059: 0x00000000 0x0000003B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0060: 0x00000000 0x0000003C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0061: 0x00000000 0x0000003D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0062: 0x00000000 0x0000003E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0063: 0x00000000 0x0000003F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
SiteA#
SiteA#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
SiteA#Hi Jon,
There are no more throughput issues.
Everything is working well. Thanks so much!
As for the WCCP,
I put the redirect acl on the L3 ports that connect back to 3750_3, but it is still not catching the traffic from the user vlan 20 on 3750_3. (We did however get it working for the server vlan in Site1 and Site2)
I'm not sure what you meant when you said:
Then you simply use site1 or site2's devices for web traffic.
Do I need to change the gateway for the users vlan in Site 3750_3 to something else?
Right now it is pointing to 10.20.20.1 on the 3750_3.
Below is what I have so far on the 3750_3.
I tried to force the traffic via PBR to the BlueCoat device, but that didnt seem to work either.
UserSite(config)#do sh run
Building configuration...
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname UserSite
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
system mtu routing 1500
ip routing
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
vlan 20
name clients
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
interface GigabitEthernet1/0/47
description *CERTES-MGMT-MAIN*
switchport access vlan 20
switchport mode access
interface GigabitEthernet1/0/48
description *MAN-LINE-TO-DC-MAIN*
no switchport
ip address 192.168.20.1 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/1/1
interface GigabitEthernet1/1/2
interface GigabitEthernet1/1/3
interface GigabitEthernet1/1/4
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface GigabitEthernet2/0/47
description *CERTES-MGMT-DR*
switchport access vlan 20
switchport mode access
interface GigabitEthernet2/0/48
description *MAN-LINE-TO-DC-DR*
no switchport
ip address 192.168.20.5 255.255.255.252
speed 100
duplex full
interface GigabitEthernet2/1/1
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
ip address 192.168.10.254 255.255.255.0
interface Vlan20
ip address 10.20.20.1 255.255.255.0
ip helper-address 10.10.20.30
router eigrp 1
network 10.20.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.7
offset-list 10 in 100 GigabitEthernet2/0/48
eigrp stub connected summary
ip local policy route-map PBR_Proxy
ip classless
ip http server
ip http secure-server
ip access-list extended Traffic2Proxy
permit tcp 10.20.20.0 0.0.0.255 eq www any
permit tcp 10.20.20.0 0.0.0.255 eq 443 any
ip sla enable reaction-alerts
route-map PBR_Proxy permit 10
match ip address Traffic2Proxy
set ip next-hop 192.168.50.220
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line vty 0 4
exec-timeout 30 0
privilege level 15
logging synchronous
login local
length 0
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
logging synchronous
login local
transport input telnet ssh
end -
2611XM refuses to grab a DHCP address from an upper router.
HI, first time here. Im a homeschooled student and trying to work on getting a CCNA. I ran into an issue which puts me in a stopping point. I have a Cisco 2611XM router in which im trying to pass internet traffic to a few select computers. The problem is the WAN (fa0/1) will not get an address from the d-link router which is handing out dhcp addresses to all my computers in the main network. Ive watched lots of youtube videos but only to validate Ive used the same methods they did. SO here is a quick run down of the topology.
cable modem>dlink router>cisco2611XM>dumbSwitch>Computer#3
> >LinksysSLMG224G 24 port switch>computers 1,2
As you can see my network splits off from the dlink into what needs to be 2 networks.
So why cant I get the WAN interface of the 2611XM to grab a dhcp address?
config
secureROUTER#sh run
Building configuration...
Current configuration : 1031 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname secureROUTER
boot-start-marker
boot-end-marker
enable secret 5 $1$fq4Z$ty8gmQfFw6v0sM2O0rW2D1
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
no ip domain lookup
interface FastEthernet0/0
description LAN
ip address 10.0.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
description WAN
ip address dhcp
ip nat outside
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
ip nat inside source list 1 interface FastEthernet0/0 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
banner motd ^CGet the fuck out!!^C
line con 0
line aux 0
line vty 0 4
password 7 111B1F5244000D
logging synchronous
login
endDuplicate post.
Go HERE. -
Cisco 876w: wlan client - routing problem
I configured a Cisco 876w to connect to an existing WLAN as a client. Now I would like to connect 3 PCs to the 876w which should be able to access the internet via the 876w.
Problem:
Being at the console (ssh) of the 876w, I can ping hosts in the internet (even with their name like www.google.com) but when I'm using a client PC, I can't... What am I missing here? Could it be a NAT problem?
Config:
Internet <---> DSL Router 192.168.1.1 (and WLAN AccessPoint) <---> Cisco 876w (gets IP per DHCP, VLAN1 IP: 10.10.10.1) <---> PC (10.10.10.101)
Current configuration : 9897 bytes
version 12.4
no service pad...dot11 vlan-name wlan-lan vlan 1
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 0923467F1B2E52789807132F7A202E3D31
no ip source-route
ip dhcp excluded-address 10.10.10.1 10.10.10.9
ip dhcp excluded-address 10.10.10.101 10.10.10.254
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
domain-name cisco.test.com
dns-server 208.67.222.222
ip cef
no ip bootp server
ip domain name test.com
ip name-server 208.67.222.222ip ddns update method sdm_ddns1
HTTP
add http://[email protected]/nic/update?system=dyndns&hostname=//[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://[email protected]/nic/update?system=dyndns&hostname=//[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type basic-net3
username admin privilege 15 secret 5 $1$uiouLKjbLIUBlKbj
username service privilege 15 secret 5 $1$LKjblkJNBLKkjlbkm
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-cls--1
match access-group name AllowAny
policy-map type inspect sdm-policy-sdm-cls--1
class type inspect sdm-cls--1
inspect
class class-default
drop
zone security wan
zone security lan
zone-pair security sdm-zp-lan-wan source lan destination wan
service-policy type inspect sdm-policy-sdm-cls--1
interface BRI0
description <--
no ip address
ip flow ingress
ip virtual-reassembly
encapsulation ppp
shutdown
dialer pool-member 1
isdn switch-type basic-net3
isdn point-to-point-setup
ppp multilink!
interface ATM0
backup interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
interface ATM0.3 point-to-point
description <--
ip flow ingress
shutdown
pvc 1/32
pppoe-client dial-pool-number 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
description <--
no ip address
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
ssid WLAN
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root
no cdp enable
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
no cdp enable
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security lan
ip tcp adjust-mss 1412
interface Dialer0
ip ddns update hostname blahblah.dnsalias.com
ip ddns update sdm_ddns1
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security wan
encapsulation ppp
shutdown
dialer pool 1
dialer idle-timeout 600
dialer string 01919214124
dialer load-threshold 20 outbound
dialer watch-group 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname asfa
ppp chap password 7 128763520
ppp pap sent-username asfa password 7 0302141555
ppp multilink
interface Dialer2
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security wan
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap pap callin
ppp chap hostname gast
ppp chap password 7 095B239876473F06090A
ppp pap sent-username gast password 7 1239847629873693D
router rip
network 10.0.0.0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http access-class 23ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source list 106 interface Dot11Radio0.1 overload
ip access-list extended AllowAny
remark CCP_ACL Category=128
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended nix
remark tut nix
remark CCP_ACL Category=2
permit tcp any any
permit udp any any
permit icmp any any
permit ip any any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 remark Alles
access-list 105 remark CCP_ACL Category=2
access-list 105 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit icmp 10.10.10.0 0.0.0.255 any
access-list 105 permit udp 10.10.10.0 0.0.0.255 any
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any
access-list 106 remark NAT wlan
access-list 106 remark CCP_ACL Category=2
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 106 permit icmp 10.10.10.0 0.0.0.255 any
access-list 106 permit udp 10.10.10.0 0.0.0.255 any
access-list 106 permit tcp 10.10.10.0 0.0.0.255 any
dialer watch-list 1 ip 208.67.222.222 255.255.255.255
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
#sh ip int brief
ndrmedienturm#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
BRI0 unassigned YES NVRAM standby mode/disabled down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
Dot11Radio0 unassigned YES TFTP up up
Dot11Radio0.1 unassigned YES DHCP up up
ATM0 unassigned YES NVRAM administratively down down
ATM0.3 unassigned YES unset administratively down down
SSLVPN-VIF0 unassigned NO unset up up
Vlan1 10.10.10.1 YES NVRAM up up
NVI0 unassigned YES unset administratively down down
Dialer0 unassigned YES NVRAM administratively down down
Dialer2 unassigned YES NVRAM up up
Virtual-Dot11Radio0 unassigned YES TFTP up up
Virtual-Dot11Radio0.1 192.168.1.54 YES DHCP up upHi,
Just check it out few things from client are you able to ping the wan interface of the cisco 876w and when you ping the internt address from client pc what is the out put of the nat translation in router.
The command to check the same is show ip nat translation is packet is gettin translated or not.
Hope to Help !!
Ganesh.H
Maybe you are looking for
-
I have a tablemodel that holds the headers and the amount of rows and then inputted into a Jtable.what im trying to do is gather information in certain columns(ie integers) and add them up with the end result displaying the total at the end of the co
-
Design Question: huge column is slowing app, what's best way to speedup?
Hello All, I have a DPL application that is getting a bit heavy due to one column and needs to be tweaked and wanted to ask people's advice on the best practice to speeding it up. I have an entity that is tracking versions of statistical data. @Entit
-
Still no option to include crop in User Preset in LR3...
Can anyone explain to me why the developers of Lightroom insist on excluding the option of saving crop ratios along with the other adjustments in the User Presets? I see that new adjustments such as lens correction are now included as options in LR3
-
When moving Div in design view : Top & Left as Percentage?
Hello All, Whenever I move a div in design view, the left and top values are changed to pixels - I would like these to be given as percentages (using the viewport dimensions I have currently selected). Is this possible? If so can anyone tell me how t
-
Autocad 2015 no working on mymacbook retina
hello I have a Macbook 2014 Yosemite retina. I install Autocad 2015 student version. But the software crashes after installation. Does not work. Listed on the Yosemite supporting Autocad what to do?? PLease help me