WCCP on Cat4500
HI
Does WCCP supported on Cat4500 series switches?
Thanks
Dan
Dan,
Yes it does.
You can use feature navigator in the future to check into this.
http://www.cisco.com/cgi-bin/Support/FeatureNav/FN.pl
Regards
Pete Knoops
Cisco Systems
Similar Messages
-
Cat 4500 - Sup 7L - 03.04.00.SG - WCCP
Ciao,
on a device with 2 service groups it seems that only 1 service group works at the (71 and 72) same time:
Access-list are matched.
If I change the priority I can swap between service group ...
IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin / enterprise services
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 18 10GE (X2), 1000BaseX (SFP) WS-X4606-X2-E JAE162703YY
2 12 1000BaseX (SFP) WS-X4612-SFP-E JAE163707H3
3 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1627L2M1
5 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1629L0VB
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 a493.4ca1.972a to a493.4ca1.973b 1.2 Ok
2 6073.5c3a.3898 to 6073.5c3a.38a3 1.1 Ok
3 30f7.0db9.2900 to 30f7.0db9.2903 2.1 15.0(1r)SG5 03.04.00.SG Ok
5 30f7.0dac.ed50 to 30f7.0dac.ed7f 1.1 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor RPR Active
Any clue?Luciano,
Try adding 'ip wccp check services all' to your global config if you have multiple wccp service identifiers attached to an interface. Each service identifier will need a mutually exclusive ACL for the appropriate service identifier to trigger.
Thank You,
Dan Laden
Cisco PDI Data Center
Want to know more about how PDI can assist you?
http://www.youtube.com/watch?v=3OAJrkMfN3c
http://www.cisco.com/go/pdihelpdesk -
Hello ,
I have many Qs regarding the WAAS implemntation
1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
Thanks
MoamenHey Moamen,
1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
I hope that helps you out.
Dan -
Hello,,
I can't enable WCCP in 4500, in command reference guide the command is supported.....
But !!!
4500(conifg)#ip wccp web-cache redirect-list 101
% Invalid input detected at
CORE_4500_AMUNATEGUI_25#show version
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.00.XO RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 22-Sep-11 20:42 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2010 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
Image text-base: 0x100A12B4, data-base: 0x13F29B60
ROM: 15.0(1r)SG3
Jawa Revision 7, Winter Revision 0x0.0x3
CORE_4500_AMUNATEGUI_25 uptime is 4 weeks, 3 days, 19 hours, 39 minutes
Uptime for this control processor is 4 weeks, 3 days, 19 hours, 40 minutes
System returned to ROM by power-on
Running default software
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Information for 'WS-X45-SUP7L-E'
License Level: entservices Type: Permanent
Next reboot license Level: entservices
cisco WS-C4507R+E (MPC8572) processor (revision 4) with 2097152K/20480K bytes of memory.
Processor board ID FXS1637Q1E3
MPC8572 CPU at 1.5GHz, Supervisor 7L-E
Last reset from PowerUp
5 Virtual Ethernet interfaces
112 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
CORE_4500_AMUNATEGUI_25#show ip wccp ?
<0-254> Dynamically defined service identifier number
interfaces WCCP redirect interfaces
web-cache Standard web caching service
| Output modifiers
<cr>
CORE_4500_AMUNATEGUI_25#show ip wccp
% WCCP version 2 is not enabled
CORE_4500_AMUNATEGUI_25#show mod
Chassis Type : WS-C4507R+E
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT (RJ45) WS-X4648-RJ45-E JAE163903GB
2 48 10/100/1000BaseT (RJ45) WS-X4648-RJ45-E JAE163903EG
3 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1638L1JU
5 18 10GE (X2), 1000BaseX (SFP) WS-X4606-X2-E JAE16390642
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 fc99.47e6.3410 to fc99.47e6.343f 2.1 Ok
2 fc99.47e6.2f90 to fc99.47e6.2fbf 2.1 Ok
3 fc99.47e9.af00 to fc99.47e9.af05 1.1 15.0(1r)SG3 03.02.00.XO Ok
5 fc99.47e6.5ea0 to fc99.47e6.5eb1 1.2 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor SSO Active
CORE_4500_AMUNATEGUI_25#Could u enable wccp v2?
"Ip wccp v 2 " I guess...
And I think "ip wccp web.."
Your license looks correct..
This should help you
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html#GUID-7BC71A1E-CEAD-4527-B297-3718DD21B70C
Sent from Cisco Technical Support iPhone App -
Hi,
I have the Cat4500 and I'd like to use WAAS for TCP optimalization. I can use only WCCPv2 for traffic redirection. I don't know which mask I have to set. I wrote that for Cat4500 is only one mask supported.
I'm sending you the WCCP configurations of WAE and Cat4500 for WCCP. Are these configs right?
WAE:
wccp router-list 1 10.4.238.249
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
wccp version 2
Cat4500:
ip wccp ver 2
ip wccp 61
ip wccp 62
int vlan 1
desc âLAN networkâ
ip wccp 61 redirect in
int vlan 2
desc âWAN networkâ
ip wccp 62 redirect in
redirect exclude in - is not supported on Cat4500.
Thank you.
RomanL2 redirection will redirect packets us Layer 2 MAC rewrite vs. Layer 3 GRE.
As sessions are redirected to the WAE, the original sessions source will be that of switch interface. Upon return the it will be converted back to original source MAC.
WCCPv2 TECHNICAL DETAILS
WCCPv2 group membership is initiated by a WAE when it transmits a WCCP2_HERE_I_AM message to each defined network device (or multicast address) in the configured router-list. This message includes details about the WAE, including IP address and service groups that the device wishes to participate in. Upon receipt of the WCCP2_HERE_I_AM message, the network device will respond with a WCCP2_I_SEE_YOU if the device meets group membership criteria (as specified by shared-secret MD5 authentication password or access-list). Upon receipt of the WCCP2_I_SEE_YOU message from the network device, the WAE must respond with another WCCP2_HERE_I_AM message with the "Receive ID" field matching that of the network device message. At this point, the WAE becomes active within the service group and usable, and the network device can begin redirecting traffic to it based on service group assignment. WCCP2_HERE_I_AM and WCCP2_I_SEE_YOU messages continue to be sent every 10 seconds as a service heartbeat. The WAE is directly queried for responsiveness after two missed heartbeats and removed from the service group if a third is missed.
WCCPv2 is designed to forward traffic to an available WAE using either layer 2 redirection or GRE tunneling (default). One of the components of the WCCP2_I_SEE_YOU message is the advertisement of supported forwarding mechanisms. If a method is not listed, it GRE tunneling is used by default. Redirection assignment is done per service group. A WAE and a network device can use different redirection mechanisms for different services. Layer 2 redirection specifies that the redirecting router will rewrite the Ethernet addresses in the Ethernet header and forward the frames to the WAE. With Layer 2 redirection, the WAE must be adjacent to the network device (attached to the same subnet). GRE tunneling specifies that a GRE tunnel will be established between the network device and the WAE, and the original frames will be encapsulated into this tunnel and delivered to the cache. With GRE redirection, layer 2 adjacency is not required (the WAE can be attached to a different subnet).
To preserve connection and data integrity, the WAE will only optimize TCP connections or protocol sessions that were redirected from the beginning of the establishment attempt. If a TCP connection or protocol session was previously established from the client to the server before redirection was enabled, the WAE would recognize this as an existing connection or session and simply return the redirected traffic back to the router without applying optimizations. This is a function of the "packet return" capability of WCCPv2. The WCCPv2 packet return capability is also negotiated per service group, per WAE, at the time of joining a service group. This is also a function of the WCCP2_HERE_I_AM and WCCP2_I_SEE_YOU messaging. In the event that messages are redirected to a cache that didn't service the initiation of the connection or session, the WAE will return the messages back to the router within a GRE tunnel for normal handling.
WCCPv2 provides load-balancing and high availability through a built-in load-balancing mechanism that distributes load amongst WAEs within a service-group. The most common method of load-balancing with WCCPv2 is enabled by use of hash tables. A hash table is a 256-bucket table that is used to define the distribution of traffic amongst applicable caches. The hash table can be built based on a number of items including source or destination IP address. -
WCCP version 2 on Catalyst 4507 w/SupII+
Hello,
I am try to do a lab with WAAS but I have a switch Catalyst 4507 with Supervisor II+.
When I am doing the configuration, I can´t use the "ip wccp redirect exclude in" on the vlan where reside the WAAS.
The show version is:
MBO-SW-01#
MBO-SW-01#
MBO-SW-01#sh ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(53)SG1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 14:39 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x11D20300
ROM: 12.2(31r)SGA1
Dagobah Revision 226, Swamp Revision 34
MBO-SW-01 uptime is 4 weeks, 6 days, 22 hours, 14 minutes
Uptime for this control processor is 4 weeks, 6 days, 22 hours, 15 minutes
System returned to ROM by power-on
System restarted at 16:57:06 CCS Mon May 10 2010
System image file is "bootflash:/cat4500-ipbasek9-mz.122-53.SG1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
[email protected]. WS-C4507R (MPC8245) processor (revision 10) with 262144K bytes of memory.
Processor board ID FOX1151GHMY
MPC8245 CPU at 266Mhz, Supervisor II+
Last reset from PowerUp
7 Virtual Ethernet interfaces
48 FastEthernet interfaces
26 Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
If
cisco
Configuration register is 0x102
MBO-SW-01#
MBO-SW-01#
MBO-SW-01#
MBO-SW-01#sh mod
Chassis Type : WS-C4507R
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 2 Supervisor II+ 1000BaseX (GBIC) WS-X4013+ JAE12035A3E
3 24 10/100BaseTX (RJ45)V, Cisco/IEEE WS-X4224-RJ45V JAE1038BPFF
4 24 10/100BaseTX (RJ45)V, Cisco/IEEE WS-X4224-RJ45V JAE1041D5JM
5 24 10/100/1000BaseT (RJ45)V, Cisco/IEEE WS-X4524-GB-RJ45V JAE11517SDQ
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 001f.9e15.32c0 to 001f.9e15.32c1 4.5 12.2(31r)SGA 12.2(53)SG1 Ok
3 0016.4617.b1b8 to 0016.4617.b1cf 2.3 Ok
4 0018.18b5.85e8 to 0018.18b5.85ff 2.3 Ok
5 0017.0ec4.6350 to 0017.0ec4.6367 2.3 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
1 Active Supervisor SSO Active
MBO-SW-01#
MBO-SW-01#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.166.1
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 62
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
MBO-SW-01#
MBO-SW-01#
MBO-SW-01#
MBO-SW-01#sh ip wccp in
MBO-SW-01#sh ip wccp interfaces
WCCP interface configuration:
FastEthernet3/5
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
MBO-SW-01#
Who can I do, to get this work????
Thank a lotHi Zach,
Thanks for your answer, but I don´t have clearly the scenario of your answer.
I´m attaching the Logical Topology; and the configuration is this:
Configration of the Edge Site:
MBO-RT-03#
MBO-RT-03#sh run
Building configuration...
Current configuration : 10757 bytes
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
hostname MBO-RT-03
boot-start-marker
boot-end-marker
ip wccp 61
ip wccp 62
ip cef
interface FastEthernet0/0
description TRONCAL LAN
no ip address
duplex auto
speed auto
interface FastEthernet0/0.202
description *** Vlan for Connection with WAE / Edge ***
encapsulation dot1Q 202
ip address 10.201.201.1 255.255.255.248
ip wccp redirect exclude in
interface FastEthernet0/0.210
description *** Vlan for Users ***
encapsulation dot1Q 210
ip address 192.168.166.129 255.255.255.128
ip wccp 61 redirect in
interface FastEthernet0/1
description *** WAN LINK - EMULATION ***
bandwidth 128
ip address 10.100.100.2 255.255.255.252
ip wccp 62 redirect in
ip nbar protocol-discovery
ip flow ingress
load-interval 30
duplex auto
speed auto
traffic-shape rate 128000 128000 128000 1000
router eigrp 1600
passive-interface default
no passive-interface FastEthernet0/1
network 10.100.100.2 0.0.0.0
network 10.201.201.1 0.0.0.0
network 192.168.166.128 0.0.0.127
no auto-summary
control-plane
line con 0
privilege level 15
password 7 121A150402181B00787B7578
login authentication userauthen
line aux 0
line vty 0 4
session-timeout 5
privilege level 15
password 7 121A150402181B00787B7578
login authentication userauthen
scheduler allocate 20000 1000
end
MBO-RT-03#
MBO-RT-03#
MBO-RT-03#
MBO-RT-03#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.166.129
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 39212
Process: 0
CEF: 39212
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect Access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group Access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 62
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 38171
Process: 0
CEF: 38171
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect Access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group Access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
MBO-RT-03#
MBO-RT-03#
MBO-RT-03#
MBO-RT-03#sh ip wccp inter
WCCP interface configuration:
FastEthernet0/1
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
FastEthernet0/0.210
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
FastEthernet0/0.202
Output services: 0
Input services: 0
Mcast services: 0
Exclude In: TRUE
MBO-RT-03#
MBO-RT-03#
MBO-RT-03#sh ver
Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9-M), Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 19-Oct-09 18:21 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
MBO-RT-03 uptime is 4 hours, 55 minutes
System returned to ROM by reload at 11:39:53 CCS Wed Jun 16 2010
System image file is "flash:c2801-adventerprisek9-mz.124-24.T2.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html you require further assistance please contact us by sending email to
[email protected]. 2801 (revision 5.0) with 240640K/21504K bytes of memory.
Processor board ID FTX0926W2NP
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 Virtual Private Network (VPN) Module
2 Voice FXO interfaces
3 DSPs, 40 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
If
Cisco
Configuration register is 0x2102
MBO-RT-03#
And the Core Site has a 4507R with this configuration:
MBO-SW-01#sh run
Building configuration...
Current configuration : 33778 bytes
! Last configuration change at 16:54:12 CCS Wed Jun 16 2010 by dsalazar
! NVRAM config last updated at 16:05:21 CCS Wed Jun 16 2010 by dsalazar
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service compress-config
service udp-small-servers
service tcp-small-servers
service sequence-numbers
hostname MBO-SW-01
boot-start-marker
boot system flash bootflash:/cat4500-ipbasek9-mz.122-53.SG1.bin
boot-end-marker
logging buffered 1024000
logging console critical
enable secret 5 $1$vzCG$bkRWJO0nJuUvYq5mmU8G00
username cps privilege 15 password 7 011016174B18110B731C1F59
username CNAC_User privilege 0 password 7 096F602829040401595C557A
aaa new-model
aaa authentication login default local-case group radius enable
aaa authentication dot1x default group radius
aaa authorization network default group radius
qos
qos aggregate-policer Prueba 128000 bps 1000 byte conform-action transmit exceed-action drop
ip subnet-zero
ip wccp 61
ip wccp 62
policy-map QoS_Prueba
class class-default
police aggregate Prueba
interface FastEthernet3/5
description *** WAN LINK - Emulation ***
no switchport
bandwidth 128
ip address 10.100.100.1 255.255.255.252
ip wccp 62 redirect in
load-interval 30
service-policy output QoS_Prueba
interface Vlan2
description *** Vlan of Server ***
ip address 192.168.162.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp 61 redirect in
interface Vlan910
description *** Vlan for WAE / Core and Mgmt ***
ip address 10.200.200.1 255.255.255.248
router eigrp 1600
passive-interface default
no passive-interface Vlan1
no passive-interface Vlan710
no passive-interface FastEthernet3/5
no auto-summary
eigrp stub connected summary
eigrp event-logging
network 10.0.2.1 0.0.0.0
network 10.100.100.1 0.0.0.0
network 172.16.0.1 0.0.0.0
MBO-SW-01#
MBO-SW-01#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.166.1
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 62
Number of Service Group Clients: 0
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
MBO-SW-01#
MBO-SW-01#sh ip wccp in
MBO-SW-01#sh ip wccp interfaces
WCCP interface configuration:
FastEthernet3/5
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
Vlan2
Output services: 0
Input services: 1
Mcast services: 0
Exclude In: FALSE
MBO-SW-01#
As you can see on the Catalyst 4507R the following stats are 0
Number of Service Group Clients: 0
Number of Service Group Routers: 0
for the services 61 and 62.
In the Router that start reflect a diferent value.
I can appreciate a technical information about how can I configure WCCP for the comunication between the Catalyst 4507 with Sup II+ with the WAE 474.
I probed with other router instead the catalyst 4507 and the configuration and communication were succesfully; that was for verify posible error of configuration on WAEs; but the final objetive is to use the catalyst 4507R.
Thank for your assistance. -
Question on WCCP and ASA/VPN
Hello i have this simple scenario.
-ASA as an EZVPN server.
-WSA in my local lan (inside interface)
-remote vpn users connecting to the ASA.
When a user connects via VPN to my ASA, and i want to do some web filtering to them using the WSA... How would i accomplish it if i dont want to use explicit proxy?
Can i use WCCP on the outside interface of the ASA and redirect web traffic to the WSA which is across my inside ASA interface?
Need to know if WCCP redirection from one ASA interface to another is supported.
Thanks in advanced!
EmilioHi
Please have a look at the following link:
http://my.safaribooksonline.com/1587052091/copyrightpg?cid=2008-ciscopress-pp-widget-book&searchtextbox=Cisco+ASA%3a+All-in-One+Firewall%2c+IPS%2c+and+VPN+Adaptive+Security+Appliance+&query=Cisco+ASA%3a+All-in-One+Firewall%2c+IPS%2c+and+VPN+Adaptive+Security+Appliance+&searchmode=simple&searchview=summary&portal=ciscopress#X2ludGVybmFsX0h0bWxWaWV3P3htbGlkPTE1ODcwNTIwOTElMkZjaDE2JnF1ZXJ5PUNpc2NvJTIwQVNBJTNBJTIwQWxsLWluLU9uZSUyMEZpcmV3YWxsJTJDJTIwSVBTJTJDJTIwYW5kJTIwVlBOJTIwQWRhcHRpdmUlMjBTZWN1cml0eSUyMEFwcGxpYW5jZQ== -
WCCP on ASA & traffic between physical interfaces on ASA
Hello,
I am trying to get WCCP working on the ASA for WAAS implementation. Here is a simple snapshot of my config:
Eth 0/0 : Outside (to internet)
Eth 0/1 : Vlan1 (20.20.0.0/16) (trunk port to remote office LAN)
Eth 0/1.211 : Vlan211 (20.21.10.0/24)
Eth 0/1.212 : Vlan212 (20.21.20.0/24)
Eth 0/1.220 : Vlan220 (20.22.0.0/16)
Eth 0/2 : WAAS (20.21.30.0/24)
I have the site to site tunnel working. I can ping the WAAS device from the other end of the tunnel but I cannot ping it from the 20.20.0.0/16 network. I have enabled traffic between interfaces on same security level as WAAS and LAN have same security.
I get this error message:
3 Feb 12 2007 17:54:05 305006 20.20.10.101 portmap translation creation failed for icmp src WAAS:20.21.30.230 dst LAN:20.20.10.101 (type 8, code 0)
How can I fix this?
My second question is regarding WCCP on ASA. Here is the WCCP part of the config I have:
wccp 61 redirect-list WCCP_To_LAN
wccp 62 redirect-list WCCP_To_WAN
wccp interface outside 62 redirect in
wccp interface LAN 61 redirect in
access-list WCCP_To_LAN extended permit ip any 20.20.0.0 255.252.0.0
access-list WCCP_To_WAN extended permit ip 20.20.0.0 255.252.0.0 any
I am not seeing any packets being redirected to the WAE. I once changed the access lists to 'any any' and I saw some packets but I couldn't ping or telnet to the remote site. Could it be a loop? Is there any way to exclude traffic to avoid loop?
Thanks
Ankitcommon guys
Am I doing something wrong here?
No one replies to my posts. I had the same experience with the previous one.
Is this not the right forum for this query???
Ankit -
Hello,
We have a WSA appliance that we have in explicit mode and want to configure as transparent. The protocols we cache and analyze with WSA are HTTP, HTTPS, native FTP and FTP over HTTP.
Is there a service number on WCCP for FTP over HTTP protocol? Or it is included within HTTP?
Thanks a lot in advance.
Best regards,
IgorIgor,
The service number 60 (ftp-native service) only applies to transparent redirection of FTP native requests and does not apply to FTP-over-HTTP requests.
On the other hand; the Content Engine listens for redirected HTTP requests on the standard HTTP port (default port 80). To enable the Content Engine to listen for WCCP-intercepted HTTP traffic on ports other than the default port, configure the custom-web-cache service (98 and 99) or a user-defined WCCP service (services 90 to 97).
I hope this helps.
Regards,
Juan Lombana
Please rate helpful posts. -
WCCP is not working after ASR migration is done.
Hi Alls.
We recently migrated with new ASR router. However, WCCP is not working, which is using for WAE traffic redirection.
I checked the WCCP configuration. however, I can't find any issue from wccp configuration on ASR router.
Please have seeing following configuration related wccp.
Global)
ip wccp check services all
ip wccp 61 redirect-list waas-redirect
ip wccp 62 redirect-list waas-redirect
Intf)
interface GigabitEthernet0/0/x
ip wccp 61 redirect out
ip wccp 62 redirect in
show ip access-list waas-redirect)
270 deny tcp any eq 1719 any
280 deny tcp any eq 1720 any
290 deny tcp any eq 8443 any
300 deny tcp any eq 689 any
310 permit tcp any any
I confirmed that after migration is done, there was no issue for connectivity between ASR and WAAS.
Following is WAAS status;
Router Information for Service: TCP Promiscuous 61
Routers Seeing this Wide Area Engine(2)
Router Id Sent To
xxx.xxx.xxx.213 xxx.xxx.xxx.15
xxx.xxx.xxx.7 xxx.xxx.xxx.139
Routers not Seeing this Wide Area Engine
-NONE-
Routers Notified of from other WAE's
-NONE-
Multicast Addresses Configured
Router Information for Service: TCP Promiscuous 61
Routers Seeing this Wide Area Engine(2)
Router Id Sent To
xxx.xxx.xxx.213 xxx.xxx.xxx.15
xxx.xxx.xxx.7 xxx.xxx.xxx.139
Routers not Seeing this Wide Area Engine
-NONE-
Routers Notified of from other WAE's
-NONE-
Multicast Addresses Configured
I can't find any difference from configuration and issue with connectivity.
Can anyone help to check this issue? let me know if you need more inputs.
Thanks.Hi Felix,
I'm pasting the show output what you requested.
show ip wccp 61 de)
WCCP Client information:
WCCP Client ID: xxx.xxx.xxx.179
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000000000
Hash Allotment: 128 (50.00%)
Packets s/w Redirected: 0
Connect Time: 1w3d
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
WCCP Client ID: xxx.xxx.xxx.178
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Assigned Hash Info: 00000000000000000000000000000000
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 128 (50.00%)
Packets s/w Redirected: 0
Connect Time: 1w3d
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
show ip wccp 62 de)
WCCP Client information:
WCCP Client ID: xxx.xxx.xxx.179
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000000000
Hash Allotment: 128 (50.00%)
Packets s/w Redirected: 0
Connect Time: 1w3d
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
WCCP Client ID: xxx.xxx.xxx.178
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Assigned Hash Info: 00000000000000000000000000000000
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 128 (50.00%)
Packets s/w Redirected: 0
Connect Time: 1w3d
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
Could you check?
Thanks. -
Best practice with WCCP flows for WAAS
Hi,
I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
WAAS# sh interface gi 1/0
Internet Address : 10.0.1.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 20631
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 239 bits/sec, 0 packets/sec
Output Throughput : 3270892 bits/sec, 592 packets/sec
Packets Sent : 110062
Auto-negotiation : On
Full Duplex : Yes
Speed : 1000 Mbps
WAAS# sh interface gi 2/0
Internet Address : 10.0.2.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 86558
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 2519130 bits/sec, 579 packets/sec
Output Throughput : 3431 bits/sec, 2 packets/sec
Packets Sent : 1580
Auto-negotiation : On
Full Duplex : Yes
Speed : 100 Mbps
The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
Is there a best practice recommended by Cisco on this ?
Thanks.
StéphaneHi Stephane,
We usually advise the following in such scenario with an internal module:
"ip wccp 61 redirect in" the LAN interface.
"ip wccp 61 redirect in" on the WAN one.
"ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
That way, we are sure that no loops are created because of the WCCP redirection.
Regards,
Nicolas -
Wccp web-cache -- can't get it working
I installed a Squid based caching appliance, by Stratacache. it supports GRE wccp redirect in transparent mode, I have it configured as wccpv2 using the Router's LAN ip address 10.250.1.2.
Every time I turn on the caching for a host (or the entire LAN) the internet breaks for whomever I turn wccp on. I have tried disabling CEF and have moved the cache to it's own router interface.
Topology of the Cisco 2801-SEC-K9 router, running 12.4(22)T advsecurity
FastE 0/0 (10.250.1.1) ---> connected directly to cache server
FastE0/1 (10.23.1.1) ---> Connected to internal LAN
MultiLink1 (12.x.x.98) ---> 4 T1 multilink to AT&T Internet Service
so here is my config,
ip wccp web-cache redirect-list 46 group-list 40 password webcache
ip wccp version 2
access-list 40 permit 10.250.1.2 (cache server)
access-list 46 permit 10.23.1.21 (test host for wccp)
interface fastethernet0/1
ip wccp web-cache redirect in
here is the output from the router
Roosevelt-2801(config)#do sh ip wccp web-cache view
WCCP Routers Informed of:
12.x.x.98
WCCP Clients Visible:
10.250.1.2
WCCP Clients NOT Visible:
-none-
Roosevelt-2801(config)#do sh ip wccp web-cache det
WCCP Client information:
WCCP Client ID: 10.250.1.2
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 914
Connect Time: 1d18h
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
Roosevelt-2801(config)#do sh ip wccp web
Global WCCP information:
Router information:
Router Identifier: 12.x.x.98
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 7800
Process: 94
CEF: 7706
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect Access-list: 46
Total Packets Denied Redirect: 8195426
Total Packets Unassigned: 0
Group Access-list: 40
Total Messages Denied to Group: 14
Total Authentication failures: 8
Total Bypassed Packets Received: 0
So I can see the packets redirected, the cache never sees them, the router and cache can ping each other, the cache and LAN clients can ping each other - am I missing something?so I found the problem... hopefully this helps somebody else in the future... the problem is the redirected packets were sourced from the router multilink1 interface IP address and the cache was expecting them from the router fa0/0 interface, so it dropped them.
also the cache has a "spoof client IP" option that was on, because we prefer to do this for netflow, but, I don't think client-IP-spoofing works with the standard web-cache wccp service. It was causing internet problems so I turned the spoofing off and it works fine...
hope this helps -
Deterministic WCCP assignment of buckets to WAEs
I have a scenario where there are 3 WAE devices used in a site. We are using MASK of 0x3F (6 bits) on source IP address for distribution to achieve as fair a bucket distribution to the devices as possible - 21 buckets, 21 buckets and 22 buckets. I understand it doesnt translate to equal load distribution as some buckets tend to have more flows. However, my question is regarding the determinism in the order of assignment. One may expect the following assignment to start with:
0 to 20 buckets - wae1
21 to 41 buckets - wae2
42 to 63 buckets - wae3
However, I see a different assignment in our deployment.
wae1: 1-10 and 32-41 buckets
wae2: 11-31 buckets
wae3: 42-63 buckets
Can I force the assignment a certain way? Does the assignment remain constant across reloads of devices?
CCP Client information:
WCCP Client ID: 10.240.163.148
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 61
Connect Time: 18w4d
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x0000003F 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0042: 0x0000002A 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0043: 0x0000002B 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0044: 0x0000002C 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0045: 0x0000002D 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0046: 0x0000002E 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0047: 0x0000002F 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0048: 0x00000030 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0049: 0x00000031 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0050: 0x00000032 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0051: 0x00000033 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0052: 0x00000034 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0053: 0x00000035 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0054: 0x00000036 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0055: 0x00000037 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0056: 0x00000038 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0057: 0x00000039 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0058: 0x0000003A 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0059: 0x0000003B 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0060: 0x0000003C 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0061: 0x0000003D 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0062: 0x0000003E 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
0063: 0x0000003F 0x00000000 0x0000 0x0000 0x0AF0A394 (10.240.163.148)
WCCP Client ID: 10.240.163.147
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 76
Connect Time: 18w4d
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x0000003F 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0011: 0x0000000B 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0012: 0x0000000C 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0013: 0x0000000D 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0014: 0x0000000E 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0015: 0x0000000F 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0016: 0x00000010 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0017: 0x00000011 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0018: 0x00000012 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0019: 0x00000013 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0020: 0x00000014 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0021: 0x00000015 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0022: 0x00000016 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0023: 0x00000017 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0024: 0x00000018 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0025: 0x00000019 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0026: 0x0000001A 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0027: 0x0000001B 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0028: 0x0000001C 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0029: 0x0000001D 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0030: 0x0000001E 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
0031: 0x0000001F 0x00000000 0x0000 0x0000 0x0AF0A393 (10.240.163.147)
WCCP Client ID: 10.240.163.146
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 10
Connect Time: 15w1d
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x0000003F 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0001: 0x00000001 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0002: 0x00000002 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0003: 0x00000003 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0004: 0x00000004 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0005: 0x00000005 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0006: 0x00000006 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0007: 0x00000007 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0008: 0x00000008 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0009: 0x00000009 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0010: 0x0000000A 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0032: 0x00000020 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0033: 0x00000021 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0034: 0x00000022 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0035: 0x00000023 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0036: 0x00000024 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0037: 0x00000025 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0038: 0x00000026 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0039: 0x00000027 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0040: 0x00000028 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
0041: 0x00000029 0x00000000 0x0000 0x0000 0x0AF0A392 (10.240.163.146)
Thanks,
VijayHI Vijay,
Few things i want to share from your output, the reason of this assignemnt you are seeing is because your WAE
10.240.163.146 which has "out of order" assignement, is added later [see there connect time] So we can conlcude that intially you have only 2 wae's in your setup [or may be 3] and have linier bucket assignemt but after addition of third one [or reload of 3rd one] bucket got re-assigned to this 3rd WAE from other two.
in short this was your assignment befor addition of 3rd WAE,
wae2: 1-31 buckets
wae3: 32-63 buckets
when 3rd WAE added, half of buckets from each WAE got assigned. and result is what you are seeing.
Hope this explanation anserrwd your query. -
Help with EEM TCL / CLI scripting for re-direction/wccp counters
Being new with EEM scripting I wanted to see if I was on the right track and get some help to finish my idea.
Our problem I am trying to fix is our remote sites utilize pairs of Cat3650's for some routing and WCCP redirection. We are encountering ACL denial issues causing slow down and access issues. The fix for the issue we remove the WCCP service groups to break peering with our wan optimizers and re-insert the configuration thus re-establishing peering and restoring service.
My idea is to use a TCL scipt on a watchdog timer to parse the "sh ip wccp | inc denied (or unassign)" output for denial and unassignable error counters. If a counter is found I wanted to create a syslog message that would then kick off a simple EEM CLI script to remove the service groups, wait 10 seconds, then re-add the service groups. Please point me in the right direction if I am off track as I am not sure if I can use the EEM CLI for all this or since I want to retreive specific info from the sh ip wccp output if I do need to utilize TCL. I am also unsure if the "total denied" ascii string pulled via the "sh ip wccp | inc denied" will cause issues when attempting to just pull the counter information.
sh ip wccp | inc Denied Red
Total Packets Denied Redirect: 0
Total Packets Denied Redirect: 0
Script thus far :
TCL
if [catch {context_retrieve "EEM_WCCP_ERROR_COUNTER" "count"} result] {
set wccpcounter 0
} else {
set wccpcounter $result
} if [catch {cli_open} result] {
error $result
} else {
array set cli $result
} if [catch {cli_exec $cli(fd) "show ip wccp | incl Denied"} result] {
error $result
} else {
set cmd_output $result
set count ""
catch [regexp {receive ([0-9]+),} $cmd_output} ignore count]
set count
set diff [expr $count - $wccpcounter]
if {$diff != 0} {
action_syslog priority emergencies msg "WCCP counters showing incremental Denied packet counts"
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
error $result
context_save EEM_WCCP_ERROR_COUNTER count
CLI
event manager applet WCCP_COUNTER_WATCH
event syslog priority emergencies pattern "WCCP counters showing incremental Denied packet counts"
action 001 cli command "enable"
action 002 cli command "config t"
action 003 cli command "no ip wccp 61"
action 004 cli command "no ip wccp 62"
action 005 wait 10
action 006 cli command "ip wccp 61"
action 007 cli command "ip wccp 62"
action 008 wait 15
action 009 cli command "clear ip wccp"
action 010 cli command "end"
Thanks for all the helpThis won't work as EEM cannot intercept its own syslog messages. However, I'm not sure why you need this form of IPC anyway. Why not just make the Tcl script perform the needed CLI commands?
And, yes, you could use all applets here. But since you've written the hard stuff in Tcl already, it might be best just to add the missing calls to reconfigure WCCP to that script. -
WAAS and WCCP - looping packet detected
Hi,
Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
Any advise?no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
LOOPING PACKET DETECTION:
from router console
Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
Router configuration:
ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
interface Loopback0
ip address 132.242.11.18 255.255.255.255
h323-gateway voip bind srcaddr 132.242.11.18
interface GigabitEthernet0/0.83
description << data vlan 83 >>
encapsulation dot1Q 83
ip address 153.61.83.3 255.255.255.192
ip helper-address 192.127.250.22
ip helper-address 149.25.1.182
no ip proxy-arp
ip wccp 61 redirect in
standby 83 ip 153.61.83.1
standby 83 priority 200
standby 83 preempt
standby 83 track Serial0/1/0:0.99 100
interface GigabitEthernet0/1
description << WHQ LAB CE connection >>
ip address 153.61.83.65 255.255.255.192
load-interval 30
duplex full
speed 100
ip access-list standard remote-waas-box
permit 153.61.83.70
ip access-list extended REDIRECT-WAAS-SUBNETS-61
permit ip 153.61.83.0 0.0.0.63 any
WAE configuration:
device mode application-accelerator
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 153.61.83.70 255.255.255.192
no autosense
bandwidth 100
full-duplex
exit
wccp router-list 1 153.61.83.65
wccp tcp-promiscuous router-list-num 1
wccp version 2
wccp slow-start enable
Maybe you are looking for
-
[JS][CS3] Pasting an image
Hi All I have no idea if this is possible, but i am trying to script a way to paste into an image frame a new picture from the clipboard (CMD+V) while retaining the scale and possition of the original. (I actually thought InDesign did this, but canno
-
Multiple Monitor Dilemma When Disconnected
Using Media Encoder (CS4) on Mac laptop. Using multiple monitors when not traveling. When I go on the road and only use my laptop the application launches but thinks it's still on the other monitor that's not connected - which means I can't use it! I
-
Function module to import data from memory
Hi, I am using the function module 'LIST_FROM_MEMORY' to import data and the LISTOBJECT contains values in raw format.How to convert this to char format?I dont want to use 'DISPLAY_LIST' as I want the values of the parameter 'LISTOBJECT' to be passed
-
Action is no getting triggered on the click of a button in an Adobe form.
Hi All, I have created a Form using ALD 8.1. I have created a connction with the SAP using WSDL. The connection is getting established and it is ahowing SOAP Binding also, I am passing a input parameter. on the click of the button the function modul
-
Premiere Elements 13 et Mac Os X Yosemite
Bonjour, J'aimerais acheter Premiere Elements 13. J'utilise actuellement Mac os x 10.6.8 (Snow Leopard, je crois) mais je suis disposée à mettre à jour en os x Yosemite (je ne trouve pas de version moins récente à télécharger). Pouvez-vous me confirm