WCCP Redirect ACL with Static Routes

I need help in creating a redirect ACL (along with an explanation) for one of our sites that has multiple static routes on the router pointing to a customers device on his network.  I have attached relevant config for review.  We have tried numerious combo's for this and so far nothing has worked correctly.  Essentially we need the 165. network, 10.48 and the 10.0 network to all be redirected to the WAE appliance hanging off FA0/1 to be optimized and returned back, but not break communication b/w 10.0 and 10.48 network.  Thoughts and/or suggestions?
Thank you

Have you try to do the static route in the WAE?
Jan

Similar Messages

  • Router WCCP redirect ACLs for WAAS

    Since WAAS accelerates TCP connections only, would it be more efficient to code my router WCCP redirect ACLS for protocol TCP instead of all IP traffic between my source and dest subnets I want redirected?

    Greg,
    The protocol (TCP) is an attribute of the WCCP service group, so using IP in your ACL is fine.
    Regards,
    Zach

  • Simple Load Sharing With Static Routes

    The scenario given below, L3 switch connected to 2 local LAN routers which in turn connected to internet router.
    I would like to distribute the internet traffic from local LAN(L3 switch) on both RTRA and RTRB by adding static routes on L3 switch. How can I achieve this without configuring the routing protocol.
    ---------------RTRA----
    L3SWITCH-------RTRB----INTERNET-RTR

    Hi
    If its simple internet traffic do keep in mind about the local NAT commands which has to be configured accordingly with route-maps here.
    If you are having your own block of ip address space then better to run bgp between the providers.
    regds

  • Configuring MPLS VPN using static routing

    Hi,
    I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.

    You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
    1) Creating the LIB
    This thing lies in having LDP neighborship netween two peers and you have Label bindings.
    This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
    2) Creating the LFIB
    Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
    as a next hop, those Label bindings get installed in the LFIB.
    So considering the above two points, we have to be careful in static routes
    only for interfaces like Ethernet (Multiaccess Segments).
    As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
    GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
    Now you may observe that when you give a static route only pointing to an Ethernet interface,
    you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
    Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
    GLean and you would have a Valid Cached Adjacency.
    So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
    For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
    ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
    Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
    running MPLS.
    And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
    So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
    HTH-Cheers,
    Swaroop

  • Ip wccp redirect-list acl

    Hi
    İ have 2 different Nexus working diffrent NX-OS (6.0(4) & 6.2(6) )  with different line card (F2  & F2E ) and different Sup (Sup 1 & Sup 2 ) but share the same problem. Sup 2 devices work with VPC Sup 1 device Standalone this is the only difference
     I try to configure WCCP on device your redirect http & https Traffic  to Websense. i create following lines  in boot nexus
    Feature wccp
    ip wccp 1 redirect-list WS_REDIRECT
    ip wccp 5 redirect-list WS_REDIRECT
    ip wccp 70 redirect-list WS_REDIRECT
    ip access-list  WS_REDIRECT
     deny  ip any 10.0.0.0 0.255.255.255
     deny   ip any 172.16.0.0 0.15.255.255
     deny   ip any 192.168.0.0 0.0.255.255
     permit tcp any any eq www
     permit tcp any any eq 443
     permit tcp any any eq ftp
    interface vlan 7
    ip wccp 1 redirect in
    ip wccp 5 redirect in
    ip wccp 70 redirect in
    This redirects all the traffic even deny list.
    No bug reported in but tool kit
    Could you please help me.

    Okay, Its weird you have multiple WCCP groups, 
    Considering you are only using one ACL, just simple use one WCCP Group ID
    Also, here is a sample config:
    Let's say you want to redirect traffic from VLAN 10,11 and 12 to WCCP
    and your WCCP device is at VLAN20
    #conf t
    #ip wccp version 2            -DEFAULT: ver1
    #ip wccp 90 
    #ip wccp 90 password wccp123    -THIS IS OPTIONAL! Place a password on your WCCP instance.
    #interface vlan 10
      #ip wccp 90 redirect in
    #interface vlan 11
    ​  #ip wccp 90 redirect in
    #interface vlan 12
    ​  #ip wccp 90 redirect in
    #interface vlan 20
      #ip wccp redirect exclude in     -avoid optimization loops
    Your WCCP device will be in VLAN 20, and I recommend dedicating that VLAN to WCCP devices:
    Configure your WCCP device(Websense) and define the Service group ID, in this example, its wccp 90 and of course the IP of VLAN 20
    By default, all traffic in interfaces configured with "wccp 90 in" will forward traffic to the WCCP device

  • WAE-674 WCCP with 3725 router

    Hello all,
    This is a new install, I am trying to bring up a WAE-674 box at one my remote sites with 2 routers (a 3725 and a 2621) at this remote site and I am using WCCP for traffic redirection. I am having an issue with WCCP on the 3725 router, for some reason when I enable the command "IP wccp 62 redirect in" under the WAN serial interface I suddenly can no longer telnet to the fastethernet interface on the router but I can still ping it and still able to telnet to the loopback interface. And I have no issue with WCCP on the other 2621 router with the same config setup.
    Has anyone run into this issue before ? I appreciate any feedbacks on this !!!!
    I am running IOS version 12.3(14)T7 on the 3725 router and WAAS software version 4.1.1c
    Thanks in advance !!
    Danny

    You will want to explore CSCsg30875 to see how it applies to your installation
    CSCsg30875 wccp blocking telnet to router
    Since 12.3T is EOL, it probably was not tested and may or may not exist in that Cisco IOS track.
    End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.3T
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/prod_bulletin0900aecd803a0ffe.html
    Thank You,
    Dan Laden

  • Does wccp redirect break routing protocol?

    This may be a dumb question to ask, sorry i don't have equipment to test it at this moment.
    If wccp redirect is configured on an interface running routing protocol (such as eigrp or ospf), will this redirect the "unicast" ospf database or eigrp topology update to WAAS?  and/or will this also redirect ospf & eigrp "multicast" update which maintains neighbor relationship to WAAS?
    Should this type of traffic be denied on wccp redirect-list?
    Thanks

    Hi Joe,
    Since WAAS normally uses TCP promiscuous mode services, based on service group number 61 and 62 - you'll only get TCP redirected ... and neither OSPF nor EIGRP runs on top of TCP, so don't worry.
    If you run a TCP based routing protocol like BGP, it will get redirected.
    Later versions of WAAS don't, by default, try to optimize on BGP, as it has given some problems in the past due to sequence number manipulation.
    Best Regards
    Finn Poulsen

  • WCCP Redirect list ACL mask for WAAS

    Good day,
    I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
    ip access-list extended WCCPLIST-61
    permit tcp 10.112.0.0 0.0.31.255 any
    ip access-list extended WCCPLIST-62
      permit tcp any 10.112.0.0 0.0.31.255
    So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
    Just want to confirm that the mask in the ACL doesn't have to match exactly.
    Thanks in advance.

    Hi Zach,
    Thanks for the response and confirmation.
    I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
    A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
    If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
    Any input would be apprecited.
    Thanks again.
    Paul.

  • Can P2 be used with transparent WCCP redirection?

    I have the following scenario for a WSA:
    A. P1 is configured as the internal facing proxy interface.
    B. P2 is configured as the public facing interface on a separate subnet from P1.
    C. IP spoofing has been enabled.
    D. The WSA uses transparent redirection based on the destination port with WCCP service 91 and WCCP service 92 with source port redirection for the return path.
    F. IP spoofing is then disabled.
    After IP spoofing is disabled, will transparently proxied traffic only use the P1 interface? Will the second (return path) WCCP service need to be disabled on the WSA?
    I'm interested in being able to use both P1 and P2 to reduce proxied traffic congestion on the P1 interface after IP spoofing is disabled.

    Hi Parleysmith,
    WCCP will only be used to redirect client traffic on the P1 once it is disabled on the P2 interface using service ID 92. The service ID 92 also needs to be disable on the WSA.
    Sincerely,
    Erik Kaiser
    WSA CSE
    WSA Cisco Forums Moderator

  • Afp sharing bug with static IP ? cannot connect to shared folder via wireless router

    Does anyone ever try this ?
    i got 2 macs (imac snow leopard 6.6 and macbookpro leopard 10.5.8). connect to a wireless router using UTP cable and set using static ip , connection  is ok, ping is ok, ftp between two mac is ok, browse the internet is ok. But i got on problem , i can't connect to shared folder. Error : 'connection failed' . i can see the other mac's icon on the shared section in finder, but i can't connect to it. The problem is fixed if --> The only way  i can connect to shared folder is if i changed the ip from static to dhcp. Or if i want to keep my static ip, i have to connect mac to mac (using crosscable or airport) without the router , then the sharing folder will work fine.  Anyone got similar problem? The problem only happen while sharing using afp and smb method. I have no problem with ftp, ftp sharing is working perfectly in any situation above.
    My conclussion : afp sharing is having problem when apply with static IP and connected to router (or wireless router only ??) is this an afp bug on snow ?
    Any idea ?
    Thanx

    I did pay the 12 dollars, but I think the program remembers with the free one.  If you didn't ever have to do port forwarding in the past, then you likely won't have to do it again.  I couldn't get modern warfare to play properly without it.  But your situation might be different. 
    If you had it in the DMZ, then that is a work around to doing port forwarding, so that will still work for you as it did before, and if you reset it properly, then yes you will have to put the ps3 back in the dmz. 
    just keep in mind if you changed your WiFI SSID or Password, it will reset to the default, and the default is found on your sticker that is on your router.    

  • Does 2960-X with LAN Base supports static route?

    Does 2960-X with LAN Base supports static route?

    Does 2960-X with LAN Base supports static route?
    Yes.  You need to load the correct IOS, 12.2(55)SE (and later), and you need to change the SDM Template. 
    Read more HERE.

  • High CPU with error "%ADJ-3-RESOLVE_REQ:" in Catalyst 4500-X VSS after making L3 function (static routing)

    We have a VSS based on 2x WS-C4500X-16., The VSS is used as Layer 2 Switch for diffrents Vlan in our DC.
    After making the VSS as a Layer 3 gateway for our production VLAN and added 2 routes for routing purposes, we encountered a network down time with high CPU in the VSS and  a huges log messages : 
    .May 14 12:11:25.947: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.22 Vlan100
    .May 14 12:11:34.516: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.22 Vlan100
    .May 14 12:11:40.072: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
    .May 14 12:11:49.682: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    .May 14 12:11:55.079: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
    .May 14 12:12:00.926: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
    .May 14 12:12:06.701: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.8.32 Vlan100
    .May 14 12:12:12.624: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
    .May 14 12:12:21.627: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
    .May 14 12:12:32.261: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.8.32 Vlan100
    .May 14 12:12:41.801: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.2.105 Vlan100
    .May 14 12:12:49.633: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    .May 14 12:12:54.831: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
    .May 14 12:12:59.960: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
    .May 14 12:13:08.745: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    .May 14 12:13:16.138: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    .May 14 12:13:22.393: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    .May 14 12:13:31.415: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.141 Vlan100
    .May 14 12:13:38.944: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.2.215 Vlan100
    .May 14 12:13:45.972: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
    Bellow are the show version of our VSS, 
    Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Wed 05-Dec-12 04:38 by prod_rel_team
    ROM: 15.0(1r)SG10
    S_C4500X_01 uptime is 33 weeks, 1 day, 14 minutes
    Uptime for this control processor is 33 weeks, 1 day, 16 minutes
    System returned to ROM by power-on
    System restarted at 11:59:10 UTC Tue Sep 24 2013
    Running default software
    Jawa Revision 2, Winter Revision 0x0.0x40
    Last reload reason: power-on
    License Information for 'WS-C4500X-16'
        License Level: ipbase   Type: Permanent
        Next reboot license Level: ipbase
    cisco WS-C4500X-16 (MPC8572) processor (revision 9) with 4194304K/20480K bytes of memory.
    Processor board ID JAE173303CF
    MPC8572 CPU at 1.5GHz, Cisco Catalyst 4500X
    Last reset from PowerUp
    4 Virtual Ethernet interfaces
    32 Ten Gigabit Ethernet interfaces
    511K bytes of non-volatile configuration memory.
    Configuration register is 0x2101
    Can you help please, 

    Hi,
    thanks for your reply, but there is no hsrp configured, just an interface vlan. with 2 static routes and the problem was there for more than an hour before we decided to rollback.
    Is there a BugId with this problem in Cisco DataBase.
    here is a show ip route 
    S_C4500X_01#      show ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    Gateway of last resort is 10.2.1.253 to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via 10.2.1.253
          10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C        10.0.0.0/8 is directly connected, Vlan100
    L        10.1.1.250/32 is directly connected, Vlan100
          172.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.31.0.0/16 is directly connected, Vlan120
    L        172.31.0.1/32 is directly connected, Vlan120
    S     192.1.0.0/16 [1/0] via 10.1.1.254
    and the show ip cef: 
    _C4500X_01#        show ip cef 
    .May 14 12:13:57.859: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.158 Vlan100 f
    Prefix               Next Hop             Interface
    0.0.0.0/0            10.2.1.253           Vlan100
    0.0.0.0/8            drop
    0.0.0.0/32           receive              
    10.0.0.0/8           attached             Vlan100
    10.0.0.0/32          receive              Vlan100
    10.1.1.6/32          attached             Vlan100
    10.1.1.17/32         attached             Vlan100
    10.1.1.40/32         attached             Vlan100
    10.1.1.41/32         attached             Vlan100
    10.1.1.50/32         attached             Vlan100
    10.1.1.60/32         attached             Vlan100
    10.1.1.99/32         attached             Vlan100
    10.1.1.121/32        attached             Vlan100
    10.1.1.122/32        attached             Vlan100
    10.1.1.124/32        attached             Vlan100
    10.1.1.125/32        attached             Vlan100
    10.1.1.126/32        attached             Vlan100
    10.1.1.225/32        attached             Vlan100
    10.1.1.227/32        attached             Vlan100
    10.1.1.250/32        receive              Vlan100
    10.1.1.254/32        10.1.1.254           Vlan100
    10.2.1.3/32          attached             Vlan100
    10.2.1.4/32          attached             Vlan100
    10.2.1.6/32          attached             Vlan100
    10.2.1.8/32          attached             Vlan100
    10.2.1.9/32          attached             Vlan100
    10.2.1.18/32         attached             Vlan100
    10.2.1.23/32         attached             Vlan100
    10.2.1.24/32         attached             Vlan100
    Prefix               Next Hop             Interface
    10.2.1.26/32         attached             Vlan100
    10.2.1.28/32         attached             Vlan100
    10.2.1.29/32         attached             Vlan100
    10.2.1.31/32         attached             Vlan100
    10.2.1.103/32        attached             Vlan100
    10.2.1.108/32        attached             Vlan100
    10.2.1.109/32        attached             Vlan100
    10.2.1.124/32        attached             Vlan100
    10.2.1.129/32        attached             Vlan100
    10.2.1.137/32        attached             Vlan100
    10.2.1.139/32        attached             Vlan100
    10.2.1.143/32        attached             Vlan100
    10.2.1.144/32        attached             Vlan100
    10.2.1.159/32        attached             Vlan100
    10.2.1.167/32        attached             Vlan100
    10.2.1.174/32        attached             Vlan100
    10.2.1.175/32        attached             Vlan100
    10.2.1.176/32        attached             Vlan100
    10.2.1.181/32        attached             Vlan100
    10.2.4.38/32         attached             Vlan100
    10.2.4.39/32         attached             Vlan100
    10.2.4.43/32         attached             Vlan100
    10.2.4.47/32         attached             Vlan100
    10.2.4.51/32         attached             Vlan100
    10.2.4.63/32         attached             Vlan100
    10.2.4.65/32         attached             Vlan100
    10.2.4.69/32         attached             Vlan100
    10.2.4.71/32         attached             Vlan100
    10.2.4.73/32         attached             Vlan100
    10.2.4.102/32        attached             Vlan100
    10.2.4.106/32        attached             Vlan100
    10.2.4.107/32        attached             Vlan100
    10.2.4.113/32        attached             Vlan100
    10.2.4.116/32        attached             Vlan100
    10.2.4.119/32        attached             Vlan100
    10.2.4.120/32        attached             Vlan100
    10.2.4.122/32        attached             Vlan100
    10.2.4.141/32        attached             Vlan100
    10.2.4.148/32        attached             Vlan100
    10.2.6.7/32          attached             Vlan100
    Prefix               Next Hop             Interface
    10.2.6.16/32         attached             Vlan100
    10.2.6.31/32         attached             Vlan100
    10.2.7.14/32         attached             Vlan100
    10.2.7.22/32         attached             Vlan100
    10.2.7.24/32         attached             Vlan100
    10.2.7.34/32         attached             Vlan100
    10.2.7.37/32         attached             Vlan100
    10.2.7.41/32         attached             Vlan100
    10.2.7.48/32         attached             Vlan100
    10.2.8.18/32         attached             Vlan100
    10.2.8.32/32         attached             Vlan100
    10.2.8.59/32         attached             Vlan100
    10.2.8.70/32         attached             Vlan100
    10.2.8.85/32         attached             Vlan100
    10.2.8.88/32         attached             Vlan100
    10.2.8.104/32        attached             Vlan100
    10.2.8.135/32        attached             Vlan100
    10.2.99.10/32        attached             Vlan100
    10.2.99.54/32        attached             Vlan100
    10.255.255.255/32    receive              Vlan100
    127.0.0.0/8          drop
    172.31.0.0/16        attached             Vlan120
    172.31.0.0/32        receive              Vlan120
    172.31.0.1/32        receive              Vlan120
    172.31.0.5/32        attached             Vlan120
    172.31.0.29/32       attached             Vlan120
    172.31.255.255/32    receive              Vlan120
    192.1.0.0/16         10.1.1.254           Vlan100
    224.0.0.0/4          drop
    224.0.0.0/24         receive              
    Prefix               Next Hop             Interface
    240.0.0.0/4          drop
    and show ip arp 
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.1.1.1                0   aa00.0400.c286  ARPA   Vlan100
    Internet  10.1.1.6                0   0050.5689.24b8  ARPA   Vlan100
    Internet  10.1.1.10               0   0050.5694.7d20  ARPA   Vlan100
    Internet  10.1.1.11               0   0050.5694.7d20  ARPA   Vlan100
    Internet  10.1.1.12               0   0050.5694.6ae7  ARPA   Vlan100
    Internet  10.1.1.13               0   0050.5694.6ae7  ARPA   Vlan100
    Internet  10.1.1.14               0   0050.568a.6321  ARPA   Vlan100
    Internet  10.1.1.16               0   0050.5694.0ab5  ARPA   Vlan100
    Internet  10.1.1.17               0   0050.5694.493d  ARPA   Vlan100
    Internet  10.1.1.40               0   0013.19b0.9c40  ARPA   Vlan100
    Internet  10.1.1.41               0   1c17.d35a.c840  ARPA   Vlan100
    Internet  10.1.1.50               0   0002.b9b4.a5c0  ARPA   Vlan100
    Internet  10.1.1.60               0   000a.410f.e500  ARPA   Vlan100
    Internet  10.1.1.71               -   0008.e3ff.fc28  ARPA   Vlan100
    Internet  10.1.1.96               0   e02f.6d12.4df3  ARPA   Vlan100
    Internet  10.1.1.98               0   0050.5696.6d86  ARPA   Vlan100
    Internet  10.1.1.99               0   0050.5696.6d88  ARPA   Vlan100
    Internet  10.1.1.121              0   e02f.6d12.4dea  ARPA   Vlan100
    Internet  10.1.1.122              0   e02f.6d12.4e61  ARPA   Vlan100
    Internet  10.1.1.123              0   e02f.6d5b.c10e  ARPA   Vlan100
    Internet  10.1.1.124              0   e02f.6d17.c869  ARPA   Vlan100
    Internet  10.1.1.125              0   e02f.6d5b.c217  ARPA   Vlan100
    Internet  10.1.1.126              0   e02f.6d17.c8ec  ARPA   Vlan100
    Internet  10.1.1.127              0   e02f.6d17.c876  ARPA   Vlan100
    Internet  10.1.1.128              0   e02f.6d5b.bef3  ARPA   Vlan100
    Internet  10.1.1.202              0   0000.85b7.9031  ARPA   Vlan100
    Internet  10.1.1.222              0   000f.f84d.2ca9  ARPA   Vlan100
    Internet  10.1.1.225              0   000f.f84d.3963  ARPA   Vlan100
    Internet  10.1.1.227              0   00c0.ee26.9367  ARPA   Vlan100
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.1.1.250              -   0008.e3ff.fc28  ARPA   Vlan100
    Internet  10.1.1.254              0   0000.0c07.ac07  ARPA   Vlan100
    Internet  10.2.1.2                0   0011.4333.bcda  ARPA   Vlan100
    Internet  10.2.1.3                0   0050.5689.5d38  ARPA   Vlan100
    Internet  10.2.1.4                0   0050.5689.0404  ARPA   Vlan100
    Internet  10.2.1.6                0   0050.5689.6d3b  ARPA   Vlan100
    Internet  10.2.1.7                0   1cc1.def4.6940  ARPA   Vlan100
    Internet  10.2.1.8                0   0050.5689.330e  ARPA   Vlan100
    Internet  10.2.1.9                0   0012.793a.3ccc  ARPA   Vlan100
    Internet  10.2.1.10               0   0012.7990.e5d3  ARPA   Vlan100
    Internet  10.2.1.13               0   0050.568a.6dcf  ARPA   Vlan100
    Internet  10.2.1.15               0   0050.568a.60ff  ARPA   Vlan100
    Internet  10.2.1.18               0   0050.5689.091b  ARPA   Vlan100
    Internet  10.2.1.20               0   0050.5689.451c  ARPA   Vlan100
    Internet  10.2.1.21               0   0050.568a.0cf4  ARPA   Vlan100
    Internet  10.2.1.22               0   0050.5689.6c59  ARPA   Vlan100
    Internet  10.2.1.23               0   0050.5696.6d9e  ARPA   Vlan100
    Internet  10.2.1.24               0   0050.5689.76c4  ARPA   Vlan100
    Internet  10.2.1.26               0   0050.5689.2f4e  ARPA   Vlan100
    Internet  10.2.1.27               0   0050.5689.0632  ARPA   Vlan100
    Internet  10.2.1.28               0   0050.5689.1ce9  ARPA   Vlan100
    Internet  10.2.1.29               0   0050.5689.6aaa  ARPA   Vlan100
    Internet  10.2.1.31               0   0050.5689.0d1a  ARPA   Vlan100
    Internet  10.2.1.37               0   0050.5696.6d81  ARPA   Vlan100
    Internet  10.2.1.103              0   d4be.d9be.8eef  ARPA   Vlan100
    Internet  10.2.1.106              0   14fe.b5e1.c595  ARPA   Vlan100
    Internet  10.2.1.107              0   0023.ae7d.a966  ARPA   Vlan100
    Internet  10.2.1.108              0   d4be.d9c8.6770  ARPA   Vlan100
    Internet  10.2.1.109              0   14fe.b5e9.c5b5  ARPA   Vlan100
    Internet  10.2.1.110              0   14fe.b5ea.5f9d  ARPA   Vlan100
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.2.1.111              0   001e.c959.d4f0  ARPA   Vlan100
    Internet  10.2.1.114              0   b8ac.6f48.4538  ARPA   Vlan100
    Internet  10.2.1.115              0   14fe.b5e1.ed89  ARPA   Vlan100
    Internet  10.2.1.116              0   7845.c409.1959  ARPA   Vlan100
    Thanks
    Lotfi

  • Help with RV042 Static Routing

    I just purchased an RV042 Dual WAN Router. Both WAN's are connected from different ISP's. I have a PBX phone server connected to this router and want all traffic to and from this phone server going out strictly on one WAN and all the computers and the rest of the traffic on the other WAN. If I understand correctly, this needs to be set up in static routes? If that's the case, how would I do that? If not, the question still stands. Please help.

    Hello Vitaly,
    What you are looking for is Protocol Binding. By setting this up you will be able to control what traffic goes out which WAN port. Protocol Binding can be done for certain traffic types or for certain IP addressess.

  • ACE as cache engine for wccp redirection

    Does anybody know if the ACE 4710 appliance supports WCCP acting as a web-cache engine? I am exausting all possible options, and then some, for deploying a new application networking environment. I just returned from ACE training last week and found myself ramping up to deploy a new ACE.
    I have pretty much exhausted my options for topology. We discussed several different designs in class and I don't like any of them. I have some serious problems with using the ACE as a default-gateway for servers. That options is out due to how other "non application" traffic is handled. Traffic such as RDP from IT support staff, patching from SMS servers, virus dat updates, vulnerability scanning... it all routes to the ACE which has to have static routes... then clients hitting the application VIPs have to be natted so the ACE does not use the static routes and reply directly... it all becomes a very big problem over time.
    Second and third options are one-armed and direct server return... both not suitable for my requirements.
    Now... that leaves me with an option we currently have deployed. That is to use a distribution route-switch (Catalyst 4500 Sup-IV) in the middle. The Cat uses PBR to return http traffic from the web servers back to the ACE. All other traffic follows normal routing table.
    Ok... that works perfect... except PBR is not supported in the Sup-6 engine. Unbelievable... I know. This is a major fly in the ointment for this new deployment.
    Now... there is another protocol that is often used for redirection... WCCP. If the ACE were a wccp web-cache, the router could be configured to redirect ingress http to the ACE. But... the ACE would have to act as a web-cache engine and register with the Cat as a home-router.
    I am sure this option is not an option... but it would be nice. The ACE 4710 appliance has the general processor to do it but it would have to be implemented in software. I'm running A3(1.0) and I cannot find anything related to wccp. Nothing in the command-reference.
    If there are any Cisco developers interested in adding some killer funtionality... this would be it. Wccp can be done in layer-2 as well as layer-3. The Sup-6 supports layer-2 redirection. Since the ACE is generally layer-2 adjacent this would be rather easy to implement. Anyway... food for thought.

    I just would like to mention that you could have ACE in bridge mode inserted between your servers and the gateway (4500).
    All traffic will go through ACE but no need for nating and no statc routes (just one default route pointing to the 4500).
    The only problems would be if you exceed the BW of the 4710 with all your traffic.
    Regarding the WCCP support for the 4710 this is not currently in our roadmap.
    Ask your cisco account team to introduce the request.
    Thanks,
    Gilles.

  • Issues getting url-redirect working with Cisco ISE

    Hi,
    I am currently doing a Proof of Concept using Cisco's new ISE product. I am having issues getting the url-redirect raidus attribute working. I have read the troubleshooting document and everything in it points to it should be working. By debuging the radius information on the switch I can see that its passing the url-redirect to the switch  which in my case is was https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa. Now to remove DNS issues etc from the equasion if I copy and paste this URL into the client browser it takes me to the correct place, and I can login and it changes VLAN's accordingly. Now as far as I know the client should automatticaly be redirected to this URL which is not working. Below I have included one of the debugs to show that the epm is in place.
    DEVLABSW01#show epm session ip 10.0.1.104
        Admission feature:  DOT1X
                  ACS ACL:  xACSACLx-IP-PRE-POSTURE-ACL-4de86e6c
         URL Redirect ACL:  ACL-WEBAUTH-REDIRECT
             URL Redirect:  https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa
    I have also attached my switch config. Any help would be greatly appreciated.
    Dan

    So im also doing ISE for the first time and i knew it may have been a bit tough however i didnt forsee my following issue.
    everything is working as expected other than every now and then (intermittent) the ISE Central Portal does not display on any device -android, windows, etc..... i checked and checked the configs, had probably about 10 TAC cases open..... this weekend i ripped out the main components, setup in the offfice and tried to replicate the issue....i could...what i noticed is that without Internet the ISE Portal didnt actually display....it sounds weird but thats what im seeing.....As soon as i plug into Internet Link into the equation, the portal page comes up.....im able to replicate it every time... Currently, i placed back into the customer network and im now looking down at the routing/firewall......
    my issue is that i cant really explain why the Internet affects the Central Auth Page.... In any event. im working backwards, tomorrow im bringing in a second link and doing NAT on a cisco router to bypass the checkpoint firewall....ill know if its checkpoint or if im barking up the wrong tree....
    if anyone can explain why, it would help out a great deal..
    My setup BTW is
    1. WLC 5760 - Not latest code but latest stable (recommended by the TAC Engineer)
    2. ISE 1.2 - Doing simple Wireless only implementation
    3. 3650 - Just acting like a switch - no ACLs etc - just a switch
    4. Integrated into AD
    Ill post back with any findings if i make any headway - BTW, i didnt like this at all as other solutions are so much simpler, BUT, i can now see how powerful this could potentially be for the right type of customer...
    thanks again how i can get some feedback

Maybe you are looking for

  • Doubts in reading a '.properties' file

    Hi All, I have a doubt regarding properties file from which I am reading some key-values. Now I have few different keys (4-5) having same value .e.g. key1=value1 key2=value1 key3=value1 key4=value1 key5=value1 Now I need to read these keys from diffe

  • Help with an EtreCheck Report

    I have an older iMac running Yosemite and I just ran the EtreCheck and this the report. I am not sure what it means by "memory pressure" or what the solution is to the issue? Thanks EtreCheck version: 2.1.8 (121) Report generated April 3, 2015 at 11:

  • How to make vedio/audio standalone application in java

    i need an overall idea of developing a vedio/audio application in java a standalone application using swings. from scratch i need to develope so i need some idea of dataflow,class diagrams etc everything related to develope a project.

  • Don't copy typed words&sentenses in google translator!

    After firefox updated to 9.0.1 I got this problem. I type word for example "hi" in google translator and click to translate to another language for example Russian "привет" then I tryed to copy this word "привет" I couldn't do it, when I click second

  • How to Config Internet Explorer 5.5 for Kerberos

    Hi all, How do I have to config IE 5.5 to get an Kerberos ticket(tocken) from the active directory server? It should send that token to the identity assertion provider on the wls7.0 side Thank Guido