Wccp redirection for waas on same platform as wccp for websense?
just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
Thanks,
Paul
Hi Paul,
Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
Regards
Daniel
Similar Messages
-
Mask assignment for wccp redirection in WAEs
We're tying to understand the mask assignment process better, so we can replace the default mask value of 0X1741 with the correct one as, supposedly, the 0x1741 does not allocate the buckets evenly among the WAEs in a cluster. To that extent, could someone pls refer me to where we could read up on this?
Thanks.
_ GregHey Greg,
I would suggest going through the below doc. and also there is a mask calculator doc attached here with this for your reference.
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-wccp.html
Regards,
Kanwal -
Hi
İ have 2 different Nexus working diffrent NX-OS (6.0(4) & 6.2(6) ) with different line card (F2 & F2E ) and different Sup (Sup 1 & Sup 2 ) but share the same problem. Sup 2 devices work with VPC Sup 1 device Standalone this is the only difference
I try to configure WCCP on device your redirect http & https Traffic to Websense. i create following lines in boot nexus
Feature wccp
ip wccp 1 redirect-list WS_REDIRECT
ip wccp 5 redirect-list WS_REDIRECT
ip wccp 70 redirect-list WS_REDIRECT
ip access-list WS_REDIRECT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 192.168.0.0 0.0.255.255
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq ftp
interface vlan 7
ip wccp 1 redirect in
ip wccp 5 redirect in
ip wccp 70 redirect in
This redirects all the traffic even deny list.
No bug reported in but tool kit
Could you please help me.Okay, Its weird you have multiple WCCP groups,
Considering you are only using one ACL, just simple use one WCCP Group ID
Also, here is a sample config:
Let's say you want to redirect traffic from VLAN 10,11 and 12 to WCCP
and your WCCP device is at VLAN20
#conf t
#ip wccp version 2 -DEFAULT: ver1
#ip wccp 90
#ip wccp 90 password wccp123 -THIS IS OPTIONAL! Place a password on your WCCP instance.
#interface vlan 10
#ip wccp 90 redirect in
#interface vlan 11
#ip wccp 90 redirect in
#interface vlan 12
#ip wccp 90 redirect in
#interface vlan 20
#ip wccp redirect exclude in -avoid optimization loops
Your WCCP device will be in VLAN 20, and I recommend dedicating that VLAN to WCCP devices:
Configure your WCCP device(Websense) and define the Service group ID, in this example, its wccp 90 and of course the IP of VLAN 20
By default, all traffic in interfaces configured with "wccp 90 in" will forward traffic to the WCCP device -
Does introducing WCCP redirect for WAAS disrupt Netflow information?
Before installing WAAS and WCCP redirect on some 6500 interfaces in our data center, those interfaces showed Netflow flows for users at a remote location accessing servers at our data center. Now with WCCP redirecting that traffic to the WAEs, I notice the only netflow flows for that remote location are UDP flows and some ICMP stuff.
Is this an unintended consequence of installing WAAS - that netflow statistics are going to be skewed by not showing flows that are now accelerated?I believe your problem may be due to the fact that you are redirecting http
based traffic per the ACL configuration. The sup720 uses wccp v2 as a default
version,however, the Sup720 does NOT support the hardware-based redirection for the TCP port 80 when we enable wccpv2.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/wccp.
htm#wp1017009
Support for Non-HTTP Services:
WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80)traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and real audio, video, and telephony applications. -
WCCP Redirect list ACL mask for WAAS
Good day,
I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
ip access-list extended WCCPLIST-61
permit tcp 10.112.0.0 0.0.31.255 any
ip access-list extended WCCPLIST-62
permit tcp any 10.112.0.0 0.0.31.255
So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
Just want to confirm that the mask in the ACL doesn't have to match exactly.
Thanks in advance.Hi Zach,
Thanks for the response and confirmation.
I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
Any input would be apprecited.
Thanks again.
Paul. -
Has anyone deployed an ASR for WCCP redirection? How stable is this platform?
Thanks,
DGDG,
I work for Cisco Systems.
WCCP support on ASR has been there for a while now. Many of our customers do run WCCP on ASR and happy with the stability and performance. As you may know it is a h/w based platform and hence it processes WCCP in h/w. Pl ensure that you are using mask assignment to take advantage of h/w processing on ASR.
thanks
Nat -
Router WCCP redirect ACLs for WAAS
Since WAAS accelerates TCP connections only, would it be more efficient to code my router WCCP redirect ACLS for protocol TCP instead of all IP traffic between my source and dest subnets I want redirected?
Greg,
The protocol (TCP) is an attribute of the WCCP service group, so using IP in your ACL is fine.
Regards,
Zach -
What if, I wanted to use TWO wan optimizing pieces of hardware--One WAAS and one another vendor? Both "Head-End" devices would need to use a WCCP redirect off the same GIG and POS interace (with a different ACL and WCCP number) BUTTTT..the problem it seems, is the Cisco WAAS devices will only use 61 and 62 in promiscuous mode...while other vendors can do numbered modes...is this true? Or can you do something like
Gig0/0
ip wccp 10 redirect in <--Cisco waas
ip wccp 20 redirect in <--vendor2
etc..
Thanks for any helpHi Alan,
WAAS currently only supports service groups 61/62. Note that these numeric designations are really just identifiers, and don't impact order of operations or anything else. So long as the 'vendor2' device above uses some other service group numbers besides 61/62, you should be fine.
Also note that if you are configuring WCCP on a software-based platform (ISR, 7200, etc.), you will also need to configure the global command 'ip wccp check services all'.
Please let us know if you have any additional questions.
Regards,
Zach -
Best practice with WCCP flows for WAAS
Hi,
I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
WAAS# sh interface gi 1/0
Internet Address : 10.0.1.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 20631
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 239 bits/sec, 0 packets/sec
Output Throughput : 3270892 bits/sec, 592 packets/sec
Packets Sent : 110062
Auto-negotiation : On
Full Duplex : Yes
Speed : 1000 Mbps
WAAS# sh interface gi 2/0
Internet Address : 10.0.2.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 86558
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 2519130 bits/sec, 579 packets/sec
Output Throughput : 3431 bits/sec, 2 packets/sec
Packets Sent : 1580
Auto-negotiation : On
Full Duplex : Yes
Speed : 100 Mbps
The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
Is there a best practice recommended by Cisco on this ?
Thanks.
StéphaneHi Stephane,
We usually advise the following in such scenario with an internal module:
"ip wccp 61 redirect in" the LAN interface.
"ip wccp 61 redirect in" on the WAN one.
"ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
That way, we are sure that no loops are created because of the WCCP redirection.
Regards,
Nicolas -
Hello Everyone,
I notice on our 1841 router running version 12.4(22)T, the wccp redirect inbound method does not process through CEF. It will only process it through an outbound redirection. The 61 redirect inbound is applied to the subinterface on fas 0/0.
Any ideas ?
interface FastEthernet0/0.999
description ****Dublin User Vlan****
encapsulation dot1Q 999 native
ip address x.x.x.x 255.255.255.192
ip helper-address 134.65.181.11
no ip redirects
no ip proxy-arp
ip wccp 61 redirect in
ip wccp 62 redirect out
ip flow ingress
no ip mroute-cache
service-policy input DBN_LANYou must configure these devices to use WCCP Version 2 instead of WCCP Version 1 because WCCP Version 1 supports web traffic (port 80) only. When you enable the TCP promiscuous mode service (WCCP Version 2 services 61 and 62) on a WAE and a router, you do not need to enable the CIFS caching service (WCCP Version 2 service 89) on the router or WAE.
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v401/quick/guide/wsqcg401.html#wp1357416 -
I wonder if It is working ip wccp redirect 61 and 62 on same int at C2800
hi
I wonder if it is working like below at C2800.
case.1
interface ATM1/0.40 point-to-point
description to_WAN
bandwidth 18000
ip address 192.1681.1 255.255.255.0
ip wccp 61 redirect out
ip wccp 62 redirect in
! other configuration is omitted.
In cisco recomemdation, we know that the following configuration is common.
case.2
interface fa1/0
desc from_lan
ip address 1.1.1.1 255.255.255.0
ip wccp 61 redirect in
interface ATM1/0.40 point-to-point
description to_WAN
bandwidth 18000
ip address 192.1681.1 255.255.255.0
ip wccp 62 redirect in
BTW, the result of lab test, case.1 at C2800 didn't work, we tested it with FTP, but FTP open didn't open.
when we change from option1 to option2 , We can open ftp and completed acclecation test.
my questions point is that At C2800, option 1 is working?Hi,
First thing we should verify is : is WCCP up and running while this issue is happening?
Can you paste following CLI command ?
Please get the output of following cli commands when the problem is happening.
sh ver
sh ip wccp
sh ip wccp 61 detail
sh ip wccp 62 detail
Further, whar cache engine you are using? and what's the version of the CE? Can you also paste the cli command output:
sh egress-method
sh wccp router
sh stat connection | in
Last thing: is this issue related to FTP only ? do you see same issue with any other traffic?
is this traffic being optimized?
One more thing you want to add is: add exclude in statement on interface connected to CE.
cli command: ip wccp redirect exclude in
Regards. -
WCCP redirect not working on Cat 3560
We have a 3560 running 12.2(37)SE1, IP services image.
Through debug, we can see WCCP communication betweeen the 3560 and our content engine (for web caching).
However, web traffic isn't being redirected to the CE at all. Instead, it goes straight out to the Internet.
Does anyone have the same issue? Has anyone got their 3560 to work w/ their WCCP products (web caching or WAAS)?The 3560 does not support GRE redirection (layer3), so you need to use layer 2 redirection on your Content Engine for your 3560 to work fine with WCCP, also you need to use mask assignment since hash is non-supported as well.
Check this link:
http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a008081db5b.html#wp1051427
Hope it helps!! -
ASR1002 throughput degradation when wccp redirect-list is changed
We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.Thank you very much for sharing that information. It is great to hear verification that the mask assignment change did resolve your problem. That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time. We've been told that TAC will set this up in a lab and test for us by our Cisco SE. We're hoping to get verfication that this actually resolves the problem before we take the outage.
If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment? We may also need to implement this in our redirects to BlueCoat from our Nexus. Do you happen to have a link to how to make this change in Bluecoat? Thanks again! -
Ip wccp redirection direction at ethernet and serial interface.
hi all.
commonly, we use 'ip wccp 62 redirect in' at serial interface to grap packet for sending cisco waas.
but some document is mentioned that 'ip wccp 62 redirect out' ethernet interface facing data center side.
I guess, there is same meaning, I think that It's better to apply 'ip wccp 62 redirect in' at serial interface due to router performance. Right?
Can you explain clarify for me?
Thank you.You are correct redirect in is less cpu intensive as compared to redirect out
WCCP redirection can be configured to occur as packets enter a router or switch interface (inbound, or ingress, redirection) or as they are beginning to leave a router or switch interface (outbound, or egress, redirection).
* Inbound redirection - the WCCP process inspects traffic to find packets that should be optimized before the packets enter the router or switch forwarding/routing selection process. Inbound redirection is less CPU intensive than outbound redirection (when using process or other SW based switching).
* Outbound redirection - the WCCP process inspects traffic to find packets that should be optimized as the packets are ready to leave a router or switch interface, after the packet has gone through the router or switch forwarding/routing selecting process. Outbound redirection is more CPU intensive than inbound redirection.
Thanks
-Smita -
WCCP redirect on 4507 to ironport
I am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out what I'm doing wrong here!
ip wccp web-cache group-list IRONPORT-GROUPLIST
ip wccp source-interface GigabitEthernet2/24
Interface Vlan160
ip address 10.10.16.1 255.255.254.0
ip wccp web-cache redirect out
ip access-list IRONPORT-GROUPLIST
permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
On the ironport I setup web-cache under transparent redirection and provided the IP address I used to source from above (GigabitEthernet2/24). Here is the output I get on the 4507:
10CSW-LAN1#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 10.11.1.9
Configured source-interface: GigabitEthernet2/24
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets Redirected: 0
Process: 0
CEF: 0
Platform: 0
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: IRONPORT_GROUPLIST
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Platform: 0
Here is the debug output:
2w3d: WCCP-EVNT:Process: Start V2 (138)
2w3d: WCCP-EVNT:Successfully opened UDP socket
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
10CSW-LAN1(config)#
2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
2w3d: WCCP-EVNT:S0: Building new router view
2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: setting up wc mask assignments
2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
2w3d: WCCP-EVNT:S0: Building new router view
2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
2w3d: WCCP-EVNT:S0: copy blank current info
2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
10CSW-LAN1(config)#
2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5
2w3d: WCCP-EVNT:Process: Start V2 (138)
2w3d: WCCP-EVNT:Successfully opened UDP socket
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods
2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers
2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate
2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10
2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80
2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)
2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10
10CSW-LAN1(config)#
2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1
2w3d: WCCP-EVNT:S0: Building new router view
2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)
2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)
2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)
2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000
2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: setting up wc mask assignments
2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)
2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)
2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3
2w3d: WCCP-EVNT:S0: Building new router view
2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)
2w3d: WCCP-EVNT:S0: copy blank current info
2w3d: WCCP-EVNT:S0: Assignment wait timer stopped
2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2
2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4
10CSW-LAN1(config)#
2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets
10CSW-LAN1(config)#
2w3d: WCCP-EVNT:S0: updating wc orig assign info
2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)
2w3d: WCCP-EVNT:S0: wc assignment validated
2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5I would recommend doing the following. Also feel free to call into the ironport support line. It is listed at the bottom of the page.
Change the wccp service to service-number 90
Try to redirect inbound traffic not outbound traffic.
Set Load-balancing to mask
Set forward method to L2
Set return method to L2
ip wccp 90 group-list IRONPORT-GROUPLIST <- Set the wccp service-number
ip wccp source-interface GigabitEthernet2/24
Interface Vlan160
ip address 10.10.16.1 255.255.254.0
ip wccp 90 redirect out <- Set the WCCP Service-number try to redirect inbound traffic
ip access-list IRONPORT-GROUPLIST
permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)
Below is an example of how you should setup your ironport for a customer service number. Place the port numbers that you want to redirect.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766)
Maybe you are looking for
-
MY iPhone 5 screen smashed ages ago and I got a normal phone shop to repair it and that was 6 month ago my battery and the mother board is broken can apple repair this if I was to pay the bill and not asking them to cover anything
-
Hi all, We are in process of automating XML indesign workflow. We need some input reg. the table handling in XML workflow. Which type of table is good CALS or Indesign Table. kavya
-
Adobe reader 8.1..2 instll failed
i am running vista home premium al last update level adobe reader 8.1.1 (english version)tells me that update are available after downloading, preparing to install, verifying i got the message unable to install adobe reader 8.1.2. i have UAC disabled
-
How to search which image is not in any albums within a project?
I've created several albums under a project and I would like to see if there's any images that is not being placed in any album yet. I can see there's a 'do not match' option in the search box but I am not sure use it. Many thanks.
-
Sub Transaction Type mandatory in J1IEX
Hi, We need to make Sub Transaction Type as a mandatory field in J1IEX. Can anyone provide some idea that how it is possible? Thanks in advance