09-12-2011 12:40 PM
Hello,
I'm working with 3 3750Xs in a "CORE" and we have a directly connected Content Engine (CE) on a WAE-612 running ACNS ce612-5.5.23.2 for web-filtering services. we are using wccp with L2 redirection and L2 return with MASK assignment.
The CE sits in vlan 1013 and is directly connected to the core 3750Xs via po5. The users are in vlan 72 off an stack of 3750Xs in an access closet that is connected back to the core via PO4. VLAN 64 connects to the edge firewall (to the Internet).
When only one member of PO4 is physically connected the web-filtering works, however when multiple members are connected in PO4 the web-filtering doesn't function and the end users are not being filtered. It seems as though the Core 3750Xs are not redirecting the traffic to the CE anymore at that point.
Anyone have any ideas on why adding members to the port channel seems to break the wccp feature. Could it be because of the "cross stack" nature of the port-channel?
Here are some configuration details of the CORE 3750s
*************************************************************************************************************************************
CORE-3750Xs#show version
...
c3750e-universalk9-mz.122-58.SE1.bin
*************************************************************************************************************************************
CORE-3750Xs#show license
Index 1 Feature: ipservices
...
*************************************************************************************************************************************
CORE-3750Xs#show run int vlan 1013
interface Vlan1013
description WAE-Smartfilter
ip address 10.144.1.193 255.255.255.192
no ip proxy-arp
*************************************************************************************************************************************
CORE-3750Xs#show run int vlan 72
interface Vlan72
description STDNT_wired_a114
ip address 10.144.72.1 255.255.255.0
ip helper-address 10.144.6.2
no ip proxy-arp
ip wccp web-cache redirect in
ip pim sparse-dense-mode
*************************************************************************************************************************************
CORE-3750Xs#show run int vlan 64
interface Vlan64
ip address 10.144.64.1 255.255.255.0
ip helper-address 10.144.6.2
no ip proxy-arp
ip pim sparse-dense-mode
*************************************************************************************************************************************
CORE-3750Xs#show run int po4
interface Port-channel4
description ** Port Channel to closet 114a **
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3,9-12,20,40,41,72,100,608,614,1423,1620
switchport trunk allowed vlan add 3001-3003
switchport mode trunk
switchport nonegotiate
spanning-tree bpdufilter disable
spanning-tree bpduguard disable
*************************************************************************************************************************************
CORE-3750Xs#show etherchannel 4 sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 5
Number of aggregators: 5
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
4 Po4(SU) - Gi1/0/20(P) Gi1/0/21(P) Gi1/0/22(P)
Gi2/0/20(P) Gi2/0/21(P) Gi2/0/22(P)
Gi3/0/21(P) Gi3/0/22(P)
*************************************************************************************************************************************
CORE-3750Xs#show run int po5
interface Port-channel5
description ** Port Channel to Content Engine **
switchport access vlan 1013
switchport mode access
*************************************************************************************************************************************
CORE-3750Xs#show etherchannel 5 sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 5
Number of aggregators: 5
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
5 Po5(SU) - Gi1/0/5(P) Gi2/0/5(P)
*************************************************************************************************************************************
CORE-3750Xs#show ip wccp web-cache de
WCCP Client information:
WCCP Client ID: 10.144.1.194
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 10:15:38
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00000000 0x00001741 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0001: 0x00000000 0x00000001 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0002: 0x00000000 0x00000040 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0003: 0x00000000 0x00000041 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0004: 0x00000000 0x00000100 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0005: 0x00000000 0x00000101 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0006: 0x00000000 0x00000140 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0007: 0x00000000 0x00000141 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0008: 0x00000000 0x00000200 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0009: 0x00000000 0x00000201 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0010: 0x00000000 0x00000240 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0011: 0x00000000 0x00000241 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0012: 0x00000000 0x00000300 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0013: 0x00000000 0x00000301 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0014: 0x00000000 0x00000340 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0015: 0x00000000 0x00000341 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0016: 0x00000000 0x00000400 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0017: 0x00000000 0x00000401 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0018: 0x00000000 0x00000440 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0019: 0x00000000 0x00000441 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0020: 0x00000000 0x00000500 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0021: 0x00000000 0x00000501 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0022: 0x00000000 0x00000540 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0023: 0x00000000 0x00000541 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0024: 0x00000000 0x00000600 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0025: 0x00000000 0x00000601 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0026: 0x00000000 0x00000640 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0027: 0x00000000 0x00000641 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0028: 0x00000000 0x00000700 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0029: 0x00000000 0x00000701 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0030: 0x00000000 0x00000740 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0031: 0x00000000 0x00000741 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0032: 0x00000000 0x00001000 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0033: 0x00000000 0x00001001 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0034: 0x00000000 0x00001040 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0035: 0x00000000 0x00001041 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0036: 0x00000000 0x00001100 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0037: 0x00000000 0x00001101 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0038: 0x00000000 0x00001140 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0039: 0x00000000 0x00001141 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0040: 0x00000000 0x00001200 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0041: 0x00000000 0x00001201 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0042: 0x00000000 0x00001240 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0043: 0x00000000 0x00001241 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0044: 0x00000000 0x00001300 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0045: 0x00000000 0x00001301 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0046: 0x00000000 0x00001340 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0047: 0x00000000 0x00001341 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0048: 0x00000000 0x00001400 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0049: 0x00000000 0x00001401 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0050: 0x00000000 0x00001440 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0051: 0x00000000 0x00001441 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0052: 0x00000000 0x00001500 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0053: 0x00000000 0x00001501 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0054: 0x00000000 0x00001540 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0055: 0x00000000 0x00001541 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0056: 0x00000000 0x00001600 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0057: 0x00000000 0x00001601 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0058: 0x00000000 0x00001640 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0059: 0x00000000 0x00001641 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0060: 0x00000000 0x00001700 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0061: 0x00000000 0x00001701 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0062: 0x00000000 0x00001740 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
0063: 0x00000000 0x00001741 0x0000 0x0000 0x0A9001C2 (10.144.1.194)
*************************************************************************************************************************************
CORE-3750Xs#show ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 10.144.75.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Solved! Go to Solution.
09-20-2011 11:42 AM
Check licensing on 3750x stack. suspect master has IP services, other member have only IP Base.
09-20-2011 11:42 AM
Check licensing on 3750x stack. suspect master has IP services, other member have only IP Base.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide