07-07-2011 10:29 AM
HI,
We need to enable wccp on the 6500 core switches and a bit confused where we need wccp redirects, as far as I understand:
"ip wccp 62 redirect in" on the wan facing interfaces
"ip wccp 61 redirect in" on all vlan interfaces that are redirected to the waas, ie. all internal vlans that need to go to the waas --> not sure if it's required??
On the global config:
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
where acl 101 defines the src and dst that will go through the waas
"ip wccp redirect exclude in" - on the vlan that the waas is connected to
anything missing?
how do we then check that wccp is running properly and that is is talking to the waas device on the other side of the wan (we have the waas manager gui)
anything else I should be aware of?
07-07-2011 10:37 AM
Sorry... the other question we had is that do we need to have wccp redirects on every single vlan interface or simply putting it on the wan facing vlan is sufficient?
07-07-2011 11:46 AM
Hi Ronni,
It is simple: put the ip wccp 62 redirect in on the WAN interfaces and ip wccp 61 redirect in on all of the LAN interfaces (where the traffic from your clients accessing the core network is hitting the switch (Assuming we are on the Edge side. If we are on the core, you should put it on the interfaces where the server traffic is hitting the switch).
You need to have both setup as if you don't, all of the connections will be seen as PT Asymmetric and you won't get any optimization.
Another remark that might help: the access-list bound tot he 61 and 62 services need to be mirror of each others.
For instance if you want to optimize the client traffic from network A on the Edge to the network B on the Core, here are how the ACL should be:
For service 61: permit A B
For service 62: permit B A
To check the status of WCCP, you can use the following commands:
sh ip wccp
sh ip wccp interfaces
sh ip wccp 61 detail
sh ip wccp 61 detail
Regards,
Nicolas
07-07-2011 12:08 PM
our 6500 core switches have all the internal vlan interfaces defined on it and it is also wan facing, so it's all on the core.
given this do we put ip wccp 61 redirect in on ALL internal vlans?
and ip wccp 62 redirect in on ALL wan facing vlans?
also:
regarding the acl, we have:
ip wccp 61 redirect-list 105
ip wccp 62 redirect-list 105
where acl105 is permitting all traffic from site A to site B and B to A (all in one acl)
does that look right?
07-07-2011 12:33 PM
Hi Ronni,
You will also need following CLI commands to enable WCCP on 65xx globally.
ip wccp 61
ip wccp 62
if you are permitting all traffic, there is no need for ACL as by default, without ACL, everything is redirected.
Regards.
07-07-2011 12:40 PM
We are actually not allowing everything as I am not sure how voice traffic will behave if it goes through the waas, that is why we have a redirect acl
I found this example online:
access-list 100 permit ip 10.10.10.0 0.0.0.255 any access-list 100 permit ip any 10.0.0.0 0.0.0.255 access-list 100 deny ip any any ! ip wccp 61 redirect-list 100 ip wccp 62 redirect-list 100
And so the 6500 on the other side of the waas will have the same acl but in the opposite direction.
Make sense?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide