03-06-2013 09:53 PM
Hi all,
Please see the attached diag for our waas setup. The traffic is not optimized and shows as pass-through in one end and no stats are shown in other end.
4500 switch config:
ip wccp 61 redirect-list wccp_list password xxxx
ip wccp 62 redirect-list wccp_list password xxxx
Interface Gi1/1
ip address 10.1.46.1 255.255.255.252
ip wccp 62 redirect in
!
interface vlan 170
ip address 10.46.170.10 255.255.255.0
ip wccp 61 redirect in
!
ip access-list extended wccp_list
permit ip 10.46.170.0 0.0.0.255 any
show commands:
sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.46.1.1
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets Redirected: 150487
Process: 0
CEF: 0
Platform: 150487
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: wccp_list
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 2
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Platform: 0
Service Identifier: 62
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets Redirected: 232994
Process: 0
CEF: 0
Platform: 232994
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect access-list: wccp_list
Total Packets Denied Redirect: 3685761
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
Process: 0
CEF: 0
Platform: 0
3750x switch config:
ip wccp 61 redirect-list wccp_list password xxxx
ip wccp 62 redirect-list wccp_list password xxxx
Interface Gi1/0/1
ip address 10.1.46.2 255.255.255.252
ip wccp 62 redirect in
!
interface vlan 170
ip address 10.45.170.10 255.255.255.0
ip wccp 61 redirect in
!
ip access-list extended wccp_list
permit ip 10.45.170.0 0.0.0.255 any
show commands:
sh ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.45.1.1
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 62
Process: 15
CEF: 47
Redirect access-list: wccp_list
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Service Identifier: 62
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: wccp_list
Total Packets Denied Redirect: 795
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Traffic is shown as pass-through in 10.46.40.20 and there is no tcp connections shown in 10.45.40.20! Any inputs?
Regards
Solved! Go to Solution.
03-08-2013 01:36 PM
Hello, Srini:
I saw that you are using a 3750 and a 4500, which of the 2 is at the location showing as PT?
Please check that the 3750 is using the SDM template as desktop routing, otherwise the WCCP packets are not going to be redirected.
One useful command is the "show ip wccp 61 detail" it will show you what is the negotiation of the WCCP features.
When you see a connection on one side and not on the other, most likely the traffic is not reaching the other WAE with the TCP options, this could be due to:
1-firewall blocking the tcp options.
2-wccp redirect list avoiding the optimization.
3-By pass list on the WAE.
Please let me know if It helps.
Best regards.
Giovanni DAmbrosio
03-07-2013 11:54 PM
Hi
Please test after removing the password option:
ip wccp 61 redirect-list wccp_list password xxxx <<------
Also see if there is a firewall at the edge. Normally most of the firewall remove the option header.
Let me know how it goes.
regards,
Ajay Kumar
03-08-2013 05:43 AM
Thanks mate.
There is no firewall in this setup as shown in the diag.This is the first time we trying layer 2 setup and also how does the wccp authentication work if we remove the password in the switches?
Thanks
Sent from Cisco Technical Support iPhone App
03-10-2013 04:55 PM
G'day Giovanni,
The waas plugged in the 4500 shows PT no peer and the 3750X doesnt show anything at all.
I checked the 3750x it shows it is using desktop routing as the template.
Below is the output from 3750 about wccp 61 detail:
#sh ip wccp 61 detail
WCCP Client information:
WCCP Client ID: 10.45.40.20
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 62
Connect Time: 3w1d
Assignment: MASK
I can see the matches in the redirect list but nothing shows in the WAAS being optimized.
Extended IP access list wccp_list
10 permit tcp 10.45.170.0 0.0.0.255 any (76 matches)
20 permit tcp any 10.45.170.0 0.0.0.255
There is no firewall or bypass lists involved in this setup.
regards
03-08-2013 01:36 PM
Hello, Srini:
I saw that you are using a 3750 and a 4500, which of the 2 is at the location showing as PT?
Please check that the 3750 is using the SDM template as desktop routing, otherwise the WCCP packets are not going to be redirected.
One useful command is the "show ip wccp 61 detail" it will show you what is the negotiation of the WCCP features.
When you see a connection on one side and not on the other, most likely the traffic is not reaching the other WAE with the TCP options, this could be due to:
1-firewall blocking the tcp options.
2-wccp redirect list avoiding the optimization.
3-By pass list on the WAE.
Please let me know if It helps.
Best regards.
Giovanni DAmbrosio
03-13-2013 09:57 PM
Sorry mate, I should check my eye sight the sdm template was pointing to desktop-default, changed it to routing and it worked as a charm.
Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide