Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2592
Views
4
Helpful
6
Replies

WCCP ACL on Catalyst 3750

carljohan.ekman
Level 1
Level 1

‎03-01-2012 08:38 AM

Hi

I have a stack of 3750s with IP Services and 2 WAAS appliances connected to the stack. I am running wccp in the stack and redirecting traffic to the WAAS appliances using a redirect acl. I read in the command guide for the 3750 that ONLY permit entries are supported. I have a appox 20 vlans and there are local traffic flowing between some of them.

My questions is if I can`t use deny entries in the redirect acl in the switch, how can I stop the local traffic between the vlans getting redirected unnecessarly. The local traffic will be redirected to the WAAS appliance and then just go bypass and go back to the switch stack or does WCCP handle this in someway so only the first packets for each session gets redirected?

BR

CJ Ekman

0 Helpful
6 Replies 6

ahskhan
Cisco Employee
Cisco Employee

‎03-01-2012 08:55 AM

Hi Carl,

You need to create a WCCP Redirect ACL, with permit entries from the

Subnets / Hosts you need to optimized, I would also add destination Subnet /

hosts in that ACL. Rest of the traffic will be explicit deny and hence no

other Vlan traffic will go to WAAS. Hope this helps. Thanks.

Ahsan

0 Helpful

carljohan.ekman
Level 1
Level 1
In response to ahskhan

‎03-01-2012 09:02 AM

Hi Ahskhan

But if I have 500+ sites with between 5-30 vlans on each site, that ACL will be rather long and trying to handle and keeping it up-to-date on all these WAAS appliances will be impossible.

Isn`t there any other way to do it?

BR

CJ Ekman

0 Helpful

patrick.preuss
Level 1
Level 1
In response to carljohan.ekman

‎03-14-2012 12:22 PM

Depends on you network / ip design.

If you have allocated enough networks per site / block than you can desig your acl in a way that you not permit the local subnets.

Here can scripting and ipam help you..

0 Helpful

chdevcha
Level 5
Level 5
In response to patrick.preuss

‎03-24-2012 08:15 PM

Hey CJ,

Option 1: another option you might consider is intercepting closer to the WAN edge, if that's an available option for you.

Again, like Patrick mentioned it depends on your network / IP design but if you intercept closer to the WAN edge you should be able to avoid engineering a redirect ACL altogether.

Option 2: depending on the 3750 platform and code upgrade options, some of the latest 3750 IOS versions include support for deny entries for WCCP redirect ACLs. Check out these release notes (look at the very last bullet point in this list):

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_58_se/release/notes/OL24338.html#wp1009434

Hope this helps!

-Chet

patrick.preuss
Level 1
Level 1
In response to chdevcha

‎03-25-2012 12:35 AM

Hi Chet

do you know if the feature will be implemented for the older 3750s ?

Option 1: From my experience it has problems with asymetric routing. Whem you use GRE / GRE Return ist ok.

-Patrick

0 Helpful

chdevcha
Level 5
Level 5
In response to patrick.preuss

‎03-25-2012 05:43 AM

Hey Patrick,

I'm not sure if they will be supported on the 3750s, as opposed to 3750-X, 3750-E, or 3750Gs. Might be a good question for a switch forum?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card