Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5288
Views
5
Helpful
3
Replies

WCCP with Websense

CSCO11177789
Level 1
Level 1

‎07-18-2011 06:44 AM

Hello;

We use wccp version 2 on 6500 series switch integrated with websense. At first configuration we use default settings for methods (GRE and Hash). But sometimes we had some problems clients internet connections.  

So we tried to find out , what the problem is, and it's about 6500 side or websense side.

So we read best practise documents.According to them; on hardware based router (like 6500 series) suggest using methods L2 and Mask. So we reconfigured our equipments. But after configuration we couldnt see redirect packets count on 6500 switch. But system is working correctly even we see 0 packets on the logs.

Here is the output;

Backbone1#sh ip wccp 0 detail

WCCP Client ID:          192.168.99.1

        Protocol Version:        2.0

        State:                   Usable

        Redirection:             L2

        Packet Return:           L2

        Packets Redirected:    0

        Connect Time:          1d21h

        Assignment:            MASK

.........

IOS version : Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI4a, RELEASE SOFTWARE (fc2)

Is it normal or not ? In GRE and hash mode, we could see redirect packets count.

Thanks

Best regards

Labels:
0 Helpful
3 Replies 3

ahskhan
Cisco Employee
Cisco Employee

‎07-18-2011 06:50 AM

Hi,

  On hardware assist switches (65K, 3700, 45K etc) WCCP redirect counters for "show ip wccp" commands should not show increments since all redirected traffic is handled in TCAM and CPU do not get involved. You may see few hundreds packets when initially WCCP is configured, but after that counter should remian static.

When using GRE / HASH depending how WCCP is configured, redirect traffic is handled by CPU on the switch and hence you see redirect counters incrementing. This can cause issues later for High CPU and overall performance.

For more info you can read how ACL works on 65K and TCAM concepts. Hope this answer your questions. Thanks.

Ahsan

CSCO11177789
Level 1
Level 1
In response to ahskhan

‎07-18-2011 07:09 AM

hi;

i hope your are right. We cant see any packet from beginnig , included inital configuration.

Backbone1#sh ip wccp

Global WCCP information:

    Router information:

        Router Identifier:                   192.168.99.2

        Protocol Version:                    2.0

    Service Identifier: 0

        Number of Service Group Clients:     1

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          CEF:                               0

        Redirect access-list:                160

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Everyting is "0" but system is working.In fact i'm a little concerned about it but i dont want to call murphy ,too

Do i have to open tac case ?

Thanks, best regards.

0 Helpful

ahskhan
Cisco Employee
Cisco Employee
In response to CSCO11177789

‎07-18-2011 07:23 AM

Hi,

   You are always welcome to open a TAC case, one of the ways you can confirm this is by using show tcam commands on interfaces / valn where WCCP redirects are applied to confirm counters increment. Thanks.

Ahsan

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card