Showing results for 
Search instead for 
Did you mean: 

All traffic is impacted on an inline WAE... what now?

Cisco Employee

Today we will discuss investigating an inline WAE where you have impact to all traffic.

Often this will not be 'traffic is not working', but also 'traffic is slow' or 'we see no improvement with WAAS'.

An common issue with inline interception is that the cabling requirements for inline interception are critical. If you have the possibility please use Gigabit speed on the inline interfaces.

Now we can have a look at the interface details on the WAE:

Or we can have a look at the individual interfaces:

However even if we see no hits on the error counters, this does not mean that the setup is correct. A good test to know if the inline interface is working correctly is to configure an IP on the inline interface group, enable the build-in FTP server in WAAS (with inetd enable ftp) and to FTP data from the LAN and WAN to and from that IP.

Often you will see that there is a problem with one direction of flow, for example you can download to the local LAN at Mbps, but uploading is much slower. This is then a clear indication of a duplex or cabling problem.

If the speeds are what you expect, but there is still a problem with all connection then we should check if the connections are getting intercepted by the WAAS. A "sh stat conn" should reveal if this is the case or not.

If you are seeing connections, but they are all in pass-through then we should check what is happening to the connections. Sometimes a look at "show statistics auto-discovery" will reveal what is going on:

"SYN retransmission" means that something is dropping packets with our special TCP tag. "* found with our device id" means that there is some kind of routing loop. "No peer or asymmetric route:" means that we tagged the packet, but we did not see a tagged SYN-ACK in reply.

In general what I like to do is to capture traffic for a specific client to a specific server. We can do this for example for the client to the server on the LAN side with:

and on the WAN side with:

As the IP's of the server and client will appear without modification on the inline interfaces we can just filter for the IP. Then we use "-c 3" to only show the first three packets we see. We use "-X" to get the full contents of the packets. In there we need to search for the