My customer has three sites connected by Ethernet connections; two of the Catalyst 3570 are running IP Services, while one ("Users" site in topology), is running IP Base. What my customer wants to to is to have all web traffic analyzed by a proxy that stands in site A (see topology).
Since the IPBase switch doesn't support WCCP, my first approach was to force traffic to the proxy via PBR; unfortunately, IPBASE won't support PBR either.
So my thougt was: "Well, if the traffic is matched by a redirect list in on of the switches running Ip Service image, surely that router will send the traffic through WCCP". However this approach failed. I made sure the access-list was correctly referencing the subnet in "Users" site and also in the incoming interface (L3 interface as per the diagram) I applied the redirect list. So in summary:
1. WCCP is working already for the WCCP-enabled switches.
2. When trying to have traffic coming from the IPBase switch (in layer 3) match the redirect list, it doesn't cause hit counts.
3. Access-list has been verified. Also there's no NAT.
4. I read regarding WCCP Web-Cache configuration, that it had to happen either thru a L2 connection or a GRE tunnel, none of those is currently the case, so I'm wondering if we're being hit by that, even though we're configuring a service group (not webcache).
Any thoughts please? I know I could do a PBR on one of the IPServices-imaged switches, but it seems dumb to me since they're already running WCCP, would really like to have that traffic leverage WCCP on the WCCP-enabled switches.
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...
Do you currently have hands-on networking experience? If you do, we'd love to hear from you!
Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.
Take the 20-min or les...