Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
0
Helpful
3
Replies

Nexus 7000 WCCP with bluecoat ProxySG

Freemen
Level 1
Level 1

‎08-22-2017 09:29 AM - edited ‎03-08-2019 11:48 AM

 

Scenario

Issue happen when firewall failover from primary to secondary then back to primary, HTTP and HTTPS traffic seam like not going out, error 503 gateway timeout was observed

 

  1. Swing fw from primary to secondary – OK
  2. Swing fw from secondary back to primary – traffic not going out. (WCCP or explicit)
  3. Notice is HTTP and HTTPS traffic which is intercepted WCCP.
  4. ICMP and DNS was able to reach out.
  5. Swing from primary back to secondary – OK

 

Weird is primary before swing is working fine, then secondary is also working fine.. why swing back to primary got issue.

 

My question is will the Portchannel 4003 inbetween N7K will cause double redirection? Then cause L3 loop?

 

 1.png


Regards

Zhan Hua

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎08-22-2017 09:48 AM

Hi,

Can you try it with a sinle link intead of a Portchannel and see if you have the same results?

HTH

0 Helpful

Freemen
Level 1
Level 1
In response to Reza Sharifi

‎08-22-2017 08:52 PM

yes this is what we plan next .. i see if this solve this 

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎04-12-2018 01:49 AM


You could do this by configuring two WCCP service groups as described in the previous examples. Or you could use the following commands to configure one service group for both types of traffic. The example also caches HTTP sessions on port 8080.

Enter the following command to add a service group to a WCCP server that caches HTTP sessions on ports 80 and 8080 and HTTPS sessions on port 443. Both of these protocols use protocol number 6. The IP address of the server is 10.31.101.100 and the WCCP clients are on the 10.31.101.0 subnet. The service ID of this service group is 90.

config system wccp

edit 90

set router-id 10.31.101.100

set server-list 10.31.101.0 255.255.255.0

set ports 443 80 8080

set protocol 6

end

Enter the following commands to configure a FortiGate unit to operate as a WCCP client and add a service group that configures client to cache HTTP sessions on port 80 and 8080 and HTTPS sessions on port 443. The IP address of the server is 10.31.101.100 and IP address of this WCCP clients is 10.31.101.1 subnet. The service ID of this service group must be 90 to match the service ID added to the server.

config system settings

set wccp-cache-engine enable

end

config system wccp

edit 90

set cache-id 10.31.101.1

set router-list 10.31.101.100

set ports 443 80 8080

set protocol 6

end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card