I opened a Cisco TAC case on an issue I was having getting Nexus 7K to work properly with Bluecoat. The end result of the TAC case was that Cisco stated that it was a previously unidentified bug with the NX-OS. I search the bug toolkit and found nothing that matched my issue. There was a workaround but I don't think I can apply it in my topology because I would have to do wccp redirection on an interface that has PBR (I'm pretty sure I read in some WCCP literature that you can't have both on the same interface - if that's NOT the case please let me know). I've attached a simple diagram of the topology along with configuration snippets from the core VDC. The gist of the issue is that the traffic loops. Outbound on VLAN38 the traffic gets redirected to the Bluecoat sitting on VLAN39. If the Bluecoat doesn't apply policy, the traffic is returned via L2 to the Nexus. Even though VLAN39 has "ip wccp redirect exclude in" applied to the SVI the Nexus appears to ignore this (bug) because when it sends it back out VLAN38 the redirection occurs all over again. I can see this looping in packet captures. If the Bluecoat does apply policy, the source IP address of the packet gets changed to the IP address of the Bluecoat and redirection doesn't occur because it no longer matches the ACL associated with WCCP.
The TAC engineer claimed that the configuration I have should work fine. The TAC engineer mocked it up in his lab and he claimed that he was getting the same result (thus the bug). But then I got to thinking that this can't be the only environment in the world with a Nexus 7K and a Bluecoat setup in this manner, could it? So I'm wondering if anybody else out there has a Nexus 7K, a Bluecoat Proxy-SG and a topology like the one I'm dealing with. If so, does it work fine?
Version information from the core VDC
BIOS: version 3.22.0
kickstart: version 6.0(2)
system: version 6.0(2)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.6.0.2.bin
Hi everyone.I have a problem in my Network.So i have 3 routers and a firewall in my topology. I have configured OSPF and all routers works expect R3 (see in the image below)When I watch my neignbor in R3 it says :192.168.7.7 1 INIT/DROTHER 00:00:37 10.0.2...
Host Onboarding is the term used when connecting an endpoint (hosts , IOT , Other devices) to the fabric , and can be accomplished in a couple of ways.One option is the "static" approach as oppose to the dynamic and secure approach using&nbs...
good morning I have this report from users, saying that they encounter connection issue only when they are wired , but the wireless I fine. both connection are using the same path to the internet ...please advised a troubleshooting plan.
Enterprise Switching Business Unit is glad to announce Beta release 16.12.3 for all Catalyst 9200/9300/9400/9500/9600. This release is made available to allow users to test, evaluate and share feedback before General Avail...