Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2596
Views
0
Helpful
1
Replies

Service Group Mismatch - WCCPv2 with L2 redirection on NX7K

calterio
Level 1
Level 1

‎04-30-2010 07:26 AM - edited ‎03-06-2019 10:53 AM

I'm attempting to set up WCCPv2 on a Nexus 7K switch to intercept web traffic and route it to our proxy, ip 10.10.120.12. We are using L2 redirection and mask assignment. We are getting a "Service Group Mismatch"  on our proxy. The description of the error is "The router and the Proxy have a mismatch in port, protocol, priority, and/or other service flags." I ran a "debug ip wccp packets" and a packet trace and I can see the "Here I Am" and "I see you" packets going back and forth. I think the problem may be due to the limitation of L2 redirection that "the content engines be directly connected to an interface on each WCCP router. WCCP config of the content engine must reference the directly connected interface IP address of the WCCP router and not a loopback IP address or any other IP address configured on the WCCP router."   I don't understand why WCCP is saying the loopback address is the router identifier when it isn't the highest IP address on the router, and I don't understand what we're supposed to use on the proxy/content engine as the home router to get this working.  Any help would be appreciated. Thank you.

Chris Alterio

sh ver
Cisco Nexus Operating System (NX-OS) Software
Software
  BIOS:      version 3.19.0
  loader:    version N/A
  kickstart: version 4.2(2a)
  system:    version 4.2(2a)
Hardware
  cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
  Intel(R) Xeon(R) CPU         with 4135696 kB of memory.

------------------------------------------------------------------------------------------------------------

feature wccp

ip access-list copp-system-acl-wccp
  10 permit udp any eq 2048 any eq 2048

ip wccp 91 redirect-list ProxyACL

vlan 8
  name Proxy_10.10.120.0/24

interface Vlan8

  no shutdown

  ip address 10.10.120.1/24

interface Ethernet3/2

  no shutdown

  description Connection to proxy server

  switchport

  switchport access vlan 8

interface Ethernet 5/1

  no shutdown

  ip address 172.16.16.17/29

  ip wccp 91 redirect in

ip access-list ProxyACL

  50 remark Proxy WCCP access control
  100 deny ip any 10.0.0.0/8
  200 permit ip any any
interface Loopback1

  ip address 172.16.10.20/32

-----------------------------------------------------------------------------------------

sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                    172.16.10.20
        Protocol Version:                     2.0
    Service Identifier: 91
        Number of Service Group Clients:      0
        Number of Service Group Routers:      0
        Total Packets Redirected:             0
        Service mode:                         Open
        Service Access-list:                  -none-
        Total Packets Dropped Closed:         0
        Redirect Access-list:                 ProxyACL

        Total Packets Denied Redirect:        0
        Total Packets Unassigned:             0
        Total Authentication failures:        0
        Total Bypassed Packets Received:      0

sh ip wccp 91 view
WCCP Router Informed of:
-none-

WCCP Cache Engines Visible:
-none-

WCCP Cache Engines Not Visible:
10.10.120.12

sh ip wccp 91 detail
WCCP Client information:


    WCCP Client ID:          10.10.120.12
    Protocol Version:        2.0
    State:                   Not Usable (Negotiating)
    Redirection:             L2
    Packet Return:           L2
    Packets Redirected:      0
    Connect Time:            15:57:58
    Assignment:              MASK
    Bypassed Packets:        0

Labels:
0 Helpful
1 Reply 1

calterio
Level 1
Level 1

‎05-02-2010 07:13 AM

I have an update ...

I was able to get wccpv2 working by changing from service group 91 to web-cache. So it's working for http traffic. I can't, however, get https working. I've tried configuring service group 91 just for https, service group 70 (which I've read is for the https web-cache), and service group 98 (which is a custom-web-cache group). I get service mismatch on everything but the web-cache service.

In the packet trace from when I just had service group 91 defined, the Here_I_AM packets from the proxy to the Nexus shows port 0: 80, Port 1: 443, Port 2: 9443 in the WCCP > Service Info section of the packet, which is what's configured on the proxy for the ports to intercept, but the I_SEE_YOU packet from the Nexus to the proxy shows "ports not defined" in the service flags. I'm not sure what the problem could be.

Any thoughts or ideas?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card