Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1700
Views
0
Helpful
7
Replies

wcc p issue

dave dave
Level 1
Level 1

‎02-15-2012 09:29 AM - edited ‎03-07-2019 04:57 AM

hi! I've the setup as per the diagram attached. I try to setup w ccp in our env. I noticed that the wccp command will only work on the interface level if i turn the switch port into no switchport. Here are the draft of the command. The objective is to enable internet traffic to flow through the proxy.

For the port that has been turned to no switchport, what additional thing that need to be done there? (do i need to configure ip in the no switchport's ports and do internal routing)Do i need to configure anything in the port connected to the wlc? Pls let me know anything has been missed out. Thx.

Additional Info,

-this is a isolated network from the corporate lan.

-the dhcp ip assignment is from the fw.

-this network segment is in vlan 111 as a vrf network.

-the proxy is a linux appliance on esx vm.

ip wccp web-cache

access-list 10 permit host 192.168.1.2
ip wccp web-cache group-list 10

ip wccp web-cache redirect-list 10

interface gi 0/3
ip wccp web-cache redirect in

interface gi 0/2
ip wccp web-cache redirect out

Labels:
Preview file
2447 KB
0 Helpful
7 Replies 7

Mandlenkosi Nkiwane
Level 3
Level 3

‎02-15-2012 11:44 AM

There is nothing wrong with the switch not taking the WCCP commands if the "no switchport" command is not used. WCCP operates at layer 3 and the no switchport commands moves your interface from a L2 to L3 interface where you can do the L3 address assignment.

One thing I want to know is your objective here. Do you want all your internal http traffic to go out via the proxy?

I would redirect all the http traffic from vlan111 in that case:

interface Vlan111

ip address x.x.x.x x.x.x.x

ip wccp web-cache redirect out

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to Mandlenkosi Nkiwane

‎02-15-2012 11:54 AM

One more thing after a second thought...

ip wccp web-cache redirect-list webcache_HTTP_traffic

ip access-list extended Webcache_HTTP_traffic

remark ACL used for WCCP re-direct list

permit tcp any any eq www

remark Allow IP traffic

permit ip any any

On the web-cache appliance you have to enable WCCP and configure it to listen to the router ip address to associate, so that it can establish the WCCP partnership...

0 Helpful

dave dave
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎02-16-2012 09:41 AM

hi! If i understand you correctly, you are saying

1) If i want all the internet traffic to go through the proxy, i only need to configure wccp in the vlan interface, not in the physical port? I checked that the vlan interface of my L3 siwtch only has the command "ip wccp web-cache redirect out" but not "in". Is that how it shd be?

2) What if i want to set it on the physical port, the port has to be a L3 port? I will need to put in IP addresses in that same range eg gi0/2 (192.168.1.10) and gi0/3(192.168.1.11)?

3) The command you stated below, is it applied in the global mode or interface level? The switch doesn't support redirect-list in global mode.

"ip wccp web-cache redirect-list webcache_HTTP_traffic "

Thx

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to dave dave

‎02-16-2012 10:26 AM

What kind of switch do you have ?

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to Mandlenkosi Nkiwane

‎02-16-2012 10:48 AM

My experience it is much better to configure the whole vlan than the interface and this is how I have been doing it and has worked for me.

Is ip routing enabled ?

this is what I just tried on a 3560 switch:

Global command

ip wccp web-cache redirect-list Webcache_HTTP_traffic

ip access-list extended Webcache_HTTP_traffic

remark ACL used for WCCP re-direct list

permit tcp any any eq www

remark Allow IP traffic

permit ip any any

interface Vlanx  <<<--- change to your vlan id

ip address 10.x.x.x 255.255.255.0

ip wccp web-cache redirect in

end

My mistake on the redirect, should be in not out.....

I am sure this will work.

__________________

Please rate if this helped you.

0 Helpful

dave dave
Level 1
Level 1
In response to Mandlenkosi Nkiwane

‎02-16-2012 07:04 PM

hi! I'm using cat4506 with (cat 4500-ENTSERVICESK9- M), Version 12. 2(52).

Here are the options available.

(config)#ip wccp web-cache re

(config)#ip wccp web-cache ?

  accelerated    Enable hardware acceleration

  group-address  Set the multicast group

  group-list     Set the access-list used to permit group membership

  password       Authentication password (key)

 

I don't think i've the remark command in Global as well.

0 Helpful

Mandlenkosi Nkiwane
Level 3
Level 3
In response to dave dave

‎02-16-2012 11:58 PM

Could you try:

ip wccp web-cache < redirect-list >

at the end of it all, you will see in the config :

ip wccp web-cache redirect-list Webcache_HTTP_traffic

Usually on the extended access list you have the remark option, if it does not work then apply only the necessary config:

permit tcp any any eq www

remark Allow IP traffic

permit ip any any

Hope this helps...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card