cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
459
Views
0
Helpful
0
Replies
Beginner

WCCP on 4507 SUP6E problem

Dear team,

My customer is implemeting Websense (Web security gateway) via WCCP with 4507 SUP6E. The problem is the switch does not redirect any traffic to Web gateway.

If they use 3750G instead of 4507 with the same running config, it works well.

Here is the information of switch:

SW4507-WebSense#sho module

Chassis Type : WS-C4507R-E

Power consumed by backplane : 40 Watts

Mod Ports Card Type                              Model              Serial No.

---+-----+--------------------------------------+------------------+-----------

1    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45  

3     6  Sup 6-E 10GE (X2), 1000BaseX (SFP)     WS-X45-SUP6-E     

------------------ show version ------------------

Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Version 15.0(2)SG3, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Mon 09-Jan-12 01:49 by prod_rel_team

Image text-base: 0x10000000, data-base: 0x12CAA460

ROM: 12.2(44r)SG5

Darkside Revision 4, Jawa Revision 18, Tatooine Revision 141, Forerunner Revision 1.79

SW4507-WebSense uptime is 1 hour, 49 minutes

Uptime for this control processor is 1 hour, 49 minutes

System returned to ROM by reload

System image file is "bootflash:cat4500e-entservices-mz.150-2.SG3.bin"

Last reload reason: Reload command

------------------ show running-config ------------------

no aaa new-model

ip subnet-zero

ip wccp 0 group-address 224.0.1.37 redirect-list ByPass_VIP password 7 00071A150754

ip wccp 5 group-address 224.0.1.37 redirect-list ByPass_VIP password 7 01100F175804

ip wccp 70 group-address 224.0.1.37 redirect-list ByPass_VIP password 7 05080F1C2243

ip wccp 91 group-address 224.0.1.37 redirect-list Webport8888 password 7 1511021F0725

ip vrf mgmtVrf

!

ip multicast-routing

!

!

!

power redundancy-mode redundant

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

redundancy

mode sso

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet1

ip vrf forwarding mgmtVrf

no ip address

speed auto

duplex auto

!

interface GigabitEthernet1/1

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/2

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/3

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/4

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/5

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/6

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/7

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/8

description *** Connect to V10K ***

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/9

description *** Connect to SSG140 ***

switchport access vlan 300

switchport mode access

!

interface GigabitEthernet1/10

description *** Connect to SSG140 ***

switchport access vlan 300

switchport mode access

!

interface GigabitEthernet1/11

description *** Connect to Core6509 ***

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet1/12

description *** Connect to Core6509 ***

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet1/13

switchport access vlan 200

switchport mode access

!

!

interface GigabitEthernet1/23

description ***Trunk -Websense***

switchport mode trunk

!

interface GigabitEthernet1/24

description ***Trunk -Websense***

switchport mode trunk

!

interface TenGigabitEthernet3/1

!

interface TenGigabitEthernet3/2

!

interface Vlan100

description *** Connect to V10K ***

ip address 10.64.31.113 255.255.255.240

ip wccp 0 group-listen

ip wccp 5 group-listen

ip wccp 70 group-listen

ip wccp 91 group-listen

ip pim dense-mode

!

interface Vlan200

description *** Connect to Core6509 ***

ip address 10.64.31.100 255.255.255.248

ip wccp 0 redirect in

ip wccp 5 redirect in

ip wccp 70 redirect in

ip wccp 91 redirect in

!

interface Vlan300

description *** Connect to SSG140 ***

ip address 10.64.31.108 255.255.255.248

!

ip route 0.0.0.0 0.0.0.0 10.64.31.105

ip route 10.0.0.0 255.0.0.0 10.64.31.97

ip route 10.64.20.0 255.255.255.0 10.64.31.105

ip route 192.168.11.0 255.255.255.0 10.64.31.97

ip route 192.168.101.0 255.255.255.0 10.64.31.97

ip http server

!

!

ip access-list extended ByPass_VIP

deny   ip host 10.64.32.52 any log

deny   ip 10.64.32.4 0.0.0.3 any log

deny   ip host 10.62.24.72 any log

deny   ip host 10.62.24.74 any log

deny   ip host 10.62.28.84 any log

deny   ip 10.62.36.64 0.0.0.63 any log

deny   ip host 10.62.36.137 any log

deny   ip host 10.62.36.205 any log

deny   ip host 10.62.36.242 any log

deny   ip 10.62.36.128 0.0.0.7 any log

deny   ip host 10.62.36.135 any log

deny   ip host 10.62.36.136 any log

deny   ip host 10.62.36.226 any log

deny   ip host 10.62.36.218 any log

deny   ip host 10.62.36.207 any log

deny   ip host 10.62.36.222 any log

deny   ip host 10.62.36.211 any log

deny   ip host 10.62.36.140 any log

deny   ip host 10.62.36.167 any log

deny   ip host 10.62.36.141 any log

deny   ip host 10.62.36.158 any log

deny   ip host 10.62.36.229 any log

deny   ip host 10.62.36.202 any log

deny   ip host 10.62.36.139 any log

deny   ip host 10.62.36.138 any log

deny   ip host 10.62.37.15 any log

deny   ip host 10.62.37.22 any log

deny   ip host 10.62.37.6 any log

deny   ip host 10.62.38.75 any log

deny   ip host 10.62.38.88 any log

deny   ip host 10.62.40.73 any log

deny   ip host 10.62.40.79 any log

deny   ip host 10.62.40.71 any log

deny   ip host 10.62.40.72 any log

deny   ip host 10.62.36.160 any log

deny   ip host 10.62.37.20 any log

deny   ip host 10.62.30.120 any log

deny   ip host 10.62.30.132 any log

deny   ip host 10.62.36.195 any log

deny   ip host 10.62.36.215 any log

deny   ip host 10.62.36.220 any log

deny   ip host 10.62.37.2 any log

deny   ip host 10.62.37.3 any log

deny   ip host 10.62.37.8 any log

deny   ip host 10.62.16.127 any log

deny   ip host 10.62.36.254 any log

deny   ip 10.62.18.0 0.0.1.255 any log

deny   ip 10.62.127.0 0.0.0.255 any log

deny   ip 10.62.16.92 0.0.0.3 any log

deny   ip 10.62.16.96 0.0.0.3 any log

deny   ip host 10.62.41.13 any log

deny   ip 192.168.11.0 0.0.0.255 any log

deny   ip 10.64.22.0 0.0.0.255 any log

deny   ip host 10.62.30.76 any log

deny   ip host 10.62.30.88 any log

deny   ip host 10.100.100.234 any log

deny   ip host 10.64.22.16 any log

deny   ip host 10.64.32.49 any log

deny   ip 10.62.31.248 0.0.0.3 any log

deny   ip host 10.62.14.81 any log

deny   ip host 10.62.30.77 any log

deny   ip host 10.64.15.231 any log

deny   ip 10.62.30.72 0.0.0.3 any log

deny   ip 10.62.48.0 0.0.0.255 any log

deny   esp 10.62.48.0 0.0.0.255 any log

deny   ip host 10.62.31.199 any log time-range END_13/09/2012

deny   ip host 10.64.32.136 any log

deny   ip host 10.62.30.106 any log

deny   ip 10.64.12.0 0.0.0.255 any log

deny   ip host 10.62.30.79 any log

deny   ip host 10.98.4.22 103.4.128.0 0.0.3.255 log

deny   ip host 10.98.4.23 103.4.128.0 0.0.3.255 log

deny   ip host 10.98.4.27 103.4.128.0 0.0.3.255 log

deny   ip host 10.98.4.144 103.4.128.0 0.0.3.255 log

deny   ip host 10.62.30.81 any log

deny   ip host 10.64.28.9 any log

permit ip any any log

ip access-list extended Webport8888

deny   tcp host 10.62.30.76 host 119.18.189.203 eq 8888

permit tcp any host 119.18.189.203 eq 8888

!

!

SW4507-WebSense#sho ip wccp

Global WCCP information:

    Router information:

        Router Identifier:                   10.64.31.113

        Protocol Version:                    2.0

    Service Identifier: 0

        Number of Service Group Clients:     2

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          CEF:                               0

        Redirect access-list:                ByPass_VIP

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

    Service Identifier: 5

        Number of Service Group Clients:     2

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          CEF:                               0

        Redirect access-list:                ByPass_VIP

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

    Service Identifier: 70

        Number of Service Group Clients:     2

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          CEF:                               0

        Redirect access-list:                ByPass_VIP

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

    Service Identifier: 91

        Number of Service Group Clients:     2

        Number of Service Group Routers:     1

        Total Packets s/w Redirected:        0

          Process:                           0

          CEF:                               0

        Redirect access-list:                Webport8888

        Total Packets Denied Redirect:       0

        Total Packets Unassigned:            0

        Group access-list:                   -none-

        Total Messages Denied to Group:      0

        Total Authentication failures:       0

        Total Bypassed Packets Received:     0

Could you please help me to discover the problem? I think that there is a software bug here, but I can not find any. Thank you very much.

Regards,

Hiep Nguyen

Everyone's tags (4)
CreatePlease to create content
Content for Community-Ad