06-06-2012 11:50 PM
Hi,
I have encountered an internet connection lost on my network. client desktop can ping to the internet(ex: www.google.com) but cannot browse the internet. We used WCCP to redirect traffic on the ironport. Ironport can also ping to the internet. when I check the Overview of the Ironport it seems that there is no web traffic passing on the ironport or has minimal traffic passig thgrough it. I do not know now wether it is the ironport or my switch(the one that is redirecting the traffic to ironport) that has a problem. is there a way to bypass the ironport? I am new to this device that its qhy i'm seeking assistance.
Thanks,
Bryan
06-07-2012 05:52 AM
Hi Bryan
Good Morning
Thanks! For the e-mail, quickest way to BYPASS ironPort will be as follows:
From GUI:
Web security manager > Bypass setting > Edit Proxy Bypass
Enter the test client ip or the web site:
(examples: example.com, crm.example.com, 10.0.0.1, 10.0.0.0/24)
Submit and test it..
To view this activity, tail bypass logs from the CLI.
Please let me know if you have ANY other questions,
Regards,
Zack
On 6/7/12 2:51 AM, "bcclarin13"
06-07-2012 08:40 PM
Hi Zack,
Is this the procedure to totally bypass the ironport? i just want all traffic to be passed through.
Thanks,
Bryan
06-07-2012 10:27 PM
Yes, traffic in the bypass list doesn't get sent to the WSA. The bypass list is passed from the WSA to the device that's doing the WCCP redirection as a "don't send me stuff to or from these addresses, you deal with it"...
Sent from Cisco Technical Support iPad App
06-08-2012 12:50 AM
Hi,
can someone tell me if my switch is redirecting traffic to my ironport with the below wccp verifications:
CORE-SWITCH-IT#sh ip wccp web-cache detail
WCCP Client information:
WCCP Client ID: 172.24.85.3
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 1503
Connect Time: 08:04:25
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00000526 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0001: 0x00000002 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0002: 0x00000004 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0003: 0x00000006 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0004: 0x00000020 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0005: 0x00000022 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0006: 0x00000024 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0007: 0x00000026 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0008: 0x00000100 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0009: 0x00000102 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0010: 0x00000104 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0011: 0x00000106 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0012: 0x00000120 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0013: 0x00000122 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0014: 0x00000124 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0015: 0x00000126 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0016: 0x00000400 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0017: 0x00000402 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0018: 0x00000404 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0019: 0x00000406 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0020: 0x00000420 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0021: 0x00000422 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0022: 0x00000424 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0023: 0x00000426 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0024: 0x00000500 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0025: 0x00000502 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0026: 0x00000504 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0027: 0x00000506 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0028: 0x00000520 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0029: 0x00000522 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0030: 0x00000524 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
0031: 0x00000526 0x00000000 0x0000 0x0000 0xAC185503 (172.24.85.3)
CORE-SWITCH-IT#
CORE-SWITCH-IT#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 172.24.94.10
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 2146
Process: 0
CEF: 2146
Redirect access-list: Ironport-Redirection
Total Packets Denied Redirect: 15147646
Total Packets Unassigned: 1295
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
CORE-SWITCH-IT#
CORE-SWITCH-IT#sh ip wccp web-cache view
WCCP Routers Informed of:
172.24.94.10
WCCP Clients Visible:
172.24.85.3
WCCP Clients NOT Visible:
-none-
CORE-SWITCH-IT#
Thanks,
Bryan
06-08-2012 01:56 PM
Hi Bryan,
it doesn't look like its redirecting, but WCCPv2 seems to be established. Would you mind to share your access-list
"Ironport-Redirection" ? It looks like most of the traffic is hitting to bypass.
-Stephan
06-08-2012 06:03 PM
Hi Stephen,
Please see below access list and the sample vlan that are being redirected to the ironport:
Extended IP access list Ironport-Redirection
10 deny ip host 172.24.85.2 any
20 deny ip host 172.24.85.3 any
30 permit ip 10.1.67.0 0.0.0.255 172.24.97.0 0.0.0.255
40 permit ip 172.24.97.0 0.0.0.255 10.1.67.0 0.0.0.255
50 deny ip any 172.24.0.0 0.0.255.255 (24386576 matches)
60 permit ip any any (3559 matches)
interface Vlan103
description Others(Web_Server_Corporate)
ip address 172.24.97.33 255.255.255.248
no ip redirects
ip wccp web-cache redirect in
!
interface Vlan150
description LAN(SMPC,CallCenter,&WLAN_Users)
ip address 172.24.100.1 255.255.254.0
ip helper-address 172.24.96.5
no ip redirects
ip wccp web-cache redirect in
!
interface Vlan151
description LAN(WLAN_Users_Guest)
ip address 172.24.102.1 255.255.254.0
ip helper-address 172.24.96.5
ip wccp web-cache redirect in
!
By the way how did you know that my traffic is hitting to bypass, please kindly explain to me. Actually I have the hunch at first that it is hitting the bypass.
Thanks,
Bryan
06-12-2012 12:39 PM
Hi Bryan,
to answer your question first, the counter for denied redirected traffic is pretty high which usual means that it got "bypassed. But some packets are redirected. Best is to check quick the WSA accesslogs (aclogs.current) to see what traffic actually did arrive on the WSA. If it is "empty" or doesn't show any new request.
06-18-2012 06:19 AM
Hi Bryan
Looking at the output from the switch it shows, switch indeed is sending the
traffic over to cache engine i.e. 172.24.85.3. I am also enclosing the WCCP
step by step T/S document here for your reference.
Please feel free to browse/review and let me know if you have ANY specific
questions,
Regards,
Zack
On 6/8/12 3:50 AM, "bcclarin13"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide