WCCP on WS-C3560G-24TS-E

pcce5w2hlh · ‎12-29-2009

Please refer attached.

I have a switch (WS-C3560G-24TS-E) that supports WCCP for the web proxy zone.

Based on the diagram, if the remote users come in from the IP VPN C+, the switch will forward all web requests to the BlueCoat ProxySG via WCCP, then ProxySG will send the web requests to firewall to internet as part of the default route.

If BlueCoat ProxySG fails, can the Cisco switch WCCP configuration detect a failure and send the web requests to the firewall as part of the default route?

Giuseppe Larosa · ‎12-30-2009

Hello Tanhonbak,

yes because WCCP include the exchange of hello messages between the router/switch and the web cache.

If the web cache fails the router detects the missing WCCP messages.

see

WCCP Message Exchange

This sequence of events describes the WCCP message exchange:

1. The application engines send their IP addresses to the WCCP-enabled switch by using WCCP, signaling their presence through a Here I am message. The switch and application engines communicate to each other through a control channel based on UDP port 2048.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swwccp.html#wp1036318

Hope to help

Giuseppe

pcce5w2hlh · ‎12-30-2009

Hi Giuseppe,

Thanks for the info! Based on the diagram, can I remove the WCCP-enabled switch, and connect the MegaPop router can connect straight to the ProxySG and Firewall. Though this would require me to get additional FE modules to connect ProxySG and FW.

The MegaPop router is a Cisco2821.

Regards,

Bak

Giuseppe Larosa · ‎12-30-2009

Hello Tanhogbak,

one important note: WCCP works well in a multilayer switch if the web cache is directly connected because GRE encapsulation of diverted traffic is not supported.

If it is not so you should consider to enable WCCP on the C2821 router.

WCCP can be supported on C2821, for example there is support on 12.4T

for example in advanced ip services feature set

c2800nm-advipservicesk9-mz.124-20.T3.bin

requires 256 MB RAM, 64 MB flash

you can use feature navigator to check this

http://www.cisco.com/go/fn

search by image you put the image name currently running on your C2821 and you then check if WCCP is listed.

About using additional FE modules, do you mean etherswitch or router ports ?

I might make the difference.

Hope to help

Giuseppe

pcce5w2hlh · ‎12-30-2009

Hi Giuseppe,

I suppose the SP Services IOS would perform WCCPv2 as well.

What will the difference be using HWIC-4ESW or HWIC-2FE modules?

If I'm running WCCP to the ProxySG, which interface should I use?

Best Regards,

Hong Bak

Giuseppe Larosa · ‎12-31-2009

Hello Hong Bak,

a router interface as the one provided by HWIC-2FE is a safer choice because WCCP2 on it will work. I'm expressing a doubt regarding HWIC-4ESW for safety.

This second module HWIC-4ESW is intended to provide switchports like a small lan switch. So WCCP can work on it or not. It should be tested.

see

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_hwic_ethsw_ic_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1043334

Hope to help

Giuseppe