07-06-2010 03:52 AM - edited 03-06-2019 11:54 AM
Hi guys,
I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.
Here is the Situation.
VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.
VLAN 147 IP Address of the Catalyst is 172.30.47.1
IP of the IronPort Appliance is 172.30.47.10
IP of the HP Coreswitch is 172.30.47.2
Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa.
In have configured these settings.
ip wccp web-cache group-list 15 password 7 091D1C5A
ip wccp 80 redirect-list 16 group-list 15 password 7 14464058
interface GigabitEthernet1/0/22
description IRONPORT P1 BUWOG
switchport access vlan 147
switchport mode access
interface Vlan115
ip address 172.30.15.2 255.255.255.0
standby 10 ip 172.30.15.1
standby 10 priority 90
standby 10 preempt
standby 10 track Vlan115
!
interface Vlan147
ip address 172.30.47.1 255.255.255.0
ip wccp web-cache redirect in
ip wccp 80 redirect in
access-list 15 permit 172.30.47.10
access-list 15 permit 172.30.47.1
access-list 16 permit 10.0.0.0 0.255.255.255
access-list 115 permit tcp 10.0.0.0 0.255.255.255 any eq www
ip route 0.0.0.0 0.0.0.0 172.30.15.4
ip route 10.5.0.0 255.255.0.0 172.30.47.2
ip route 10.10.0.0 255.255.0.0 172.30.47.2
ip route 10.11.0.0 255.255.0.0 172.30.47.2
ip route 10.12.0.0 255.255.0.0 172.30.47.2
ip route 10.13.0.0 255.255.0.0 172.30.47.2
ip route 10.14.0.0 255.255.0.0 172.30.47.2
ip route 10.15.0.0 255.255.0.0 172.30.47.2
ip route 10.16.0.0 255.255.0.0 172.30.47.2
ip route 10.20.0.0 255.255.0.0 172.30.47.2
ip route 172.16.0.0 255.255.252.0 172.30.47.2
ip route 172.30.0.0 255.255.0.0 172.30.15.1
ip route 192.168.0.0 255.255.0.0 172.30.47.2
VIE-HK-SW01#sh ip wccp 80 detail
WCCP Client information:
WCCP Client ID: 172.30.47.10
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 0 <----- no packets were redirected
Connect Time: 00:06:41
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00000000 0x00000526 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0001: 0x00000000 0x00000002 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0002: 0x00000000 0x00000004 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0003: 0x00000000 0x00000006 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0004: 0x00000000 0x00000020 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0005: 0x00000000 0x00000022 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0006: 0x00000000 0x00000024 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0007: 0x00000000 0x00000026 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0008: 0x00000000 0x00000100 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0009: 0x00000000 0x00000102 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0010: 0x00000000 0x00000104 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0011: 0x00000000 0x00000106 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0012: 0x00000000 0x00000120 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0013: 0x00000000 0x00000122 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0014: 0x00000000 0x00000124 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0015: 0x00000000 0x00000126 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0016: 0x00000000 0x00000400 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0017: 0x00000000 0x00000402 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0018: 0x00000000 0x00000404 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0019: 0x00000000 0x00000406 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0020: 0x00000000 0x00000420 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0021: 0x00000000 0x00000422 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0022: 0x00000000 0x00000424 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0023: 0x00000000 0x00000426 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0024: 0x00000000 0x00000500 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0025: 0x00000000 0x00000502 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0026: 0x00000000 0x00000504 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0027: 0x00000000 0x00000506 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0028: 0x00000000 0x00000520 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0029: 0x00000000 0x00000522 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0030: 0x00000000 0x00000524 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0031: 0x00000000 0x00000526 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
VIE-HK-SW01#sh ip wccp
Service Identifier: 80
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: 16
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: 15
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
Any ideas??
Thanks for help.
Rene
07-06-2010 06:04 AM
Hi,
Is the password configured for WCCP on switch is same as on the appliance..?? try without password if possible..
Also in group list exclude the ip address of the switch i.1
Hitesh Vinzoda
Pls rate useful posts
07-06-2010 06:17 AM
hi,
yes the password is the same. you get the debug message authentication missmatch if the password is wrong and the state of the wccp client is not useable.
I excluded the IP of the VLAN Interface, no change
Rene
07-06-2010 06:46 AM
Attached is a debug from the switch
080225: Jul 6 15:43:42.256: WCCP-EVNT:wccp_update_assignment_status: enter
080226: Jul 6 15:43:42.256: WCCP-EVNT:wccp_update_assignment_status: exit
080227: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080228: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080229: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080230: Jul 6 15:43:42.256: WCCP-EVNT:wccp_validate_wc_assignments: enter
080231: Jul 6 15:43:42.256: WCCP-EVNT:wccp_validate_wc_assignments: exit
080232: Jul 6 15:43:42.256: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080233: Jul 6 15:43:42.256: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021E8
080234: Jul 6 15:43:52.247: WCCP-EVNT:wccp_update_assignment_status: enter
080235: Jul 6 15:43:52.247: WCCP-EVNT:wccp_update_assignment_status: exit
080236: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080237: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080238: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080239: Jul 6 15:43:52.247: WCCP-EVNT:wccp_validate_wc_assignments: enter
080240: Jul 6 15:43:52.247: WCCP-EVNT:wccp_validate_wc_assignments: exit
080241: Jul 6 15:43:52.247: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080242: Jul 6 15:43:52.255: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021E9
VIE-HK-SW01#
VIE-HK-SW01#
080243: Jul 6 15:44:02.221: WCCP-EVNT:wccp_update_assignment_status: enter
080244: Jul 6 15:44:02.221: WCCP-EVNT:wccp_update_assignment_status: exit
080245: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080246: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080247: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080248: Jul 6 15:44:02.221: WCCP-EVNT:wccp_validate_wc_assignments: enter
080249: Jul 6 15:44:02.221: WCCP-EVNT:wccp_validate_wc_assignments: exit
080250: Jul 6 15:44:02.221: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080251: Jul 6 15:44:02.221: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021EA
080252: Jul 6 15:44:12.253: WCCP-EVNT:wccp_update_assignment_status: enter
080253: Jul 6 15:44:12.253: WCCP-EVNT:wccp_update_assignment_status: exit
080254: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080255: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080256: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080257: Jul 6 15:44:12.253: WCCP-EVNT:wccp_validate_wc_assignments: enter
080258: Jul 6 15:44:12.253: WCCP-EVNT:wccp_validate_wc_assignments: exit
080259: Jul 6 15:44:12.253: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080260: Jul 6 15:44:12.253: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021EB
VIE-HK-SW01#sh ip wccp 80 detail
WCCP Client information:
WCCP Client ID: 172.30.47.10
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 1d00h
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00000000 0x00000526 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0001: 0x00000000 0x00000002 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0002: 0x00000000 0x00000004 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0003: 0x00000000 0x00000006 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0004: 0x00000000 0x00000020 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0005: 0x00000000 0x00000022 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0006: 0x00000000 0x00000024 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0007: 0x00000000 0x00000026 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0008: 0x00000000 0x00000100 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0009: 0x00000000 0x00000102 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0010: 0x00000000 0x00000104 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0011: 0x00000000 0x00000106 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0012: 0x00000000 0x00000120 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0013: 0x00000000 0x00000122 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0014: 0x00000000 0x00000124 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0015: 0x00000000 0x00000126 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0016: 0x00000000 0x00000400 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0017: 0x00000000 0x00000402 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0018: 0x00000000 0x00000404 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0019: 0x00000000 0x00000406 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0020: 0x00000000 0x00000420 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0021: 0x00000000 0x00000422 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0022: 0x00000000 0x00000424 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0023: 0x00000000 0x00000426 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0024: 0x00000000 0x00000500 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0025: 0x00000000 0x00000502 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0026: 0x00000000 0x00000504 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0027: 0x00000000 0x00000506 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0028: 0x00000000 0x00000520 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0029: 0x00000000 0x00000522 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0030: 0x00000000 0x00000524 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
0031: 0x00000000 0x00000526 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
07-06-2010 08:01 AM
Hi,
I have 2 points to make
The application engines and switches in the same service group must be in the same subnetwork directly connected to the switch that has WCCP enabled.
•Configure the switch interfaces that are connected to the web clients, the application engines, and the web server as Layer 3 interfaces (routed ports and switch virtual interfaces [SVIs]). For WCCP packet redirection to work, the servers, application engines, and clients must be on different subnets.
HTH
Hitesh Vinzoda
Pls rate useful posts
07-06-2010 08:16 AM
the webclients are behind the hp switches on the ip address 172.30.47.2 and they are on different subnets.
the webtraffic goes to the default route to the vlan 115. The application engine is on a layer 2 interface. I can't change this without planning with the customer, because about 600 user's are using the ip address directly in the internet browser and for the travel users we wan't to use the wccp for redirection.
thanks
rene
02-26-2013 12:25 PM
Hello Rene,
By any chance do you have the SDM template set to desktop routing, in these devices if you have it as default you will see WCCP up but no redirection will be happening.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide