Need your help to troubleshoot the problem when configuring Content Engine Network Module. This is my first experience configuring the CE. I am using ISR 2821, IOS version 12.4 and ACNS version 5.5.3.
The environment is a college university. There have three (3) campuses. The ISR and the CE network module are behind the firewall and using static NAT configured in the firewall to go to the Internet. The policies for the static NAT is only allowed http and https. Each site is configured using the same concept.
The service running on the CE network module is only standard web cache and redirection on port 80 only. The WCCP version enable is version 2.
I do not have a problem when configured CE network module on College A and look that the CE is working properly. They have student, admin and IT vlan. Only the student vlan is using proxy server to access the Internet. Until now the CE is running and I do not receive a complaint from them.
When I am configuring the same CE network module on College B, for the first 10 minutes it is working properly. Suddenly, the access to the Internet becomes intermittent. All the student, admin and IT vlan cannot access the Internet. After 5-10 minutes the line is back to normal and it always repeating. College B environment is little bit different because they have another routers in between.
College A : User > Access switch > ISR 2821 + CE > Firewall > Internet
College B : User > Access switch > Router > Router > ISR 2821 > Firewall > Internet
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
no aaa new-model
ip wccp web-cache
ip name-server 220.127.116.11
description P2P Connection to DEF
ip address 192.168.111.1 255.255.255.240
no ip address
description Connection to ABCswitch
switchport mode trunk
description Connection to P2P
switchport access vlan 14
description Conncetion to FIREWALL
switchport access vlan 4
ip address 18.104.22.168 255.255.255.0
service-module ip address 22.214.171.124 255.255.255.0
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...