There are two 6500 core switches and firewall modules in our network environemnt.we use the same ISP as internal (between branches each other)and internet connection.The all traffics of internet will be gone through the same firewall module in our data center. We also use the same L2 switch (for internal and internet) to uplick our ISP.For using WCCP,we have to pickup an internafce as redirect interface.We know that the 'ip wccp web-cache redirect out' command must be implemented on the outbound interface going to the Internet.But how to choose ounbound interface in our environment? how about the port connect to L2 switch? but it included in internal and inertnet traffic. Could you give me some advice? Thanks a lot!
we use the 3rd party proxy server. It is Blue coat solution. It also supports WCCP.
The L2 switch is out as WCCP requires L3 functionality to be enabled to work.
You have 2 different solutions to use on the CAT6K depending on if you want to redirect before or after the firewall inspects the traffic. To exclude your internal traffic, I would consider using a wccp redirect-list (ACL) to exclude interception of your addresses that are internal and only intercept your internet bound traffic.
1. Inbound on your LAN interfaces, using wccp-redirect list to exclude the local traffic. This would be before your firewall inspects the traffic.
2. Using outbound on the ISP link, again excluding your internal traffic. This would be after your firewall inspects the traffic.
If you could separate your ISP and internal traffic, that would be optimal, however, from what you describe, I think using the wccp redirect-list is your best bet.
If you are on the LAN interface of the switch, I would use "ip wccp web-cache redirect in", not out. You want to cache the requests coming "in" to the interface from the users, not going "out" after hitting the remote web server.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...