Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst 6500 block http incomplete request?

Hello everyone,

I have Catalyst 6500 in my nework, topology like this:

Users (many VLANs) ---> Catalyst6500 ---> SquidProxy ---> Internet

Many users have suffered from virus, there are many request to some sites not real in the internet (ex:,..); that causes SquidProxy out of service (down).

I want to block these requests on the Cat6500 so I use IP INSPECT feature, in the following link:

But it seems not to work as I expected: the users go to the Internet very slow, sometime Squid-Proxy is again down.

My question is :

Is there any feature in Catalyst 6500 that solve the problem?

If not, Which module or line card can I upgrade to the Catalyst 6500 to solve thoroughly?

Catayst 6500 use:

- IOS: s72033-ipservicesk9-mz.122-18.SXF6.bin

- CEF720 24 port 1000mb SFP WS-X6724-SFP

- 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX

- Supervisor Engine 720 WS-SUP720-3B

My config is:


ip inspect max-incomplete high 1200

ip inspect max-incomplete low 1000

ip inspect one-minute low 300

ip inspect one-minute high 400

ip inspect tcp max-incomplete host 50 block-time 10

ip inspect name DDOS http

ip inspect name DDOS tcp


interface Vlan100

description ### To Squid Proxy ###

ip inspect DDOS out


Many Thanks,



Re: Catalyst 6500 block http incomplete request?

Since CBAC is not supported in the hardware forwarding path of the 6500, it is likely the slowness you're seeing is a result of all of these packets being sent to software.

If you're looking for a faster way of doing URL filtering and firewall on the 6500, you probably want to look at the FWSM module. Here is the documentation:

New Member

Re: Catalyst 6500 block http incomplete request?

Thanks for reply,

"Since CBAC is not supported in the hardware forwarding path of the 6500"

->I really need some links or documents talking about this.