WCCP Configuration on Catalyst 3750G

rene.schmid · ‎07-06-2010

Hi guys,

I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.

Here is the Situation.

VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.

VLAN 147 IP Address of the Catalyst is 172.30.47.1

IP of the IronPort Appliance is 172.30.47.10

IP of the HP Coreswitch is 172.30.47.2

Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa.

In have configured these settings.

ip wccp web-cache group-list 15 password 7 091D1C5A
ip wccp 80 redirect-list 16 group-list 15 password 7 14464058

interface GigabitEthernet1/0/22
description IRONPORT P1 BUWOG
switchport access vlan 147
switchport mode access

interface Vlan115
ip address 172.30.15.2 255.255.255.0
standby 10 ip 172.30.15.1
standby 10 priority 90
standby 10 preempt
standby 10 track Vlan115
!
interface Vlan147
ip address 172.30.47.1 255.255.255.0
ip wccp web-cache redirect in
ip wccp 80 redirect in

access-list 15 permit 172.30.47.10
access-list 15 permit 172.30.47.1
access-list 16 permit 10.0.0.0 0.255.255.255
access-list 115 permit tcp 10.0.0.0 0.255.255.255 any eq www

ip route 0.0.0.0 0.0.0.0 172.30.15.4
ip route 10.5.0.0 255.255.0.0 172.30.47.2
ip route 10.10.0.0 255.255.0.0 172.30.47.2
ip route 10.11.0.0 255.255.0.0 172.30.47.2
ip route 10.12.0.0 255.255.0.0 172.30.47.2
ip route 10.13.0.0 255.255.0.0 172.30.47.2
ip route 10.14.0.0 255.255.0.0 172.30.47.2
ip route 10.15.0.0 255.255.0.0 172.30.47.2
ip route 10.16.0.0 255.255.0.0 172.30.47.2
ip route 10.20.0.0 255.255.0.0 172.30.47.2
ip route 172.16.0.0 255.255.252.0 172.30.47.2
ip route 172.30.0.0 255.255.0.0 172.30.15.1
ip route 192.168.0.0 255.255.0.0 172.30.47.2

VIE-HK-SW01#sh ip wccp 80 detail
WCCP Client information:
        WCCP Client ID:          172.30.47.10
        Protocol Version:        2.0
       State:                   Usable
        Redirection:             L2
        Packet Return:           L2
       Packets Redirected:    0   <----- no packets were redirected
        Connect Time:          00:06:41
        Assignment:            MASK

        Mask SrcAddr    DstAddr    SrcPort DstPort
        ---- -------    -------    ------- -------
        0000: 0x00000000 0x00000526 0x0000 0x0000

        Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
        ----- -------    -------    ------- ------- -----
        0000: 0x00000000 0x00000000 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0001: 0x00000000 0x00000002 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0002: 0x00000000 0x00000004 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0003: 0x00000000 0x00000006 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0004: 0x00000000 0x00000020 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0005: 0x00000000 0x00000022 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0006: 0x00000000 0x00000024 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0007: 0x00000000 0x00000026 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0008: 0x00000000 0x00000100 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0009: 0x00000000 0x00000102 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0010: 0x00000000 0x00000104 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0011: 0x00000000 0x00000106 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0012: 0x00000000 0x00000120 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0013: 0x00000000 0x00000122 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0014: 0x00000000 0x00000124 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0015: 0x00000000 0x00000126 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0016: 0x00000000 0x00000400 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0017: 0x00000000 0x00000402 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0018: 0x00000000 0x00000404 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0019: 0x00000000 0x00000406 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0020: 0x00000000 0x00000420 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0021: 0x00000000 0x00000422 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0022: 0x00000000 0x00000424 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0023: 0x00000000 0x00000426 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0024: 0x00000000 0x00000500 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0025: 0x00000000 0x00000502 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0026: 0x00000000 0x00000504 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0027: 0x00000000 0x00000506 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0028: 0x00000000 0x00000520 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0029: 0x00000000 0x00000522 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0030: 0x00000000 0x00000524 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0031: 0x00000000 0x00000526 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)

VIE-HK-SW01#sh ip wccp

    Service Identifier: 80
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        0
          Process:                           0
          CEF:                               0
        Redirect access-list:                16
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   15
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0

Any ideas??

Thanks for help.

Rene

Hitesh Vinzoda · ‎07-06-2010

Hi,

Is the password configured for WCCP on switch is same as on the appliance..?? try without password if possible..

Also in group list exclude the ip address of the switch i.1

Hitesh Vinzoda

Pls rate useful posts

rene.schmid · ‎07-06-2010

hi,

yes the password is the same. you get the debug message authentication missmatch if the password is wrong and the state of the wccp client is not useable.

I excluded the IP of the VLAN Interface, no change

Rene

rene.schmid · ‎07-06-2010

Attached is a debug from the switch

080225: Jul 6 15:43:42.256: WCCP-EVNT:wccp_update_assignment_status: enter
080226: Jul 6 15:43:42.256: WCCP-EVNT:wccp_update_assignment_status: exit
080227: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080228: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080229: Jul 6 15:43:42.256: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080230: Jul 6 15:43:42.256: WCCP-EVNT:wccp_validate_wc_assignments: enter
080231: Jul 6 15:43:42.256: WCCP-EVNT:wccp_validate_wc_assignments: exit
080232: Jul 6 15:43:42.256: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080233: Jul 6 15:43:42.256: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021E8
080234: Jul 6 15:43:52.247: WCCP-EVNT:wccp_update_assignment_status: enter
080235: Jul 6 15:43:52.247: WCCP-EVNT:wccp_update_assignment_status: exit
080236: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080237: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080238: Jul 6 15:43:52.247: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080239: Jul 6 15:43:52.247: WCCP-EVNT:wccp_validate_wc_assignments: enter
080240: Jul 6 15:43:52.247: WCCP-EVNT:wccp_validate_wc_assignments: exit
080241: Jul 6 15:43:52.247: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080242: Jul 6 15:43:52.255: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021E9
VIE-HK-SW01#
VIE-HK-SW01#
080243: Jul 6 15:44:02.221: WCCP-EVNT:wccp_update_assignment_status: enter
080244: Jul 6 15:44:02.221: WCCP-EVNT:wccp_update_assignment_status: exit
080245: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080246: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080247: Jul 6 15:44:02.221: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080248: Jul 6 15:44:02.221: WCCP-EVNT:wccp_validate_wc_assignments: enter
080249: Jul 6 15:44:02.221: WCCP-EVNT:wccp_validate_wc_assignments: exit
080250: Jul 6 15:44:02.221: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080251: Jul 6 15:44:02.221: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021EA
080252: Jul 6 15:44:12.253: WCCP-EVNT:wccp_update_assignment_status: enter
080253: Jul 6 15:44:12.253: WCCP-EVNT:wccp_update_assignment_status: exit
080254: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
080255: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: reuse orig mask info (540 bytes)
080256: Jul 6 15:44:12.253: WCCP-EVNT:wccp_copy_wc_assignment_data: exit
080257: Jul 6 15:44:12.253: WCCP-EVNT:wccp_validate_wc_assignments: enter
080258: Jul 6 15:44:12.253: WCCP-EVNT:wccp_validate_wc_assignments: exit
080259: Jul 6 15:44:12.253: WCCP-EVNT: L2 adjacency added for 172.30.47.10
080260: Jul 6 15:44:12.253: WCCP-PKT:D80: Sending I_See_You packet to 172.30.47.10 w/ rcv_id 000021EB

VIE-HK-SW01#sh ip wccp 80 detail
WCCP Client information:
        WCCP Client ID:          172.30.47.10
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:    0
        Connect Time:          1d00h
        Assignment:            MASK

        Mask SrcAddr    DstAddr    SrcPort DstPort
        ---- -------    -------    ------- -------
        0000: 0x00000000 0x00000526 0x0000 0x0000

        Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
        ----- -------    -------    ------- ------- -----
        0000: 0x00000000 0x00000000 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0001: 0x00000000 0x00000002 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0002: 0x00000000 0x00000004 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0003: 0x00000000 0x00000006 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0004: 0x00000000 0x00000020 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0005: 0x00000000 0x00000022 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0006: 0x00000000 0x00000024 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0007: 0x00000000 0x00000026 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0008: 0x00000000 0x00000100 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0009: 0x00000000 0x00000102 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0010: 0x00000000 0x00000104 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0011: 0x00000000 0x00000106 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0012: 0x00000000 0x00000120 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0013: 0x00000000 0x00000122 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0014: 0x00000000 0x00000124 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0015: 0x00000000 0x00000126 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0016: 0x00000000 0x00000400 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0017: 0x00000000 0x00000402 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0018: 0x00000000 0x00000404 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0019: 0x00000000 0x00000406 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0020: 0x00000000 0x00000420 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0021: 0x00000000 0x00000422 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0022: 0x00000000 0x00000424 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0023: 0x00000000 0x00000426 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0024: 0x00000000 0x00000500 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0025: 0x00000000 0x00000502 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0026: 0x00000000 0x00000504 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0027: 0x00000000 0x00000506 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0028: 0x00000000 0x00000520 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0029: 0x00000000 0x00000522 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0030: 0x00000000 0x00000524 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)
        0031: 0x00000000 0x00000526 0x0000 0x0000 0xAC1E2F0A (172.30.47.10)

Hitesh Vinzoda · ‎07-06-2010

Hi,

I have 2 points to make

The application engines and switches in the same service group must be in the same subnetwork directly connected to the switch that has WCCP enabled.

•Configure the switch interfaces that are connected to the web clients, the application engines, and the web server as Layer 3 interfaces (routed ports and switch virtual interfaces [SVIs]). For WCCP packet redirection to work, the servers, application engines, and clients must be on different subnets.

HTH

Hitesh Vinzoda

Pls rate useful posts

rene.schmid · ‎07-06-2010

the webclients are behind the hp switches on the ip address 172.30.47.2 and they are on different subnets.

the webtraffic goes to the default route to the vlan 115. The application engine is on a layer 2 interface. I can't change this without planning with the customer, because about 600 user's are using the ip address directly in the internet browser and for the travel users we wan't to use the wccp for redirection.

thanks

rene

emazzaer · ‎02-26-2013

Hello Rene,

By any chance do you have the SDM template set to desktop routing, in these devices if you have it as default you will see WCCP up but no redirection will be happening.