cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6615
Views
0
Helpful
2
Replies

WCCP redirect on 4507 to ironport

Justin Westover
Level 1
Level 1

I am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out what I'm doing wrong here!

ip wccp web-cache group-list IRONPORT-GROUPLIST

ip wccp source-interface GigabitEthernet2/24

!

Interface Vlan160

ip address 10.10.16.1 255.255.254.0

ip wccp web-cache redirect out

!

ip access-list IRONPORT-GROUPLIST

permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)

On the ironport I setup web-cache under transparent redirection and provided the IP address I used to source from above (GigabitEthernet2/24). Here is the output I get on the 4507:

10CSW-LAN1#sh ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier:                   10.11.1.9
        Configured source-interface:         GigabitEthernet2/24
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets Redirected:            0
          Process:                           0
          CEF:                               0
          Platform:                          0
        Service mode:                        Open
        Service Access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   IRONPORT_GROUPLIST
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total GRE Bypassed Packets Received: 0
          Process:                           0
          CEF:                               0
          Platform:                          0

                 

Here is the debug output:

2w3d: WCCP-EVNT:Process: Start V2 (138)

2w3d: WCCP-EVNT:Successfully opened UDP socket

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers

2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate

2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10

2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80

2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)

2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10

10CSW-LAN1(config)#

2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)

2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)

2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)

2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: setting up wc mask assignments

2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)

2w3d: WCCP-EVNT:S0: copy blank current info

2w3d: WCCP-EVNT:S0: Assignment wait timer stopped

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4

10CSW-LAN1(config)#

2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

2w3d: WCCP-EVNT:Process: Start V2 (138)

2w3d: WCCP-EVNT:Successfully opened UDP socket

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:router-id set (initialise) 0.0.0.0 => 10.11.1.9

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: allocate wc orig mask info (540 bytes)

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:1

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated transmit interval to: 10000

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updated timer scaling factors to: 1 and 1

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group methods

2w3d: WCCP-EVNT:S0: HIA from 10.11.1.10 updating group timers

2w3d: WCCP-EVNT:S0: no srvc grp mask data to validate

2w3d: WCCP-EVNT:S0: created adjacency interest, 10.11.1.10

2w3d: WCCP-EVNT:S0: nexthop update oce for wc 10.11.1.10, 0x0 -> 0x23C10CF0 IP adj out of GigabitEthernet2/24, addr 10.11.1.10 23C10C80

2w3d: WCCP-EVNT:S0: track nexthop for wc 10.11.1.10 (OK)

2w3d: %WCCP-5-SERVICEFOUND: Service web-cache acquired on WCCP client 10.11.1.10

10CSW-LAN1(config)#

2w3d: WCCP-PKT:S0: Received HIA from 10.11.1.10, rcv_id:1

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: deallocate rtr_view (24 bytes)

2w3d: WCCP-EVNT:S0: allocate mask rtr_view (572 bytes)

2w3d: WCCP-EVNT:S0: copy orig info (540 bytes)

2w3d: WCCP-EVNT:S0: Assignment wait timer restarted, delay 50000

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: setting up wc mask assignments

2w3d: WCCP-EVNT:S0: allocate current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: set wc current assign info (540 bytes)

2w3d: WCCP-EVNT:S0: RA from 10.11.1.10 (id: 10.11.1.10), assignment key set to 10.11.1.10,3

2w3d: WCCP-EVNT:S0: Building new router view

2w3d: WCCP-EVNT:S0: reuse rtr_view (44 of 572 bytes)

2w3d: WCCP-EVNT:S0: copy blank current info

2w3d: WCCP-EVNT:S0: Assignment wait timer stopped

2w3d: WCCP-EVNT:S0: Built new router view: 1 routers, 1 usable WCCP clients, change # 2

2w3d: WCCP-PKT:S0: Received RA from 10.11.1.10, rcv_id:2

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:3

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:4

10CSW-LAN1(config)#

2w3d: %SEC-6-IPACCESSLOGP: list IRONPORT_GROUPLIST permitted udp 10.11.1.10(0) -> 10.11.1.9(0), 5 packets

10CSW-LAN1(config)#

2w3d: WCCP-EVNT:S0: updating wc orig assign info

2w3d: WCCP-EVNT:S0: reuse wc orig mask info (540 bytes)

2w3d: WCCP-EVNT:S0: wc assignment validated

2w3d: WCCP-PKT:S0: Sending ISY to 10.11.1.10, rcv_id:5

2 Replies 2

Christian Rahl
Level 1
Level 1

I would recommend doing the following. Also feel free to call into the ironport support line. It is listed at the bottom of the page.

  • Change the wccp service to service-number 90
  • Try to redirect inbound traffic not outbound traffic.
  • Set Load-balancing to mask
  • Set forward method to L2
  • Set return method to L2

ip wccp 90 group-list IRONPORT-GROUPLIST  <- Set the wccp service-number

ip wccp source-interface GigabitEthernet2/24

!

Interface Vlan160

ip address 10.10.16.1 255.255.254.0

ip wccp 90 redirect out  <- Set the WCCP Service-number try to redirect inbound traffic

!

ip access-list IRONPORT-GROUPLIST

permit ip any host 10.11.1.10 (10.11.1.10 is the ironport proxy IP address)

Below is an example of how you should setup your ironport for a customer service number. Place the port numbers that you want to redirect.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

c.spescha
Level 1
Level 1

hi

I have the same setup, and it works.

--> sh ip wccp web-cache detail

are you using GRE or L2?

regards

Claudio

Sent from Cisco Technical Support iPad App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: