Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1301
Views
0
Helpful
3
Replies

WAAS WCCP 6500 ACL Redirection

tdorsey123
Level 1
Level 1

‎04-28-2010 04:47 PM

Hi All

      I'm sure I'm missing something simple here on a new install and I hope some one can point it out easily.  I implemented the following config which worked except it understandably broke connections as everything got redirected.  I'm running the WCCP config on a 6500 running 12.2(18) SXF


This config showed total redirected packets climbing sharply in a 'show ip wccp' on the 6500 but this config broke other things.

WAE:

interface GigabitEthernet 1/0
ip address 10.254.0.251 255.255.255.248

ip default-gateway 10.254.0.249

wccp router-list 1 10.254.0.249
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign

6500:

ip wccp 61
ip wccp 62

interface Vlan<vlans to be accelerated>
description Local VLAN to be accelerated
ip wccp 61 redirect in

interface Vlan <WAAS vlan>
description WAAS Devices(CM and WAE)
ip address 10.254.0.249 255.255.255.248

interface Vlan <Vlan for WAN transit>
description Incoming WAN VLAN
ip wccp 62 redirect in

To try and limit redirection to just LAN space I swapped this:

ip wccp 61

ip wccp 62

for this:

Ip access-list ext WAAS_Inbound

  Permit ip 10.22.0.0 0.0.255.255 10.0.0.0 0.0.255.255

Ip access-l ext WAAS_Outbound

Permit ip 10.0.0.0 0.0.255.255 10.22.0.0 0.0.255.255

Ip wccp 62 redirect-list WAAS_Inbound

Ip wccp 61 redirect-list WAAS_Outbound

Once I did this, 'show ip wccp'  on the 6500 stopped showing redirected packets but did start showing packets being denied redirect.  Optimization stopped(according to the GUI) and I saw no hits on the access-lists(should I?).

Thanks for your help in advance.

0 Helpful
3 Replies 3

Zach Seils
Level 7
Level 7

‎05-07-2010 10:58 AM

A fews questions/comments:

  • What type of Supervisor are you using?
  • What is the exact version of software you are using?
  • The fact that the 'packets redirected' counter is incrementing is a bad thing on the 6500.  It means that the redirection is happening in software.

Can you also provide the output from the following commands:

  • sh ip wccp
  • sh ip wccp 61 det
  • sh ip wccp 62 det

Thanks,

Zach

0 Helpful

tdorsey123
Level 1
Level 1
In response to Zach Seils

‎05-19-2010 04:59 PM

I changed the redirect access-lists from "permit ip " to "permit ip any" and this seems to have fixed the problem.  Thanks for the input

0 Helpful

Zach Seils
Level 7
Level 7
In response to tdorsey123

‎05-20-2010 06:46 AM

It shouldn't have made a difference, unless you were running into some bug or limitation.  If you'd like to troubleshoot further, let me know.

Regards,

Zach

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents