Cisco Switching/Routing :: 3560 With WCCP Not Working Correctly
Jun 17, 2012
I am trying to configure a 3560 (Version 12.2(55)SE3) with IPServices to run WCCP to two to an Ironport WSA.
I believe everything is setup correctly, however WCCP is still not operational. I have check the debug logs on the switch and I'm presented with a number of messages along the lines of...
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: enter
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_update_assignment_status: exit
*Mar 1 03:44:47.891: WCCP-EVNT:wccp_copy_wc_assignment_data: enter
I'm testing WCCP in a lab environment (Another checkbox on my way to CCIE).The setup- a WS-C3560-8PC switch running IOS 15.0(1), IP Services with crypto.- Two client computers connected by wire to the switch, running Windows 7.- A virtual machine in bridged mode running on one of the machines, running OpenBSD 5.0 with Squid 2.7 installed and running.- Everything in the same subnet: 192.168.163.0/24, the OpenBSD is at .5, the switch at .3 and functions as the default-gateway for the computers with no ICMP redirects (the real gateway is at .1 but the switch forwards everything).Squid seems to work, albeit inefficient, but that's not the issue.illing in the IP of the OpenBSD in the browser as proxy with the proper port works.Since the 3560 does only support WCCP over layer 2 adjacencies and masks, not hash buckets, I've configured these options on both the Squid and the 3560.
I have a Catalyst 3750 switch configured in a network. I would like an additional 3750 switch as a "hot" standby. A 2nd 3750 switch was purchased, and the same configuration was entered in to the new switch, so I have 2 switches with the exact same configuration.
When I move the connections to the new switch, I have a few VLANs that do not come up. One VLAN does come up and work normally. The VLANs in question show down, protocol down, and a show ip route reveals routes to the networks on these VLANs are not there When I put everything back on the original switch, everything works normally.
Why would the new switch not work with the exact same configuration?
We bought a 3560 PoE switch to replace tons of PoE-injectors but when connecting the devices our logs were flooded with
Mar 11 15:09:20.725: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD Mar 11 15:09:20.725: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied Mar 11 15:09:20.968: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down Mar 11 15:09:20.985: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD Mar 11 15:09:20.985: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
While the message seems quite clear im wondering if there's any workaround on the problem?
We are using mac authentication, it is working fine on all of the other 3560's except this new one.
Mac address shows up completely different (very long hex, doesnt even look like a mac address) on ACS compared to what its showing on the switch in the mac address table.
Im stumped, config matches every other 3560 in the building, has something changed in the v2 software compared to the older 3560's ?
I am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big files over this link and I'm able to see 30- 40Mbps or more. You can see from the show int - rate-limit command that parameters are never showing exceented so nothing has been dropped. [code]
We have two Cisco switches with one 3560 and one 3750 we have created a new Vlan 4 with IP 10.1.3.x 255.255.255.0 - no shut then assigne to gi 2/0/46 on the 3560 Vlan 4 ip address 10.1.3.x 255.255.255.0 no shut then assign to FA0/45. All interfaces are up up along with the Vlan up up, we can ping the local IP address bu not able to pint the other switch.
I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
I am trying to enable wccp on 6509. Its works fine on port 80 but not with https (443). Also i have noticed when i use the following
ip wccp web-cache redirect in similarly adding to interface HTTP works. but when i use the service no 0 instead of web-cache even the HTTP stops working. wccp v2 is enabled in the switch. Both the source & the Squid server are in same V LAN.
I have been tasked to setup a Transparent Squid proxy and do redirection on a Cisco 6513 Switch.I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected. Vlan 10 is where the Squid proxy is sitting. [code]
I have a Head Quarter and a remote site running over a OC3 circuit. [code]
On the HQ, I have a Cisco VXR7204 running IOS 12.4.15T(10) Advanced IP Serviceand the remote site is a Cisco 2851 also running IOS 12.4.15T(10) Advanced Ip Service. The HQ has a Riverbed Steelhead 5050H capable of delivering 100MbpsWCCP throughput. The remote site has a Riverbed Steelhead 1050H which can deliver 10Mbps WCCP throughput. At the HQ, the LAN network is 192.168.251.0/24.The Steelhead residing on the 192.168.251.0 network.At the remote site, the LAN network is 192.168.103.0/24 and 192.168.211.0/24.The Riverbed resides on the 192.168.103.0/24 network.
When a host on network 192.168.211.0/24 download a file from network192.168.251.0/24 network via http, the CPU on the Cisco 2851 goes to 99% utilization and that it stays there for the duration of the http session. There is very little traffic goes across the WAN whichis the way it should be but the CPU on the 2851 stays at constant at99% CPU utilization.
Why would WCCP consume so much CPU on the Cisco 2851? By the way, I am only getting about 5Mbps download instead of 90Mbps download, I think because of the high CPU on the router?
I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.
VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.
VLAN 147 IP Address of the Catalyst is 172.30.47.1
IP of the IronPort Appliance is 172.30.47.10
IP of the HP Coreswitch is 172.30.47.2
Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa. In have configured these settings.
ip wccp web-cache group-list 15 password 7 091D1C5Aip wccp 80 redirect-list 16 group-list 15 password 7 14464058 interface GigabitEthernet1/0/22 description IRONPORT P1 BUWOG switchport access vlan 147 switchport mode access interface Vlan115 ip address 172.30.15.2 255.255.255.0 standby 10 ip 172.30.15.1 standby 10 priority 90 standby 10 preempt standby 10 track Vlan115!interface Vlan147 ip address 172.30.47.1 255.255.255.0 ip wccp web-cache redirect in ip wccp 80 redirect in
Today, my customer have 1 project that have to deploy Cisco 3750 to redirect wccpv2 to Websense Security Gateway.However, i can't excute "ip wccp redirect out" on Cisco Catalyst 3750.
I would like to apply a policy-based route on one of our L3 switches (Cisco 3750) to change the next-hop of a couple of servers only. The VLAN where those servers reside got WCCP enabled on it. When I want to apply the route-policy to that VLAN interface it doesn't let me. When I try to apply the same policy to a VLAN interface without WCCP it does work. Is there any Cisco IOS limitations that would prevent me from doing that?
One of the two supervisors in an IOS 6509-E did not come back up after a power outage. The failed supervisor in slot 5 was replaced and it booted successfully. However, the supervisor in slot 5 only booted up to a "Cold" state. I did notice the Hw version of the replacement module in slot 5 is 4.9 while the Hw version in the supervisor module in slot 6 is 4.8. What command do I need to issue to bring the supervisor module in slot 5 from "Cold" to "Hot"? [code]
I have a Cisco 7206VXR running 12.4(24)T3 IOS. It is configured with WCCPv2 using L2 mask redirection. I am using service groups and associated extended ACLs to select which subnets I want to redirect port 80 traffic from.
It is working fine for the subnet 192.168.1.0/24....
int gi0/2 ip wccp 10 redirect in ip address 192.168.1.99 255.255.255.0
... however, there is OSPF running between the router and a Mikrotik device directly connected to this interface. The gateway addresses for all the client subnets are on the Mikrotik. Traffic from other subnets, e.g. 192.168.2.0/24, 192.168.3.0/24 come in on this interface and I want to redirect those too. But it appears that the redirection doesn't work for those subnets (I don't see any hits on the relevant ACL for any subnet except 192.168.1.0/24).
It seems like the router only wants to redirect traffic for subnets that it has an IP address in itself. Admittedly, all of the example configs i've found on cisco.com are for redirecting traffic from directly connected subnets but I can't find anything that denies thie possibility of redirecting any traffic that comes in on a given interface.
The question is, is this how WCCPv2 redirection works? i.e., the router must have an IP address in the subnet to be redirected?
and i see output "show interface Po4A" up up on switch-1, "show interface Po4B" up up on switch-2
5.- In the show running-config not appear configured Po4A and Po4B. it only show on outputs
6.- Po4A and Po4 was not configured on neither switches, my question is why appear Po4A and Po4B on switch-1 and switch-2 respectively? and why Po4 appear in down down.
7.- I solved this issue by shutdown and not shutdown to the interfaces on both routers, currently all is OK.
I'm using a Cisco AG3560 to run my wccp re-direct and have a McAfee for my web gateway. My IP for the web gateway is 10.1.252.19, and my wccp router is 10.1.3.10. For whatever reason the web gateway is able to see the router and the "here i am packets" but I cannot get anything to redirect to it. My wccp config is below.
ip wccp 51 redirect-list 120 ! interface Loopback0 ip address 10.1.254.17 255.255.255.255
[code]...
I have the Web Gatewy setup with process 51 and my router on the WG is 10.1.252.10.
I recently aquired a 2nd AP1140, however when i configure it for WPA 2 it works inconsistent, a ping for example will work only for 33% of the time.The same client has no issues with my 1st AP using WPA2, with the 2nd AP WEP works without a glitch.
we are running CiscoPrime LMS 4.1 and I have the following problem.I have configured SNMP Settings as shown below (the order of the targets is exactly as it is configured on the server):As can be seen we use three different read community strings. I also have exluded a bunch of IP ranges and IPs from the filter settings. When I manually start discovery everything works fine, meaning that all devices in the above ranges that need to be discovered are discovered as "reachable". The problem appears in the scheduled discovery (happens once daily). In that case only the devices with Read Community snmp1, get discovered as "reachable". All other devices with Read community snmp2 & snmp3, as well as those that are excluded in the filter settings, are discovered as "unreachable".The discovery uses DCR as seed and seed devices are also configured.I also have a problem with PingSweep in the discovery, but I will open another discussion so that I don't complicate this one too much.
We have two laptop computers and our Tivo hooked up to use the wireless internet through our cable company with a Belkin router. Over Christmas we got a camera that emails directly from it, and it told us to press the WSP button on the Belkin router. The camera magically worked, however our computers did not work anymore! After an hour long phone call to Belkin, I got one of my computers to work normally again. However the 2nd laptop won't connect to the internet and our tivo isn't picking it up either, which mean our shows are not recording.
Also, I'm using two apple computers. When I attempt to hook up the airport network, it says "unable to join the network."
My RV220w has a problem with DNS. I have configured the device for my network, but it seems as though DNS is not working correctly. For a background, I have a primarily Windows environment in my network, W7 PCs. I use homegroup to share files/printers amongst them. I like that I can type "\<server-name> in the Windows search box, and up comes the other computer's files. This functionality is still there with the RV220w, so that's not my issue. My problem arises when attempting to type "<server-name>" into the Remote Desktop Connection dialog box. I can no longer RDP to my other computers by name. Attempting by IP does get me there.
We have LMS 4.1 - it was working perfectly for some time - it was rebooted and now the services don't start correctly. I manually started most of the services but the Daemon service will not start.
The main page comes up and after I log in - all the sections list an error
'License Server / Deamon Manager is down. Please check license.log for more information'.
I use the Windows7 Virutal WIFI when traveling abroad to give my Iphone an internet connection in my hotel.I've had zero issues until this week. The WIFI connection is still showing up on my iphone, but I no longer get internet access (I only get an IP and subnet on the iphone now, no router or DNS info). The issue began (coincidence or not) as my MagicJack downloaded and installed a software update. MagicJack support says they aren't the issue. I experimented with created an Ad-Hoc network...no change. I've removed and reinstalled the wireless card and driver. No change. I suspect some corruption with ICS, but haven't found any solutions online to fix it.
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Richard-PC Primary Dns Suffix . . . . . . . : MARCOGROUP.local
The internet connection on my laptop does not work correctly when connected to lan ,but it works fine for the WIFI.i checked the internet connection ,it works fine in other computes.most of the time the connection through lan is not recognized. sometimes it works fine for 1 day and does not work for another day.
It seems that motion monitoring setup for 930L is not working correctly.I've setup the camera to ONLY monitor the half of the screen, but it is still monitoring the other half of the screen as well.I've setup the camera to FTP the messages when motion is detected, and it is uploading the images when the other half contains the motion.
Since a couple of weeks I have a linksys EA6500. When I go to the device list to see which devices are online the device list is not displayig the correct data. I see devices online that are offline and also devices are offline that are at the moment online. When I try to delete a device that is offline in the list I get error 2315. I have that error in the local and cloud interface. The list has a frozen state from a particular moment.
When I reboot the router then all devices in the list have status offline and the device list stays that way. Nothing gets online anymore or will be added. When I reset the router to factory default all keeps working without problems for approximately 24 hours and after that the problem occurs again. The list freezes again and you are not able to delete a device.
I searched the forums but no one has this problem. I only can find a post that describes my problem but for them a reset worked. In my case a factory reset works also but the problem keeps coming back.
