Cisco WAN :: WS-C3560X-48P Support WCCP?
Feb 28, 2013if the Cisco Switches in my enviorment can support WCCP?
View 1 Repliesif the Cisco Switches in my enviorment can support WCCP?
View 1 RepliesWe have 881 routers and are planning on testing out some WAN optimizing hardware, we're told that our router needs to support PBR and WCCP protocols. Will this router handle it?
View 3 Replies View RelatedWhat the support for WCCP on a FWSM running 4.0(7) is like, if there is any at all ?
I've read that the earliest PIX release that supports WCCP was 7.2(1) but I'm not sure how FWSM 4.0(7) aligns with the PIX versions.The only doc's i can find refrencing WCCP on a 6500 with FWSM is in the 6500 12.2 IOS guide.
I've been looking around Cisco's website but I can't find an answer to this -- If the 2900 platform suppots WCCP redirection using GRE?
View 1 Replies View RelatedJust bought this switch it has the IP base IOS and I need to use BGP and VRF-lite. My question is can I configure and use these two things without having to upgrade to the IP Services IOS?
View 5 Replies View RelatedIm trying to find an affordable Cisco switch with similar capabilities and features as the WS-C3560X-48T-S (L2/L3 routing as in IP Base, dual power supply, etc.).
View 2 Replies View RelatedI got a pair of new C3560X-24T-S switches with C3KX-NM-10G modules, and am trying to get a long distance 10G link up using 3rd party SFP-10G-ER SFPs (XGIGA with Cisco coded IDPROMs)I've enabled use of unsupported transcievers with the following commands:service unsupported-transceiver no errdisable detect cause gbic-invalidAfter that the switches accepts the SFPs but I get no light (sh int trans shows Tx -40), but if I insert a supported SFP first and then switches to my ER SFPs I get them to start transmitting, however I still don't LINK on the interface.I've tried with both 12.2(55)SE3 (that the switches came with) and 15.0(1)SE3 with same results.I know SFP-10G-ER SFPs are not supported on these switches, but are scheduled for the 15.0(2) release, but I was under the impression that they should already work using the above commands to enable the use of unsupported SFPs.So my question is basically: Is the new code in 15.0(2) really needed to make ER SFPs work, so I should just wait for that release, or are my 3rd party SFP simply broken/un-compatible with these switches?Also, could reprogramming them to look like SFP-10G-LR SFPs, which are supported, make any difference, or should it already have worked now with service unsupported-transceiver enabled if they were compatible?
View 5 Replies View RelatedI am finding the power consumption of WS-C3750X-24T-L, WS-C3750X-48T-L, WS-C3560X-48T-L and WS-C3560X-24T-L switches?
View 5 Replies View RelatedCurrently there are three stacked WS-C3750G-24TS-1U on data centre. I am going to buy a WS-C3560X-48T-L to use 10GbE module. Is it possible stack this switch "WS-C3560X-48T-L" to current switches "WS-C3750G-24TS-1U" ?
View 1 Replies View RelatedLet me start with some infrastructure details ...
Cisco C2901 as our Main Router
Cisco UC520 as Communication Platform
Cisco C3560x as Core-Switch
VLAN 10 : Data
VLAN 100 : VOICE
Everything is working but i m not sure if the switchport config is right in that way.
As an example :
interface GigabitEthernet 0/6
switchport access vlan 10
switchport mode access
switchport voice vlan 100
spanning-tree portfast
When we connect an Cisco 7971g and an pc everything is working fine. But when i start wireshark on the pc behind the phone you see a lot of UDP Traffic source UC520 destination 239.10.16.8 or 239.10.16.16. At this point i m getting confused. So i start looking for the cisco phone config, VLAN ID on the phone is 100 (i think that is ok) but the PC-VLAN part is empty?
The main thing is, how can i stop this cisco-sccp traffic on the pc port (prtg shows me a average of 200 kbit/s) i think it is an config fault.
I got new task moving WS-3560X24 port layer 3 core switch from one branch to be moved to my branch and connect WS3560 layer 3 core switch my site network. Both core switch has got 3-4 cisco 2960 switch underneath and lots of vlan offcourse. I am thinking about creating etherchannel between these two switch.
View 2 Replies View RelatedI have a Switch model WS-C3560X-24P with SW Version 12.2. (55) SE5 and SW Image C3560E-UNIVERSALK9-M. Now I get messages from 3 ports that:% ILPOWER-5-IEEE_DISCONNECT: Interface Gi0/12: PD removed. The strange thing is that there is nothing connected to these ports and they are like "notconnect»
An excerpt of the log looks like this:
1469058: Feb 18 09:08:33.945 CET: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi0/12: PD removed 1469060: Feb 18 09:08:49.279 CET: %ILPOWER-5-POWER_GRANTED: Interface Gi0/12: Power granted 1469061: Feb 18 09:08:50.310 CET: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi0/12: PD removed 1469063: Feb 18 09:09:02.280 CET: %ILPOWER-5-POWER_GRANTED: Interface Gi0/12: Power granted 1469064: Feb 18 09:09:03.413 CET: %ILPOWER-5-[Code]....
I have recently installed 4 3560 (WS-C3560X-48T-S) Switches. At first the switch comes up, indicating all connected ports with a green LED. Whenever i unplug a cable and plug it back in, the status LED will stay off. The same thing happens when I push the mode button and cycle throgh the different modes, i lose certain LEDs.
I'm using 12.2(53)SE2, another user reported the same issues under 12.2(55)SE1 .
I would I upgrade this from a LAN base to ip services?
View 2 Replies View RelatedDoes the Cisco WS-C3560X-24P-S switch supports ip flow export?
View 1 Replies View RelatedI have a WS-C3560X-24 and attached to that are some 9 acces switches, for some weeks now my 3560 reboots some time what couse that the other 9 switches are down for some minuts as well and i dont want this of course. the reboot happens at random times and some times one week not and then like yesterday afternoon it rebooted again.
when i check the Flash directory there is no crash file and when i look at the logging its clean and just shows the startup. it's not the powersuply it's redundend and more L3 switches are attached to this power source and they dont reboot.
L3_AIM#sh versionCisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)Technical Support: [URL] Copyright (c) 1986-2011 by Cisco Systems,
[Code]......
So Im trying to learn a little bit more about WCCP so I thought I'd load up a centos VM and just install squid on it. With the base config running I can setup an explicit proxy by configuring my IE session to use the squid IP on port 3128. Proxy works fine and I see entries in the access log on the centos box. Now, since Im only running squid on the box Im going to change the listening port to 80 so I can transparent proxy with WCCP on my ASA. So I set the WCCP2 config on squid as shown.
View 10 Replies View RelatedI need to roll out a Bluecoat as a WCCP for a ASA 5520.
View 3 Replies View RelatedI'm using a Cisco AG3560 to run my wccp re-direct and have a McAfee for my web gateway. My IP for the web gateway is 10.1.252.19, and my wccp router is 10.1.3.10. For whatever reason the web gateway is able to see the router and the "here i am packets" but I cannot get anything to redirect to it. My wccp config is below.
ip wccp 51 redirect-list 120
!
interface Loopback0
ip address 10.1.254.17 255.255.255.255
[code]...
I have the Web Gatewy setup with process 51 and my router on the WG is 10.1.252.10.
I currently have WCCP redirection setup on my ASA 5520 to redirect to an ironport on ip address 10.11.1.10. The ASA inside ip is 10.11.1.1 and the ironport is setup for transparent redirection to that IP. This all works well and the Service Identifier i'm using for WCCP is 95.I am now creating another WCCP group because on my ironport I have 4 interfaces so I wanted to use them for our admin network. So I created an ACL on the ASA for our admin traffic and I want to redirect that using Service Identifier 94 to the ip on the ironport of 10.11.1.22. But I can't get traffic to redirect.
View 1 Replies View RelatedI am trying to setup WCCP on our 4507. For some reason I cannot get this to work! The config I have tried is below. I can't figure out
ip wccp web-cache group-list IRONPORT-GROUPLIST
ip wccp source-interface GigabitEthernet2/24
!
Interface Vlan160
[Code].....
When the following was issued:
ip wccp 0 redirect-list wccp_acl group-list 10 password 0 ourpassword
Received this error:
MDT: %COMMON_FIB-3-FIBIDBINCONS2: An internal software error occurred. WCCP:0 linked to wrong idb Loopback0 (xyz node name)
When the following was issued 10 minutes later:
ip wccp 70 redirect-list wccp_acl group-list 10 password 0 ourpassword
No error msg (but now wccp was active)WCCP appears to be working but we are ** having problems connecting ** with our websense (7.6) box via GRE.Websense is connected to the 6509 which is connected this 3750 switch.
I’m currently trying to work out what router we need to do WCCP redirections to some WAN optimizers. We plan that there will 100-200Mbps worth of traffic that needs to be redirected.
We currently have a 7200 with NPE-G2 which already runs at 30% cpu without WCCP redirection. (From shaping and QoS.)
I’m worried that this will not be powerful enough for the redirections.
We would like to upgrade, but I want to do some research beforehand.I have looked everywhere and I cannot find any WCCP performance figures for the devices below.
-7200 with NPE-G2 -ASR1000 -3800 -3750 -6500 I am aware that the catalyst and the ASR can do the redirecting in hardware, so these means there is no real CPU hit until we exhaust the TCM? We plan to use in bound redirection and the redirect ACL is only 20 lines.
My problem is, it doesn’t seem like packets are making it to the linux/squid caching device, based on cache logs. Workstations that are being redirected in the router have no web browser access (they can ping 8.8.8.8 and google.com)
I have a linux box running squid successfully, which supports GRE WCCP. For the sake of argument, I will say that I am confident I have successfully configured that machine.
What’s really strange is this morning I came in and hind sight my test workstation looked like it may had restarted from an update. (maybe had internet access). The first thing I did was tweak the cisco config, as I was reading last night and saw:
“Be warned that if you are using NAT you MUST use the inbound interface otherwise the router only sees the NATted IP address as the source of your clients. This is bad, because the router is also therefore unable to see your cache engine and it will redirect the cache engine requests back upon itself.”
So I turned <ip cef> on and removed the <ip wccp web-cache redirect out> (I had in fa0/1 and out fa0/0 on overnight).
Then I proceeded to check the workstation and saw it had network access, I tested to see if it was in fact filtered by the proxy, and it was! (verified by cache logs aswell)
After some further successful testing, I made sure I saved any unsaved configuration changes, I rebooted the linux box and the router. Sadly the outcome was not good, I am back to where I was last night.
My router does routing/NAT and has two interfaces and is currently not running CEF
ip wccp web-cache redirect-list SQUID_PROXY
!
interface FastEthernet0/0
description WAN
ip address 1.2.3.4 255.255.255.248
ip nat outside
ip virtual-reassembly max-reassemblies 64
speed 100
full-duplex(code)
I have the following topology, WCCP is configurated on ASA, inside interface, lan users and websense machine are located on the same VLAN of my catalyst 3750G?I want to filter traffic on port 80 (www) to the users on the LAN side debug on the ASA show me that comunication between that device and Websense is OK, there is Here_I_Am and I_See_You packets
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015B
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015B
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015C
WCCP-PKT:D00: Received valid Here_I_Am packet from WEBSENSE_PROXY w/rcv_id 0000015C
WCCP-PKT:D00: Sending I_See_You packet to WEBSENSE_PROXY w/ rcv_id 0000015D
From show WCCP i saw that WCCP engine and ASA were detected
FW# sh wccp
Global WCCP information:
Router information:
Router Identifier: 200.X.X.X
Protocol Version: 2.0
[code]....
I'm testing WCCP in a lab environment (Another checkbox on my way to CCIE).The setup- a WS-C3560-8PC switch running IOS 15.0(1), IP Services with crypto.- Two client computers connected by wire to the switch, running Windows 7.- A virtual machine in bridged mode running on one of the machines, running OpenBSD 5.0 with Squid 2.7 installed and running.- Everything in the same subnet: 192.168.163.0/24, the OpenBSD is at .5, the switch at .3 and functions as the default-gateway for the computers with no ICMP redirects (the real gateway is at .1 but the switch forwards everything).Squid seems to work, albeit inefficient, but that's not the issue.illing in the IP of the OpenBSD in the browser as proxy with the proper port works.Since the 3560 does only support WCCP over layer 2 adjacencies and masks, not hash buckets, I've configured these options on both the Squid and the 3560.
View 19 Replies View RelatedI'm setting up a config to have WCCP with Blue Coat WAN Optimizer. I have following sinple setup at the moment. Cisco 6500 <----> Firewall. How should my topology should be. Should I have whe WAN-Optimizer in between (in path of switch and firewall on the same VLAN) or have different vlan hanging off the 6500 and have WCCP redirect traffic?
View 2 Replies View RelatedI´m trying to config a wccp web-proxy in a ISR 2811 at branch network. I have an Iron Port at Head-Quarter.
The idea is that the users at branch network, transparently forward http traffic to Iron Port at Central-Office and from them go to Internet.
The communication between sites is over DMVPN. I have two GRE tunnels running OSPF.
The Iron Port is configured as wccp v2 transparent redirection with forwarding method L2 or GRE an retunr method as L2 or GRE.
I receive packets on the branch router "Here I Am" but it get a message on debug:
Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 w/bad fwd method L2, received indirectly via Tunnel1Nov 21 19:26:07.067 GMT-2: WCCP-EVNT:D10: Here_I_Am packet from 172.16.10.10 with incompatible capabilites
Nov 21 19:46:07.035 GMT-2: WCCP-PKT:D10: Sending I_See_You packet to 172.16.10.10 w/ rcv_id 0000004F
I am currently trying to enable WCCP between a Cisco ASA 5512 firewall and Barraccuda Webfilter 410 Vx applicance. The ASA firewall is running IOS version 8.6(1)2 and the Barracuda is funning firemware 6.0.0.013. Both the ASA and Barracuda are in the same network and can ping eachother. The ASA has several interfaces, outside, inside, data and dmz. The PCs and barracuda appliance are behind the data interface. ASA data IP 172.16.18.1 Barracuda IP 172.16.18.40 All PCs in the 172.16.18.0/24 subnet use the ASA as the default gateway and should have web requests redirected to the Barracuda.
Below are the respecive bits of my ASA config
interface GigabitEthernet0/0
description Management
speed 1000
[Code].....
I suspect my issue is that the ASA is generating a Router Identifier of 172.21.20.1 which is my inside network and the barracuda cannot communicate with it. how I can get this working ?
I have a web cache server, and I redirect all the HTTP request to it using WCCP.
Everything works without a problem, however I have a monitoring system that every minute tests the access to some customer sites that are hosted inside our infra-strutcture.
As soon as I configured the WCCP the monitoring system complains of timeouts accessing those sites, about 20% of the requests start to fail (timeout).
I don't think it is the fault of the cache because in the WCCP ACL I exclude all traffic that comes from my monitoring system. However as soon as I turn of WCCP the monitoring system never ever gives timeouts accessing those sites.
Is there anything I should do in WCCP to tweak it? I have WCCP configured in my core gateway that is a CISCO 3750.
Is there a way to use 2 redirects inbound on vlan 1?
int vlan 1
ip wccp 80 redirect in
ip wccp 81 redirect in
The reason for this is because we need the return traffic from the firewall to come in on group 81 and the source subnet will go out group 80.
I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies View Related