Showing posts with label WCCP. Show all posts
Showing posts with label WCCP. Show all posts

Tuesday, March 18, 2008

Configuration Example for WAE deployment #2 - 2 legs scenario

Another very common scenario is you only have 2 interfaces available on the routers, one for LAN and one for WAN connections. Your LAN facing interface is running dot1q with both LAN and WAE subnets in it.

Router configuration
!
version 12.4
!
hostname Router
!
!
ip wccp 61
ip wccp 62
!
ip cef
!
ip domain name pandaeatsbamboo.com
!
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
!
!
interface FastEthernet0/0.10
description “To Local Area Network”
encapsulation dot1Q 10
ip address 1.1.1.1 255.255.255.0
ip wccp 61 redirect in
ip wccp 62 redirect out
!
!
!
interface FastEthernet0/0.11
description “To Cisco WAE Appliance”
encapsulation dot1Q 11
ip address 2.2.2.1 255.255.255.0
ip wccp redirect exclude in
!
!
interface Serial0
description "To Wide Area Network"
ip address 3.3.3.1 255.255.255.0
!
end

WAE Configuration

! WAAS version 4.0.0
!
device mode application-accelerator
!
hostname WAE
!
clock timezone PST -8 0
ip domain-name pandaeatsbamboo.com
!
primary-interface GigabitEthernet 1/0
!
!
interface GigabitEthernet 1/0
ip address 2.2.2.2 255.255.255.0
no autosense
bandwidth 100
full-duplex
exit
interface GigabitEthernet 2/0
shutdown
exit
!
ip default-gateway 2.2.2.1
!
ip name-server 1.1.1.123
!
wccp version 2
wccp router-list 1 2.2.2.1
wccp tcp-promiscuous router-list-num 1
!
cdm ip 1.1.1.10
cms enable
!
policy-engine application
Posted by Unknown at 8:31 PM 0 comments
Labels: , , , ,

Configuration Example for WAE deployment #1 - 3 legs scenario


This configuration example is useful when your WAE is attached to a dedicated router interface.

Router configuration
!
version 12.4
!
hostname R1
!
!
ip wccp 61
ip wccp 62
!
ip cef
!
ip domain name pandaeatsbamboo.com
!
!
interface FastEthernet0/0
description "To Local Area Network"
ip address 1.1.1.1 255.255.255.0
ip wccp 61 redirect in
duplex full
speed 100
!
interface FastEthernet0/1
description “To Cisco WAE Appliance”
ip address 2.2.2.1 255.255.255.0
duplex full
speed 100
!
interface Serial0
description “To Wide Area Network”
ip address 3.3.3.1 255.255.255.0
ip wccp 62 redirect in
!
end

WAE Configuration

! WAAS version 4.0.0
!
device mode application-accelerator
!
hostname WAE
!
clock timezone PST -8 0
ip domain-name pandaeatsbamboo.com
!
primary-interface GigabitEthernet 1/0
!
!
interface GigabitEthernet 1/0
ip address 2.2.2.2 255.255.255.0
no autosense
bandwidth 100
full-duplex
exit
interface GigabitEthernet 2/0
shutdown
exit
!
ip default-gateway 2.2.2.1
!
ip name-server 1.1.1.123
!
wccp version 2
wccp router-list 1 2.2.2.1
wccp tcp-promiscuous router-list-num 1
!
cdm ip 1.1.1.10
cms enable
!
policy-engine application
Posted by Unknown at 8:23 PM 0 comments
Labels: , , , ,

Saturday, March 15, 2008

WCCPv2 with WAAS and Cat3750

Several points to note when you configure Cisco Catalyst 3750 to use WCCPv2 for network interception and redirection to WAE:

1. IOS Version 12.2(37)SE or newer
2. Ingress redirection only, egress redirection is not supported, redirect exclude commands not supported, redirect list is supported
3. Layer 2 redirect is REQUIRED. GRE redirection is not supported
4. Mask assignment must be configured. Hash assignment is not supported.

WAE(config)# wccp router-list 1 1.2.3.4
WAE(config)# wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
WAE(config)# wccp version 2
Posted by Unknown at 11:13 AM 0 comments
Labels: , , , ,

WAAS GRE egress return

Starting from WAAS 4.0.13, it allows 2 different egress method. When IP forwarding egress method is used the return traffic packets are forwarded to the WAE default gateway.

WAE(config)# egress-method ip-forwarding intercept-method wccp

The limitation of IP forwarding is WAE should reside on a separate subnet to avoid infinite forwarding loop.

The other egress method is GRE return. The return traffic packets are returned back to the intercepting router using the GRE tunnel that is created as a result of WCCP negotiation. With GRE return egress, WAE can be deployed on the same subnet as users and subinterfaces or tertiary interfaces are not required.

WAE(config)# egress-method negotiated-return intercept-method wccp

To view egress method on WAE
WAE# sh egress-methods
Posted by Unknown at 11:03 AM 0 comments
Labels: , , , ,

Wednesday, March 5, 2008

New Self-diagnostic command on WAAS 4.0.15

The new 4.0.15 release added support for a self-diagnostic command, which is a good place to start troubleshooting:

WAE-TEST# test self-diagnostic ?
all Run all self-diagnostic tests
basic Basic device configuration
connectivity Basic device connectivity
inline Inline groups and ports
interfaces Physical interfaces
system Device operation
tfo TFO/DRE configuration
wafs WAFS connectivity
wccp WCCP configuration and operation
WAE-TEST#
Posted by Unknown at 7:20 PM 0 comments
Labels: , , , ,

Capture Traffic on Cisco WAE

To capture packets on WAE for troubleshooting and analysis, you can use the build in tethereal to do this.

To capture all traffic and save to a file:
tethereal -w capture.cap

Ctrl-C to stop the packet capture, and the file is viewable with the "dir" command:

dir *.cap

You can copy the file to some other places for offline viewing then.
Posted by Unknown at 7:16 PM 0 comments
Labels: , , , ,

Cisco WAAS Cheatsheet

I've prepare a cheatsheet after playing WAAS for months, share with you guys here:

Router with separate interface for WAE connection
access-list 100 permit tcp any any
access-list 100 deny ip any any

ip wccp 61 redirect-list 100
ip wccp 62 redirect-list 100

ip cef

int fa0/0
desc "To LAN"
ip wccp 61 redirect in
duplex full
speed 100

int fa0/1
desc "To WAE"
duplex full
speed 100

int s0
desc "To WAN"
ip wccp 62 redirect in

Router with dot1q sub-interfaces for LAN and WAE
ip wccp 61
ip wccp 62

ip cef

int fa0/0
desc -- dot1q trunk to both client LAN and WAE lan --
duplex full
speed 100

int fa0/0.1
desc -- To LAN --
ip wccp 61 redirect in
ip wccp 62 redirect out

int fa0/0.2
desc -- To WAE appliance --
ip wccp redirect exclude in

int s0
desc -- To WAN - Nothing needs to be done here --

Router - Verify
- sh proc cpu
- sh ip wccp

WAE - Config
no cms enable
no central address
central address 155.161.40.245
cms enable
ntp server 155.161.85.129
ntp server 155.161.85.193
ip name-server 155.161.93.238
no wccp router-list 1 172.23.100.1 172.23.100.2
wccp router-list 1 x.x.x.x y.y.y.y

WAE - verify
sh cms info
sh wccp routers


Useful command
WAE
- sh wccp gre
- sh wccp routers
- sh wccp services
- clear cache dre
- sh stat dre
- sh stat dre con
- sh stat dre con server-p 80
- sh stat tfo
- sh stat bypass
- sh alarms
- sh cms info
- sh disks
- sh proc cpu
- sh tfo status
- sh tfo con sum
- sh tfo con server-p 80
- sh tfo auto-discovery
- sh wccp file-engine
- tcpdump
- tethereal
- cms deregister force
- sh clock detail
- sh ntp status
- sh disk failed-sectors
- sh disk tech-support
- sh proc system count 10 delay 5
- sh cifs auto-discovery status
- sh policy-engine application dynamic
- sh cifs auto-discovery host-db
- sh cifs auto-discovery last
- sh cifs sessions count
- sh cifs sessions list

Router
- sh ip wccp
- sh ip wccp 61 det
- sh ip wccp int





Posted by Unknown at 7:08 PM 1 comments
Labels: , , , ,
Subscribe to: Comments (Atom)