Solved

How do I set up Riverbed Steal head on the "inside" of a Cisco 3560 switch that is acting as a router/switch

Posted on 2008-10-28
10
3,328 Views
Last Modified: 2012-05-05
Normal Riverbed Steal head is connected inline between the routers ethernet interface and the switch that the router would connect to to distribute data packets.  However, I need to connect a Riverbed Stealhead to a Cisco 3560 L3 switch that has one of it's ports connected to a MetroE connection for internet/server farm access.  

What is the best way to redirect traffic from the inbound MetroE connection to all devices connected to this switch (client computers, viop phones, etc).  We to have a host of vlans as well for viop, wireless, data.  
0
Comment
Question by:tonymopar440
10 Comments
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
Use the Riverbed out of path configuraton detailed here

http://www.riverbed.com/products/deployment/remote.php
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
WCCP is also an option for your deployment with a 3560 as long as you are running 12.2(37)SE or greater.
0
 

Author Comment

by:tonymopar440
Comment Utility
for WCCP.  what would be a basic configuration example.  
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
Here is a basic config for the 3560 (Using 12.2(46)SE).

ip access-list ext wccp70
permit ip <lan subnet> <remote subnet>
permit ip <lan subnet> <remote subnet>
permit ip <lan subnet> <remote subnet>
permit ip <remote subnet> <lan subnet>
permit ip <remote subnet> <lan subnet>
permit ip <remote subnet> <lan subnet>


ip wccp 70 redirect-list wccp70

int <VLAN interface for LAN>
ip wccp 70 redirect in

int <VLAN interface for LAN>
ip wccp 70 redirect in

int <VLAN interface for LAN>
ip wccp 70 redirect in

int <VLAN interface for WAN>
ip wccp 70 redirect in

WCCP configuration also needs to be done on the Riverbed appliances.  The 3560 only supports L2 Forwarding/Return and Mask assignment.  I'm not sure what Riverbed supports but they need to match up.  The 3560 doesn't support GRE and Hash assignment.
0
 

Author Comment

by:tonymopar440
Comment Utility
JFrederick29,

for the remote site, can I just do a 0.0.0.0 (for remote network address) 0.0.0.0 (for remote subnet). or do I have to add all the subnets from remote site.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:tonymopar440
Comment Utility
the previous question is regarding the permit ip statements within the access list.
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
I just threw that out there if you wanted to specifically define traffic, i.e. if you don't want the Riverbed to see Internet traffic or traffic that doesn't need to be optimized, etc...

You can simply use "ip wccp 70" without the access-list so all traffic is redirected to the Riverbed.
0
 

Author Comment

by:tonymopar440
Comment Utility
JFrederick29
so basically all I would be doing is this:

ip wccp 70

int vlan1
ip wccp 70 redirect in

int vlan10
ip wccp 70 redirect in

int vlan22
ip wccp 70 redirect in

int vlan100
ip wccp 70 redirect in

int vlan101
ip wccp 70 redirect in

int vlan102
ip wccp 70 redirect in

int vlan103
ip wccp 70 redirect in

int vlan104
ip wccp 70 redirect in

int vlan105
ip wccp 70 redirect in

int vlan107
ip wccp 70 redirect in

int vlan200
ip wccp 70 redirect in

so how does this apply to the port on the switch that is being used by Riverbed appliance?  also do I plug in the two ports that normally would go in line, the lan and wan ports? or can I just get by with one or the other?
0
 
LVL 43

Expert Comment

by:JFrederick29
Comment Utility
You would only be using one port on the Riverbed if doing WCCP.  The appliance port simply needs to be reachable via layer2 to the 3560 so it can simply reside in a VLAN.  I would create a new VLAN/Subnet for it as it can't be in a VLAN doing redirection.  But again, the Riverbed itself needs WCCP configuration as well.
0
 
LVL 4

Expert Comment

by:th3w01f
Comment Utility
Did you get this working or are you still having issues?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now