• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

Cisco and WCCP 1

Have a 2821 with an st. benard iprism running wccp ver 1.  all seemed to be working then a couple days ago stopped.  i get on router to verify all the interfaces have redirect turned on, and they do, but when i do wccp sho commands i get the following

router02#sh ip wccp interfaces
% WCCP version 1 is not enabled
router02#sh ip wccp web-cache
% WCCP version 1 is not enabled


so i try to so ip wccp enable, and it doesn't recognize that command..any ideas?
0
jasonmichel
Asked:
jasonmichel
1 Solution
 
WissamSenior Network EngineerCommented:
what do you mean doesn't recognize that command ?
0
 
jasonmichelAuthor Commented:
exactly what i said..ha..
router02(config)#ip wccp enable
                          ^
% Invalid input detected at '^' marker.

but the marker is actually at enable
0
 
mikebernhardtCommented:
Can you provide "show version" and "show runn" output?
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
Istvan KalmarCommented:
DId you upgraded the ios?
0
 
jasonmichelAuthor Commented:
its been working, thats whats wierd, its not like its a new install


heres the output

#sh ver
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(19b), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 13-Jun-08 04:12 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

PCCHMRT02 uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c2800nm-adventerprisek9-mz.124-19b.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2821 (revision 53.50) with 247808K/14336K bytes of memory.
Processor board ID FTX1138A42S
4 FastEthernet interfaces
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102


attached is the running config
courthouse-scrub.txt
0
 
jasonmichelAuthor Commented:
anything?
0
 
mikebernhardtCommented:
I was looking at our wccp config, and we do not use "ip wccp enable." We just configure a wccp redirect list and apply it to an interface:
ip wccp 10 redirect-list 171
int g1/1
 ip wccp 10 redirect out
access-list 171 etc etc

So, how do you know the router is the problem? What is the output of "show ip wccp"
0
 
jasonmichelAuthor Commented:
PCCHMRT02#sh ip wccp
% WCCP version 1 is not enabled
0
 
jasonmichelAuthor Commented:
interface Vlan5
 description To inet on broadband
 ip address 1.1.1.1 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 crypto map VPN


this is the internet interface, i do see the redirect out on it

but on the vlan interfaces for the LAN the redirect in is there

interface GigabitEthernet0/1.35
 encapsulation dot1Q 35
 ip address 10.15.35.1 255.255.255.0
 ip access-group NoSPAM in
 ip helper-address 10.15.31.6
 no ip proxy-arp
 ip wccp web-cache redirect in
 ip nat inside
 ip virtual-reassembly

0
 
mikebernhardtCommented:
SOMETHING must have changed, either on the web cache server or on the router. Are you sure version 1 still works? Have you tried removing the ip wccp version 1 statement and see what happens?
0
 
jasonmichelAuthor Commented:
The ip of the iprism device is 172.31.30.2  this seems to be the internet filtering acls below


ip access-list extended inet-traffic
 deny   ip 10.15.0.0 0.0.255.255 10.15.1.0 0.0.0.255
 deny   ip 10.15.0.0 0.0.255.255 10.0.0.0 0.255.255.255
 deny   ip 10.15.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 deny   ip 10.15.0.0 0.0.255.255 172.16.0.0 0.15.255.255
 deny   ip 192.168.253.0 0.0.0.255 10.0.0.0 0.255.255.255
 deny   ip 192.168.253.0 0.0.0.255 192.168.0.0 0.0.255.255
 deny   ip 192.168.253.0 0.0.0.255 172.16.0.0 0.15.255.255
 deny   ip 172.31.30.0 0.0.0.3 10.15.1.0 0.0.0.255
 deny   ip 172.31.30.0 0.0.0.3 10.0.0.0 0.255.255.255
 deny   ip 172.31.30.0 0.0.0.3 192.168.0.0 0.0.255.255
 deny   ip 172.31.30.0 0.0.0.3 172.16.0.0 0.15.255.255
 deny   ip 192.168.253.0 0.0.0.255 10.15.1.0 0.0.0.255
 permit ip 10.15.0.0 0.0.255.255 any
 permit ip 192.168.253.0 0.0.0.255 any
 permit ip 172.31.30.0 0.0.0.3 any
 permit ip 192.168.25.0 0.0.0.255 any

route-map WEB permit 10
 match ip address URL
 set ip next-hop 172.31.30.1
!
route-map NAT permit 10
 match ip address inet-traffic
!
0
 
jasonmichelAuthor Commented:
that is kinda what i'm hoping to get help with, i've never set up, and i'm just trying to filter through and figure out what happened...what do you suggest i try?
0
 
mikebernhardtCommented:
This doesn't seem to do anything anyway, as it's not applied anywhere (and there's no access list called "URL")

route-map WEB permit 10
 match ip address URL
 set ip next-hop 172.31.30.1

I would work with the web cache appliance vendor, as they usually understand how to configure Cisco equipment to be compatible. I don't know how that's supposed to work, so it's hard to help.
0
 
jasonmichelAuthor Commented:
to enable wccp on this ios, i guess you have to use the

ip wccp web-cache

i did that and it started working..odd

thanks for the help though
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now