1 2 3 Previous Next 20 Replies Latest reply on Nov 2, 2012 12:17 PM by trishoar

    Problems with MWG 7.2 & 7.3 WCCP

    nick.olson

      Good morning,

       

      I'm using a Cisco AG3560 to run my wccp re-direct and have MWG 7.3.  The MWG is ste to use "Proxy (Optional WCCP)"

      However, we are having the damnest time getting it to redirect traffic.  It had been working for over a year, then out of the blue it just stopped working.

       

      My IP for the web gateway is 10.1.252.19, and my wccp router is 10.1.252.10.

      For whatever reason the web gateway is able to see the router and the "here i am packets" but I cannot get anything to redirect to it.

       

      My wccp config is below.

      ip wccp 51 redirect-list 120

      !

      interface Loopback0

      ip address 10.1.254.17 255.255.255.255

      !

      interface GigabitEthernet0/21

      description McAfee web gateway

      switchport access vlan 1001

      switchport mode access

      !

      interface GigabitEthernet0/26

      no switchport

      ip address 10.1.252.10 255.255.255.252

      ip wccp 51 redirect in

      load-interval 30

      !

      interface Vlan1001

      ip address 10.1.252.17 255.255.255.240

      !

      access-list 120 permit ip any any

       

       

      Also here is my output for ip wccp view.

      #sh ip wccp 51 view

      WCCP Routers Informed of:

      10.1.254.17

       

      WCCP Clients Visible:

      10.1.252.19

       

      WCCP Clients NOT Visible:

      -none-

       

      I have the Web Gateway setup with process 51 and my wccp router on the MWG is 10.1.252.10.

       

      I opened a ticket with McAfee support and the engineer was very helpful and examined our configs and feedback files.  Here is the McAfee Engineer's response in red:

      Everything on your Web Gateway configuration looks good,and the Cisco config seems OK as well.

      Ultimately, we can see that the router sends 'I See You'packets to the Web Gateway, but does not assign any buckets to the WebGateway.  As such, your router is notsending web traffic to the Web Gateway.

      Take a look at the attached screenshot.  We can see that, indeed the Router sends 'ISee You' packets back to the Web Gateway.

      We see that the 'Receive ID' is valid, as it isincrementing properly each time.

      The Forwarding method matches what you have defined inyour Web Gateway configuration, which looks OK.

      However, there is an 'Unknown Capability Element' thatappears to be the result of a mismatch in configuration somewhere.

      As a result, we don't ever see 'bucket assigments' in the'I See You' packets, and the router is not sending us data.

       

      We are still waiting to hear back from Cisco on this as well.

       

      I've attached screenshots of the configs

      Any ideas?

       

      We've been working on this for nearly two weeks now trying to get it working and I have a feeling it is going to be something extremely silly.  (Isn't it always something silly on problems that take forever to resolve?)

       

       

      Thanks!

        • 1. Re: Problems with MWG 7.2 & 7.3 WCCP
          Jon Scholten

          Hi Nick,

           

          The unknown capability element is could just wireshark not interpreting the protocol. Try a newer version of wireshark and you should see more information. That is where the mask assignment information should show up.

           

          Otherwise, see below commands you can use for debugging on the cisco device:

           

          # Turn on debugging for events:

          debug ip wccp events

          # Turn on debugging for packets:

          debug ip wccp packets

           

          # Turn off debugging for events:

          no debug ip wccp events

          # Turn off debugging for packets:

          no debug ip wccp packets

           

          #To output to the screen you may need to type:

          term mon

           

          #To turn off all possible debugging, you can use the following command:

          u all

           

          # General service commands:

          sh ip wccp 51 service

          sh ip wccp 51 detail

          sh ip wccp 51 view

          sh ip wccp 51

           

          If you get any useful output post it here and send it in to the case.

           

          As I was typing this, I found your SR, I'll see what I can do with my colleague you've been working with. Ultimatley though I think Cisco will have a better idea of what they dont like about what we're putting down (in terms of WCCP), and they will have an idea of how to correct it.

           

          Best,

          Jon

          • 2. Re: Problems with MWG 7.2 & 7.3 WCCP
            Jon Scholten

            I was wrong about the unknown capability. I just tried a newer version of wireshark and it says the same thing.

             

            Try the above Cisco commands and lets see the output.

             

            Best,

            Jon

            • 3. Re: Problems with MWG 7.2 & 7.3 WCCP
              nick.olson

              Alright, here are the responses of those commands:

               

              #sh ip wccp 51 service

              WCCP service information definition:

                      Type:          Dynamic

                      Id:            51

                      Priority:      0

                      Protocol:      6

                      Options:       0x00000012

                      --------

                          Mask/Value sets:  1

                          Value elements :  64

                          Dst Ports: 80 443 0 0 0 0 0 0

               

               

              #sh ip wccp 51 detail

              WCCP Client information:

                      WCCP Client ID:          10.1.252.19

                      Protocol Version:        2.0

                      State:                   Usable

                      Redirection:             L2

                      Packet Return:           GRE

                      Assignment:              MASK

                      Connect Time:            01:59:55

                      Redirected Packets:

                        Process:               0

                        CEF:                   0

                      GRE Bypassed Packets:

                        Process:               0

                        CEF:                   0

                      Mask Allotment:          64 of 64 (100.00%)

               

                      Mask  SrcAddr    DstAddr    SrcPort DstPort

                      ----  -------    -------    ------- -------

                      0000: 0x00000000 0x00001741 0x0000  0x0000

               

                      Value SrcAddr    DstAddr    SrcPort DstPort

                      ----- -------    -------    ------- -------

                      0000: 0x00000000 0x00000000 0x0000  0x0000

                      0001: 0x00000000 0x00000001 0x0000  0x0000

                      0002: 0x00000000 0x00000040 0x0000  0x0000

                      0003: 0x00000000 0x00000041 0x0000  0x0000

                      0004: 0x00000000 0x00000100 0x0000  0x0000

                      0005: 0x00000000 0x00000101 0x0000  0x0000

                      0006: 0x00000000 0x00000140 0x0000  0x0000

                      0007: 0x00000000 0x00000141 0x0000  0x0000

                      0008: 0x00000000 0x00000200 0x0000  0x0000

                      0009: 0x00000000 0x00000201 0x0000  0x0000

                      0010: 0x00000000 0x00000240 0x0000  0x0000

                      0011: 0x00000000 0x00000241 0x0000  0x0000

                      0012: 0x00000000 0x00000300 0x0000  0x0000

                      0013: 0x00000000 0x00000301 0x0000  0x0000

                      0014: 0x00000000 0x00000340 0x0000  0x0000

                      0015: 0x00000000 0x00000341 0x0000  0x0000

                      0016: 0x00000000 0x00000400 0x0000  0x0000

                      0017: 0x00000000 0x00000401 0x0000  0x0000

                      0018: 0x00000000 0x00000440 0x0000  0x0000

                      0019: 0x00000000 0x00000441 0x0000  0x0000

                      0020: 0x00000000 0x00000500 0x0000  0x0000

                      0021: 0x00000000 0x00000501 0x0000  0x0000

                      0022: 0x00000000 0x00000540 0x0000  0x0000

                      0023: 0x00000000 0x00000541 0x0000  0x0000

                      0024: 0x00000000 0x00000600 0x0000  0x0000

                      0025: 0x00000000 0x00000601 0x0000  0x0000

                      0026: 0x00000000 0x00000640 0x0000  0x0000

                      0027: 0x00000000 0x00000641 0x0000  0x0000

                      0028: 0x00000000 0x00000700 0x0000  0x0000

                      0029: 0x00000000 0x00000701 0x0000  0x0000

                      0030: 0x00000000 0x00000740 0x0000  0x0000

                      0031: 0x00000000 0x00000741 0x0000  0x0000

                      0032: 0x00000000 0x00001000 0x0000  0x0000

                      0033: 0x00000000 0x00001001 0x0000  0x0000

                      0034: 0x00000000 0x00001040 0x0000  0x0000

                      0035: 0x00000000 0x00001041 0x0000  0x0000

                      0036: 0x00000000 0x00001100 0x0000  0x0000

                      0037: 0x00000000 0x00001101 0x0000  0x0000

                      0038: 0x00000000 0x00001140 0x0000  0x0000

                      0039: 0x00000000 0x00001141 0x0000  0x0000

                      0040: 0x00000000 0x00001200 0x0000  0x0000

                      0041: 0x00000000 0x00001201 0x0000  0x0000

                      0042: 0x00000000 0x00001240 0x0000  0x0000

                      0043: 0x00000000 0x00001241 0x0000  0x0000

                      0044: 0x00000000 0x00001300 0x0000  0x0000

                      0045: 0x00000000 0x00001301 0x0000  0x0000

                      0046: 0x00000000 0x00001340 0x0000  0x0000

                      0047: 0x00000000 0x00001341 0x0000  0x0000

                      0048: 0x00000000 0x00001400 0x0000  0x0000

                      0049: 0x00000000 0x00001401 0x0000  0x0000

                      0050: 0x00000000 0x00001440 0x0000  0x0000

                      0051: 0x00000000 0x00001441 0x0000  0x0000

                      0052: 0x00000000 0x00001500 0x0000  0x0000

                      0053: 0x00000000 0x00001501 0x0000  0x0000

                      0054: 0x00000000 0x00001540 0x0000  0x0000

                      0055: 0x00000000 0x00001541 0x0000  0x0000

                      0056: 0x00000000 0x00001600 0x0000  0x0000

                      0057: 0x00000000 0x00001601 0x0000  0x0000

                      0058: 0x00000000 0x00001640 0x0000  0x0000

                      0059: 0x00000000 0x00001641 0x0000  0x0000

                      0060: 0x00000000 0x00001700 0x0000  0x0000

                      0061: 0x00000000 0x00001701 0x0000  0x0000

                      0062: 0x00000000 0x00001740 0x0000  0x0000

                      0063: 0x00000000 0x00001741 0x0000  0x0000

               

               

               

              #sh ip wccp 51 view 

                  WCCP Routers Informed of:

                      10.1.254.17

               

                  WCCP Clients Visible:

                      10.1.252.19

               

                  WCCP Clients NOT Visible:

                      -none-

               

               

              #sh ip wccp 51    

              Global WCCP information:

                  Router information:

                      Router Identifier:                   10.1.254.17

                      Protocol Version:                    2.0

               

                  Service Identifier: 51

                      Number of Service Group Clients:     1

                      Number of Service Group Routers:     1

                      Total Packets Redirected:            0

                        Process:                           0

                        CEF:                               0

                      Service mode:                        Open

                      Service Access-list:                 -none-

                      Total Packets Dropped Closed:        0

                      Redirect access-list:                -none-

                      Total Packets Denied Redirect:       0

                      Total Packets Unassigned:            0

                      Group access-list:                   -none-

                      Total Messages Denied to Group:      0

                      Total Authentication failures:       0

                      Total GRE Bypassed Packets Received: 0

                        Process:                           0

                        CEF:                               0

              • 4. Re: Problems with MWG 7.2 & 7.3 WCCP
                nick.olson

                Here is what the log is showing for wccp events and packets:

                 

                 

                22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7045

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7046

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7047

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7048

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7049

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7050

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7051

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7052

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7053

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7054

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7055

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7056

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7057

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7058

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7059

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7060

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7061

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7062

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7063

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7064

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7065

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7066

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7067

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7068

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7069

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7070

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7071

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7072

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7073

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7074

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7075

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7076

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7077

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7078

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7079

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7080

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7081

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7082

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7083

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7084

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7085

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7086

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7087

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7088

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7089

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7090

                4d22h: WCCP-EVNT:D51: updating wc orig assign info

                4d22h: WCCP-EVNT:D51: reuse wc orig mask info (28 bytes)

                4d22h: WCCP-EVNT:D51: wc assignment validated

                4d22h: WCCP-PKT:D51: Sending ISY to 10.1.252.19, rcv_id:7091

                • 5. Re: Problems with MWG 7.2 & 7.3 WCCP
                  Jon Scholten

                  Please also do the packet and event debugging (just let it run a little bit). Based on the above output the Cisco device see's the MWG as "Usable", yet its not forwarding packets.

                   

                  Best,

                  jon

                  • 6. Re: Problems with MWG 7.2 & 7.3 WCCP
                    nick.olson

                    Is that enough in the above log or should I let it run some more?

                    • 7. Re: Problems with MWG 7.2 & 7.3 WCCP
                      Jon Scholten

                      Sorry I wrote while you were posting it. That output doesnt tell me much unfortunatley, based on all the infromation presented I would guess that traffic would be flowing to the MWG.

                       

                      Are we sure there isnt any problems with the ACLs that are in place to redirect the traffic?

                       

                      Best,

                      Jon

                       

                      Message was edited by: jscholte on 11/1/12 1:27:47 PM CDT
                      • 8. Re: Problems with MWG 7.2 & 7.3 WCCP
                        nick.olson

                        The ACLs look to be correct.

                         

                        The ACL we are using for wccp redirect is named "120"

                         

                         

                        ACL details on that list show as follows:

                         

                         

                        Extended IP access list 120

                             permit IP any any

                         

                         

                        From the config it shows as:

                        access-list 120 permit ip any any

                        • 9. Re: Problems with MWG 7.2 & 7.3 WCCP
                          Jon Scholten

                          Yeah, I'm not sure at this point, so I'd wonder what Cisco has to say or if anyone else has anyone else has any ideas.

                           

                          Best,

                          Jon

                          1 2 3 Previous Next