[c-nsp] Cisco 3750, WCCPv2, CPU switched?

Adrian Chadd adrian at creative.net.au
Sun Jun 21 23:03:14 EDT 2009


On Mon, Jun 22, 2009, Adrian Chadd wrote:
> G'day,
> 
> I'm trying to configure up bi-directional WCCPv2 on a Cisco 3750
> with redirect lists to limit the traffic being redirected.
> I'm trying it on 12.2(50)SE2 ipservicesk9.
> 
> If I add a redirect list to the wccpv2 service definitions the
> traffic becomes CPU processed.
> 
> If I remove the redirect lists, the traffic is 100% hardware processed.
> 
> Is there some bug or platform caveat which isn't mentioned anywhere?

Two things:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_37_se/configuration/guide/swwccp.html
at least mentions the redirect ACL but apparently has it backwards:

"To disable caching for specific clients, servers, or client/server pairs, you can use a WCCP
 redirect access control list (ACL). Packets that match the redirect ACL bypass the cache and
 are forwarded normally."

The redirect ACL is "match == redirect", rather than "match == bypass."

Secondly, I can't see any mention of what is/isn't permitted in the redirect ACL.
Only in this article: http://wireless.itworld.com/networking/55658/wccp-refresh
where the author mentions that only permit entries are supported.

Sure enough, removing the explicit deny entries from the ACLs removes the CPU
punting and I'm happily fully transparently intercepting a gigabit of HTTP.

My question is - where in the Cisco documentation is this configuration caveat mentioned?

thanks,


Adrian



More information about the cisco-nsp mailing list