Wccp ip spoofing configuration for switches, 6 wccp ip spoofing configuration for switches – Comtech EF Data FX Series Administrator Guide User Manual

Comtech EF Data / Stampede

FX Series Administration Guide - Version 6.1.1

89

Chapter: FX Series Network Settings
Section: WCCP

MN-FXSERIESADM6 Rev 5

4.9.6 WCCP IP Spoofing Configuration for Switches

Switches tend to have less CPU power than a router but on the other hand they have the ability to handle
traffic flow decisions in hardware. In order to leverage the hardware switching capabilities the following
configuration settings are recommended:



On the FX, use “L2” Redirection method



On the FX, use “Mask” assignment scheme



On the FX, do not define separate service group definition records, instead set the “Use
additional service group field”, this is because the Cisco L2 expects the same WCCP source port
to be used to conduct WCCP negotiations.



On the switch, use “redirect in” to direct packet flow to the appliance.

On the switch, never use “redirect-out”
On the switch, do not use “redirect exclude in”

In the same subnet scenario described above, the following is an example of a configuration for an
intelligent switch:

#show running-config

.
.
.
!
ip routing
ip wccp 96
ip wccp 99
!
interface Vlan1
ip address 192.168.101.225 255.255.255.0
ip wccp 96 redirect in
!
interface Vlan3
ip address 192.168.103.225 255.255.255.0
ip wccp 99 redirect in
!
interface Vlan5
ip address 192.168.105.225 255.255.255.0
!
interface Vlan6
description for 106 subnet
ip address 192.168.106.225 255.255.255.0
!

Using “redirect-list” to select specific redirection

For testing purposes, or to gradually stage traffic redirection to the FX Series ADC, a Cisco router will
support redirection by either access control lists or group lists. For example:

ip wccp 99 redirect-list access-list