Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
61626364656667686970
1-25
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Planning Your WAAS Network
Access Lists on Routers and WAEs
Note The WCCP GRE return and generic GRE egress methods allow you to place WAEs on the same VLAN
or subnet as clients and servers. For information on configuring these egress methods, see the
“Configuring Egress Methods for WCCP Intercepted Connections” section on page 1-29.
For example, if you attach Edge-WAE 1 to the same segment (subnet) as the LAN router interface on
which the PBR or WCCP traffic redirection occurs in the branch office, there will be an infinite routing
loop between Edge-Router1 and Edge-WAE1. If you attach Core-WAE1 to the same segment (subnet)
as the LAN router interface on which the PBR or WCCP traffic redirection occurs in the data center,
there will be an infinite routing loop between Core-Router1 and Core-WAE1.
To avoid an infinite routing loop between the router and its local WAE, connect the WAE to the router
through a tertiary interface (a separate physical interface) or a subinterface (a different virtual
subinterface) from the router’s LAN port. By using a tertiary interface or a subinterface to connect a
WAE to the router that is performing the PBR or WCCP redirection, the WAE has its own separate
processing path that has no Cisco IOS features enabled on it. In addition, this approach simplifies the
process of integrating WAEs into an existing network. Because the WAEs are being connected to the
routers through a tertiary interface or subinterface that has no Cisco IOS features enabled on it, the
Cisco IOS features that are already enabled on your existing Cisco-enabled network elements (for
example, Edge-Router1 or Core-Router1) will generally not be affected when you connect WAEs to
these routers. For more information about WAAS and Cisco IOS interoperability, see the “WAAS and
Cisco IOS Interoperability” section on page 1-11.
See the Cisco Wide Area Application Services Quick Configuration Guide for an example of how to use
a subinterface to properly attach a local WAE to the router that is redirecting TCP traffic to it.
Access Lists on Routers and WAEs
You can optionally configure the router to redirect traffic from your WAE based on access lists that you
define on the router. These access lists are also referred to as redirect lists. For information about how
to configure access lists on routers that will be configured to transparently redirect traffic to a WAE, see
the “Configuring IP Access Lists on a Router” section on page 1-9.
Note IP access lists on routers have the highest priority followed by IP ACLs that are defined on the WAEs,
and then interception ACLs that are defined on the WAEs.
This section contains the following topics:
IP ACLs on WAEs, page 1-25
Interception ACLs on WAEs, page 1-26
IP ACLs on WAEs
In a centrally managed WAAS network environment, administrators need to be able to prevent
unauthorized access to various devices and services. The WAAS software supports standard and
extended IP access control lists (ACLs) that allow you to restrict access to or through particular
interfaces on a WAAS device. For more information, see Chapter 1, “Creating and Managing IP Access
Control Lists for WAAS Devices.