Md5 Security - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 72
Configuring WCCP Version 2 Services
MD5 Security
WCCP provides optional authentication that enables you to control which routers and content engines
become part of the service group using passwords and the HMAC MD5 standard. Shared-secret MD5
one-time authentication (set using the ip wccp [password [0-7] password] global configuration
command) enables messages to be protected against interception, inspection, and replay.
Web Content Packet Return
If a content engine is unable to provide a requested object it has cached due to error or overload, the
content engine returns the request to the router for onward transmission to the originally specified
destination server. WCCP verifies which requests have been returned from the content engine
unserviced. Using this information, the router can then forward the request to the originally targeted
server (rather than attempting to resend the request to the content cluster). This provides error handling
transparency to clients.
Typical reasons why a content engine would reject packets and initiate the packet return feature include
the following:
•
•
Restrictions for WCCP
The following limitations apply to WCCP:
•
•
•
•
•
•
•
•
•
•
•
•
•
OL_28731-01
Instances when the content engine is overloaded and has no room to service the packets.
Instances when the content engine is filtering for certain conditions that make caching packets
counterproductive (such as, when IP authentication has been turned on).
WCCP works only with IPv4 networks.
For routers servicing a multicast cluster, the time to live (TTL) value must be set at 15 or fewer.
Time To Live (TTL) value of Layer 3 switches servicing a cluster must be 15 second or less.
Because the WCCP protocol messages may now be IP multicast, members may receive messages
that are not relevant or (are) duplicates. Appropriate filtering need to be performed.
A service group can comprise up to 32 content engines and 32 routers.
All content engines in a cluster must be configured to communicate with all routers servicing the
cluster.
Up to 8 active service groups are supported on a switch. Up to 8 service groups can be configured
simultaneously on the same client interface.
The Layer 2 rewrite forwarding method is supported in hardware; the GRE encapsulation
forwarding method is not supported.
The GRE return method is supported in software. The Layer 2 return method is supported in
hardware and is recommended.
Direct Layer 3 connectivity to content engines is required; Layer 3 connectivity of one or more hops
away is not supported.
Input / output redirection configuration is not supported on content engine facing interfaces.
WCCP version 2 standard allows for support of up to 256 distinct masks. However, a Catalyst 4500
series switch only supports mask assignment table with a single mask.
Valid multicast addresses are from 224.0.0.0 to 239.255.255.255.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Restrictions for WCCP
72-5
Advertisement
Chapters
Table of Contents
Troubleshooting
