A WCCPv2 service
group supports up to 32 routers and 32 cache engines.
All cache engines
in a cluster must include all routers that service the cluster in its
configuration. If a cache engine within a cluster does not include one or more
of the routers in its configuration, the service group detects the
inconsistency and the cache engine is not allowed to operate within the service
The cache engine
cannot be on the same SVI with a redirect out statement.
WCCPv2 works with
IPv4 networks only.
WCCPv2 supports multiple service groups in the same direction (either inbound or outbound) on any Layer 3 interface, under the following conditions:
The access-list used must not have deny ip any any entry.
The access-list used for multiple service groups must not contain overlapping entries.
The following is an example of an overlapping entry:
ip access-list wccp_acl1
permit tcp 10.0.0.0/8 10.0.0.0/8
ip access-list wccp_acl2
permit tcp 10.10.10.1/32 10.10.10.10/32
removes all Layer 3 configuration on an interface when you change the VDC,
interface VRF membership, port-channel membership, or the port mode to Layer 2.
Cisco NX-OS does
not support WCCPv2 on tunnel interfaces.
supported on all types of FEX devices.
WCCP requires the
client, server, and WCCP client to be on separate interfaces. If you migrate a
topology from a Cisco Catalyst 6500 Series switch deployment, it might not be
F2 Series, F2e
Series, M1 Series, and M2 Series modules support WCCPv2. However, F2 and F2e
Series modules do not support egress WCCPv2 on an SVI including “exclude in” on
SVI. F1 Series modules do not support WCCPv2.
and redirect-out is fully supported in Cisco NX-OS Release 6.2 in non-mixed
module VDCs. WCCPv2 is also support in mixed module VDC scenarios for most
module combinations. For complete support details, see
Supported Modules for WCCPv2 Redirection
For egress WCCPv2,
traffic is not redirected when the ingress includes F2 series modules, and the
next-hop is pointing to an SVI interface or subinterface of any module. If the
egress WCCP policy is applied on a SVI or subinterface and if the packet
ingresses on a F2 module, the same limitation applies.
Cisco NX-OS Release 5.2(4), policy-based routing and WCCPv2 are supported on
the same interface. However, policy-based routing with statistics and WCCPv2 is
supported on the same interface only if bank chaining is disabled.
redirection/return and hash assignment are not supported on a Cisco Nexus 7000
encounter a vPC loop and drop if you have Web Cache Control Protocol (WCCP) and
vPC on your Cisco Nexus 7000 Series switch and the traffic migrates from a
Cisco Nexus 65xx switch to your switch. Traffic that comes from a vPC member
port and crosses a vPC peer-link is not permitted to egress any vPC member
port. However, it can egress any other type of port, such a Layer 3 port or an
orphan port. This behavior is expected.
If traffic drops
after you configure WCCP and vPC on your Nexus 7000 Series switch and based on
your design, you can perform one of the following tasks to avoid the vPC loop:
Best Practices for Virtual
Port Channels (vPC) on Cisco Nexus 7000 Series Switches for more
If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
restrictions apply to the redirect-list, ACL:
statements in the redirect ACL will consume more security TCAM entries compared
to deny statements. Ensure the TCAM does not become oversubscribed.
The ACL must
be an IPV4 simple ACL.
must be IP or TCP.
individual source or destination port numbers may be specified; port ranges
cannot be specified.
The use of
fragments or options is not permitted.