Showing results for 
Search instead for 
Did you mean: 


waas and Cat4500


I have the Cat4500 and I'd like to use WAAS for TCP optimalization. I can use only WCCPv2 for traffic redirection. I don't know which mask I have to set. I wrote that for Cat4500 is only one mask supported.

I'm sending you the WCCP configurations of WAE and Cat4500 for WCCP. Are these configs right?


wccp router-list 1

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return

wccp version 2


ip wccp ver 2

ip wccp 61

ip wccp 62

int vlan 1

desc „LAN network“

ip wccp 61 redirect in

int vlan 2

desc „WAN network“

ip wccp 62 redirect in

redirect exclude in - is not supported on Cat4500.

Thank you.



You can configure a policy in WAAS for the subnet(s) you want to bypass and set the policy-map action to 'pass-through'.

The WCCP implementation on the 4500/4900 also requires L2 Forwarding and Mask Assignment. The minimum supported version of IOS 12.2(31)SG.

There is no way to prevent the 4500 from the redirecting the traffic.


thank you for your answer. So the config, which I sent, will work without any problem?

Thank you


Cisco Employee


Your configs look good on both WAE and Cat4K. Cat4K only supports redirect in, so you don't need the command "redirect exclude in". With this config you will redirect all TCP traffic coming in the LAN and WAN interfaces.



I wanted to use 2 Cat4500 instead and I'm not sure if WAAS will return the package to the right Cat4500.

I'm not sure what the command l2-return would do, does anyone know this?



L2 redirection will redirect packets us Layer 2 MAC rewrite vs. Layer 3 GRE.

As sessions are redirected to the WAE, the original sessions source will be that of switch interface. Upon return the it will be converted back to original source MAC.


WCCPv2 group membership is initiated by a WAE when it transmits a WCCP2_HERE_I_AM message to each defined network device (or multicast address) in the configured router-list. This message includes details about the WAE, including IP address and service groups that the device wishes to participate in. Upon receipt of the WCCP2_HERE_I_AM message, the network device will respond with a WCCP2_I_SEE_YOU if the device meets group membership criteria (as specified by shared-secret MD5 authentication password or access-list). Upon receipt of the WCCP2_I_SEE_YOU message from the network device, the WAE must respond with another WCCP2_HERE_I_AM message with the "Receive ID" field matching that of the network device message. At this point, the WAE becomes active within the service group and usable, and the network device can begin redirecting traffic to it based on service group assignment. WCCP2_HERE_I_AM and WCCP2_I_SEE_YOU messages continue to be sent every 10 seconds as a service heartbeat. The WAE is directly queried for responsiveness after two missed heartbeats and removed from the service group if a third is missed.

WCCPv2 is designed to forward traffic to an available WAE using either layer 2 redirection or GRE tunneling (default). One of the components of the WCCP2_I_SEE_YOU message is the advertisement of supported forwarding mechanisms. If a method is not listed, it GRE tunneling is used by default. Redirection assignment is done per service group. A WAE and a network device can use different redirection mechanisms for different services. Layer 2 redirection specifies that the redirecting router will rewrite the Ethernet addresses in the Ethernet header and forward the frames to the WAE. With Layer 2 redirection, the WAE must be adjacent to the network device (attached to the same subnet). GRE tunneling specifies that a GRE tunnel will be established between the network device and the WAE, and the original frames will be encapsulated into this tunnel and delivered to the cache. With GRE redirection, layer 2 adjacency is not required (the WAE can be attached to a different subnet).

To preserve connection and data integrity, the WAE will only optimize TCP connections or protocol sessions that were redirected from the beginning of the establishment attempt. If a TCP connection or protocol session was previously established from the client to the server before redirection was enabled, the WAE would recognize this as an existing connection or session and simply return the redirected traffic back to the router without applying optimizations. This is a function of the "packet return" capability of WCCPv2. The WCCPv2 packet return capability is also negotiated per service group, per WAE, at the time of joining a service group. This is also a function of the WCCP2_HERE_I_AM and WCCP2_I_SEE_YOU messaging. In the event that messages are redirected to a cache that didn't service the initiation of the connection or session, the WAE will return the messages back to the router within a GRE tunnel for normal handling.

WCCPv2 provides load-balancing and high availability through a built-in load-balancing mechanism that distributes load amongst WAEs within a service-group. The most common method of load-balancing with WCCPv2 is enabled by use of hash tables. A hash table is a 256-bucket table that is used to define the distribution of traffic amongst applicable caches. The hash table can be built based on a number of items including source or destination IP address.


Thank you for your answer. I've read something about using HSRP and virtual IP as the WAAS default gateway WAAS. But I guess its not necessary, right?


See the enclosed design guide url

with a single wae and single hsrp group,

gateway is set to the virtual ip, and wccp router list set to the real addresses of the router interfaces

Content for Community-Ad
This widget could not be displayed.