WCCP on WS-C3560G-24TS-E

Unanswered Question
Dec 29th, 2009

Please refer attached.

I have a switch (WS-C3560G-24TS-E) that supports WCCP for the web proxy zone.

Based on the diagram, if the remote users come in from the IP VPN C+, the switch will forward all web requests to the BlueCoat ProxySG via WCCP, then ProxySG will send the web requests to firewall to internet as part of the default route.

If BlueCoat ProxySG fails, can the Cisco switch WCCP configuration detect a failure and send the web requests to the firewall as part of the default route?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 12/30/2009 - 04:10

Hello Tanhonbak,

yes because WCCP include the exchange of hello messages between the router/switch and the web cache.

If the web cache fails the router detects the missing WCCP messages.


WCCP Message Exchange

This sequence of events describes the WCCP message exchange:

1. The application engines send their IP addresses to the WCCP-enabled switch by using WCCP, signaling their presence through a Here I am message. The switch and application engines communicate to each other through a control channel based on UDP port 2048.


Hope to help


tanhongbak Wed, 12/30/2009 - 06:11

Hi Giuseppe,

Thanks for the info! Based on the diagram, can I remove the WCCP-enabled switch, and connect the MegaPop router can connect straight to the ProxySG and Firewall. Though this would require me to get additional FE modules to connect ProxySG and FW.

The MegaPop router is a Cisco2821.



Giuseppe Larosa Wed, 12/30/2009 - 07:48

Hello Tanhogbak,

one important note: WCCP works well in a multilayer switch if the web cache is directly connected because GRE encapsulation of diverted traffic is not supported.

If it is not so you should consider to enable WCCP on the C2821 router.

WCCP can be supported on C2821, for example there is support on 12.4T

for example in advanced ip services feature set


requires 256 MB RAM, 64 MB flash

you can use feature navigator to check this


search by  image you put the image name currently running on your C2821 and you then check if WCCP is listed.

About using additional FE modules, do you mean etherswitch or router ports ?

I might make the difference.

Hope to help


tanhongbak Wed, 12/30/2009 - 16:14

Hi Giuseppe,

I suppose the SP Services IOS would perform WCCPv2 as well.

What will the difference be using HWIC-4ESW or HWIC-2FE modules?

If I'm running WCCP to the ProxySG, which interface should I use?

Best Regards,

Hong Bak

Giuseppe Larosa Thu, 12/31/2009 - 15:06

Hello Hong Bak,

a router interface as the one provided by HWIC-2FE  is a safer choice because WCCP2 on it will work. I'm expressing a doubt regarding HWIC-4ESW for safety.

This second module HWIC-4ESW is intended to provide switchports like a small lan switch. So WCCP can work on it or not. It should be tested.



Hope to help



This Discussion