Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Service Group Mismatch - WCCPv2 with L2 redirection on NX7K

I'm attempting to set up WCCPv2 on a Nexus 7K switch to intercept web traffic and route it to our proxy, ip We are using L2 redirection and mask assignment. We are getting a "Service Group Mismatch"  on our proxy. The description of the error is "The router and the Proxy have a mismatch in port, protocol, priority, and/or other service flags." I ran a "debug ip wccp packets" and a packet trace and I can see the "Here I Am" and "I see you" packets going back and forth. I think the problem may be due to the limitation of L2 redirection that "the content engines be directly connected to an interface on each WCCP router. WCCP config of the content engine must reference the directly connected interface IP address of the WCCP router and not a loopback IP address or any other IP address configured on the WCCP router."   I don't understand why WCCP is saying the loopback address is the router identifier when it isn't the highest IP address on the router, and I don't understand what we're supposed to use on the proxy/content engine as the home router to get this working.  Any help would be appreciated. Thank you.

Chris Alterio

sh ver
Cisco Nexus Operating System (NX-OS) Software
  BIOS:      version 3.19.0
  loader:    version N/A
  kickstart: version 4.2(2a)
  system:    version 4.2(2a)
  cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
  Intel(R) Xeon(R) CPU         with 4135696 kB of memory.


feature wccp

ip access-list copp-system-acl-wccp
  10 permit udp any eq 2048 any eq 2048

ip wccp 91 redirect-list ProxyACL

vlan 8
  name Proxy_10.10.120.0/24

interface Vlan8

  no shutdown

  ip address

interface Ethernet3/2

  no shutdown

  description Connection to proxy server


  switchport access vlan 8

interface Ethernet 5/1

  no shutdown

  ip address

  ip wccp 91 redirect in

ip access-list ProxyACL

  50 remark Proxy WCCP access control
  100 deny ip any
  200 permit ip any any
interface Loopback1

  ip address


sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:          
        Protocol Version:                     2.0
    Service Identifier: 91
        Number of Service Group Clients:      0
        Number of Service Group Routers:      0
        Total Packets Redirected:             0
        Service mode:                         Open
        Service Access-list:                  -none-
        Total Packets Dropped Closed:         0
        Redirect Access-list:                 ProxyACL

        Total Packets Denied Redirect:        0
        Total Packets Unassigned:             0
        Total Authentication failures:        0
        Total Bypassed Packets Received:      0

sh ip wccp 91 view
WCCP Router Informed of:

WCCP Cache Engines Visible:

WCCP Cache Engines Not Visible:

sh ip wccp 91 detail
WCCP Client information:

    WCCP Client ID:
    Protocol Version:        2.0
    State:                   Not Usable (Negotiating)
    Redirection:             L2
    Packet Return:           L2
    Packets Redirected:      0
    Connect Time:            15:57:58
    Assignment:              MASK
    Bypassed Packets:        0

New Member

Re: Service Group Mismatch - WCCPv2 with L2 redirection on NX7K

I have an update ...

I was able to get wccpv2 working by changing from service group 91 to web-cache. So it's working for http traffic. I can't, however, get https working. I've tried configuring service group 91 just for https, service group 70 (which I've read is for the https web-cache), and service group 98 (which is a custom-web-cache group). I get service mismatch on everything but the web-cache service.

In the packet trace from when I just had service group 91 defined, the Here_I_AM packets from the proxy to the Nexus shows port 0: 80, Port 1: 443, Port 2: 9443 in the WCCP > Service Info section of the packet, which is what's configured on the proxy for the ports to intercept, but the I_SEE_YOU packet from the Nexus to the proxy shows "ports not defined" in the service flags. I'm not sure what the problem could be.

Any thoughts or ideas?