Redirecting traffic from VLAN

UTVi-NetAdmin · ‎04-27-2007

Hi,

We have two VLAN's

VLAN 1-192.168.18.0/24 (with secondary addressing)

VLAN 2-192.168.130.0/27

In order to migrate services to new hardware in VLAN 2, we need to divert traffic or at least determine what devices within VLAN 1 are still trying to talk to legacy VLAN 1 device?

Host routes won't work (directly connected interfaces), nor NAT (no interface to apply it to).

Is the only way to determine this via a VACL in VLAN1 with logging keywords?

Thanks,

Mark

wochanda · ‎04-27-2007

Can you SPAN the port connecting to the legacy device and see which hosts are talking to it?

UTVi-NetAdmin · ‎04-30-2007

William,

Thanks for your reply.

I tried the VACL logging feature and it works ok, as long as you deny the packets/flows that you want to log!

I had forgot about SPAN alright.

I was wondering have you any thought on NAT and VLANS?

As in my original post, say we have a legacy vlan and hope to segment that vlan into multiple vlans/subnets as hosts get re-addressed.

Where are 'ip nat outside' and 'ip nat inside' statements required when doing this.

Example:

!

interface GigabitEthernet5/1

description Incoming Interface

ip address 172.16.1.106 255.255.255.252

ip nat outside

end

!

interface Vlan888

description Legacy Test VLAN

ip address 172.16.8.19 255.255.255.0

end

!

interface Vlan889

description DESTINATION-TEST-SVI

ip address 172.16.30.3 255.255.255.224

ip nat inside

end

!

ip nat inside source static 172.16.8.108 172.16.30.21

!

Is this wrong?

Thanks,

Mark