04-27-2007 01:33 AM - edited 03-05-2019 03:43 PM
Hi,
We have two VLAN's
VLAN 1-192.168.18.0/24 (with secondary addressing)
VLAN 2-192.168.130.0/27
In order to migrate services to new hardware in VLAN 2, we need to divert traffic or at least determine what devices within VLAN 1 are still trying to talk to legacy VLAN 1 device?
Host routes won't work (directly connected interfaces), nor NAT (no interface to apply it to).
Is the only way to determine this via a VACL in VLAN1 with logging keywords?
Thanks,
Mark
04-27-2007 04:16 PM
Can you SPAN the port connecting to the legacy device and see which hosts are talking to it?
04-30-2007 12:59 AM
William,
Thanks for your reply.
I tried the VACL logging feature and it works ok, as long as you deny the packets/flows that you want to log!
I had forgot about SPAN alright.
I was wondering have you any thought on NAT and VLANS?
As in my original post, say we have a legacy vlan and hope to segment that vlan into multiple vlans/subnets as hosts get re-addressed.
Where are 'ip nat outside' and 'ip nat inside' statements required when doing this.
Example:
!
interface GigabitEthernet5/1
description Incoming Interface
ip address 172.16.1.106 255.255.255.252
ip nat outside
end
!
!
interface Vlan888
description Legacy Test VLAN
ip address 172.16.8.19 255.255.255.0
end
!
!
interface Vlan889
description DESTINATION-TEST-SVI
ip address 172.16.30.3 255.255.255.224
ip nat inside
end
!
!
ip nat inside source static 172.16.8.108 172.16.30.21
!
Is this wrong?
Thanks,
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: