how to configure traffic redirect in switch?

Unanswered Question
Jun 11th, 2009
User Badges:

Can we use Cisco switch realize traffic redirect, did C2960G/C3560E support this function, if no, which series switch can do this.


My aim is:

1. If some specification flow (P2P, HTTP) come from uplike, can we difference those flow and apoint P2P flow to PC1 and apoint HTTP to PC2;

2. Can we apoint specification IP address to the PC1 and PC2 that come from uplike?


Thanks!


|

|

|UPLIKE FLOW

|

CISCO SWITCH

/ \

HTTP/ \P2P

/ \

PC1 PC2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.7 (4 ratings)
Loading.
octroncisco Fri, 06/12/2009 - 02:44
User Badges:

I think you can do it with NAT. For example, you can redirect the 80 port to the PC1 and the P2P port to the PC2. But you will need a router to implement NAT, I think there aren't switches that implement NAT.

de.joe Sun, 06/14/2009 - 17:38
User Badges:

If we use switch configure traffic redirect, more PC can connect to the switch, thanks!

Giuseppe Larosa Sat, 06/13/2009 - 11:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Shaofei,

C3560E supports PBR


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_46_se/configuration/guide/swintro.html#wp1528015


•Policy-based routing (PBR) for configuring defined policies for traffic flows


But you need a Layer 3 design to use it: the uplink and the PC1 and PC2 have to be in two different subnets because the feature is applied inbound to a Layer3 interface.


C2960 is a L2 only switch so it cannot do this job.


Note:

NAT is supported only on routers and C6500 so it is not a viable option here.


Hope to help

Giuseppe


hasmurizal Wed, 07/01/2009 - 00:34
User Badges:

Hi all,


just like what Giuseppe said. A multilayer switch with routing capabilities, or catalyst switch with PBR setup.

hasmurizal Wed, 07/01/2009 - 17:32
User Badges:

Hi,


i'm not too sure about Guilherme. Not all "cheap" boxes can handle ip address with port inspection since mostly, i guest can inspect the ip address only.


18xx series should do the job for simple lan/low traffic design, but if you have higher needs than, some "expensive" equipment(s) you have to have it.

Rick Morris Mon, 07/13/2009 - 07:14
User Badges:
  • Silver, 250 points or more

guiseppe gave you what you need in this post.


You need sometype of routing to be done and it can only be done via layer 3 device.


I have a set-up in my lab that has 2 3560's running bgp with my edge routers, and the 2950 sits behind the 3560's. I am running vtp on the switches and making sure that all vlans are propigated from the server to the clients. I then port channeled the 2 3560's and also have 2 trunks between the 2950 and the 2 3560's. Basically what I am doing from this point is any traffic from my 2950 to my routers is being used by the default route given back to the 3560's learned via bgp from the edge routers. I can easly change this but it is done via routing. I can create acl's that permit or allow certain traffic on different ports.


Actions

This Discussion