Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6791
Views
0
Helpful
3
Replies

How to implement VLANs in a Proxy Server environment!!

saif_farooq
Level 1
Level 1

‎04-11-2010 03:29 AM - edited ‎03-06-2019 10:33 AM

Hi,

I have network of around 60 users on which I want to implement VLANs. I have a squid proxy server with multiple internet connections. Curently all users use single gateway i.e. of proxy server to access internet.

Now If I create VLANs, how users on subnets, other than of proxy server, will be able to access internet.

I have a 4503 switch as well as 7206 Router. I am thinking of using 7206 for Vlan routing, plus I want to ask, will a simple default route(pointing to proxy server) be enough to allow users on other VLANs to be able to connect to Internet??

Pls note I know how to configure VLANs & only this internet issue is keeping me from implementing VLANs.

Please suggest.

Labels:
0 Helpful
3 Replies 3

jetnetshot
Level 1
Level 1

‎04-11-2010 06:13 AM

Hi,

Lets say you create VLAN 10 and VLAN 20.

VLAN 10 is where the proxy server is located, and VLAN 20 is the new subnet that you have created with a number of clients from your total 60 users.

Assuming you have assigned IPs to these VLANs (and routes are dynamically populated on your router for these VLANs):

1) the clients in the new VLAN, VLAN 20, will need to have their default gateway set to the IP address of VLAN 20.

2) any application on these clients (VLAN 20 PC) that will require use of the internet will need to be configured with the IP address of the proxy server. For e.g. within IE or Firefox you can set the proxy server with the appropriate IP address.

This should allow clients in a different VLAN to access the internet via a proxy server on another VLAN.

A simple default route on the PCs in the new VLAN pointing to the proxy server in a separate VLAN will not work since the proxy server IP is in a different subnet from the PC. The PC should be told which IP address it should use (should be in the same subnet as the PC) in case there is traffic that needs to go outside the subnet it is in. In our case this would be IP address of VLAN 20. Since you will have routes populated on the router for your proxy server VLAN and new client PC VLAN, the router will know where to forward traffic to with destination address of the proxy server and where to forward the return traffic.

Hope this helps.


Regards,

Jet

0 Helpful

dhananjoy chowdhury
Level 5
Level 5
In response to jetnetshot

‎04-11-2010 09:05 AM

Hi,

As mentioned in the previous post you can handle the intervlan routing on the 7200 router.

Now for other vlans to reach the internet, you will have to configure ACL's on the squid proxy for each IP subnet (in case you haven't allowed ALL).

Default GW of each IP subnet will be the router vlan int IP address.

On the squid you will have to reverse add routes for the the new IP subnets pointing towards the 7200 router.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎04-11-2010 11:02 PM 

Hi,
I
have network of around 60 users on which I want to implement VLANs. I
have a squid proxy server with multiple internet connections. Curently
all users use single gateway i.e. of proxy server to access internet.
Now If I create VLANs, how users on subnets, other than of proxy server, will be able to access internet.
I
have a 4503 switch as well as 7206 Router. I am thinking of using 7206
for Vlan routing, plus I want to ask, will a simple default
route(pointing to proxy server) be enough to allow users on other VLANs
to be able to connect to Internet??
Pls note I know how to configure VLANs & only this internet issue is keeping me from implementing VLANs.
Please suggest.

Hi,

I would suggest you create vlans on cisco 4503 and assign gateways for different vlans as SVI which is created in switch,As you dont have any firewall so you dont need to create any policy to allow the proxy communication between the vlans, Here inter vlan routing will take care for routing between the vlans in 4503 switches.

Just add the proxy server ip in IE or Firefox option menu fro internet browsing.

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml


Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card