With ACL u can restrict Traffic but cannot disply web page from 3550, u can display external web form your proxy.

From what I heard I do not need a proxy server.

I do not want to display the webpage from 3550, i want TO REDIRECT let's say 10 ip's from a vlan to that webpage that exist let's say on 10.10.15.11 .

Acl examples needed.... Please...

Thank you!

As Jawad stated, it cannot be done the way that you're wanting to do this. ACLs are used to restrict traffic, match on traffic, etc. They're not smart enough to redirect. What you can do is one of two things:

You can use route-maps or WCCP

WCCP will allow you to redirect everything to a caching server (possibly Squid on Linux supports this). WCCP may do what you want, but I'm not sure. Route-maps on the other hand, in your example for non-payment, will redirect everything that matches your policy. There is nothing built into Cisco IOS that I'm aware of that's smart enough to redirect based on non-payment.

That being said, you could manually intervene and add a host when you need to redirect someone. Create a route map like this:

access-list 10 permit ip host 192.168.1.10

access-list 10 permit ip host 192.168.1.20

route-map NonPayment permit 10

match ip address 10

set ip next-hop

int vlan

ip policy route-map NonPayment

I've not tested the above for your purposes, but this is the generic way to redirect traffic using an acl. You can't do it with just a simple acl...

HTH,
John

*** Please rate all useful posts ***

Your ideea is good. but:

%L3TCAM-3-SIZE_CONFLICT: PBR requires enabling extended routing.....

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00802135d3.shtml


Sent from Cisco Technical Support iPhone App

Need to restart the router... But I will do it in 2 hours...

let me show you what i done:

access-list 110 permit tcp any any eq www

access-list 110 permit udp any any eq domain

access-list 110 permit ip host 10.10.15.23 any

route-map Restricted permit 10

match ip address 110

set ip next-hop 10.10.15.3

!

So is it good?

Basicaly : The acl must redirect the ip to another server that will display a webpage.

From your configuration, here's what is going to happen:

Anything going out destined for port 80, any udp traffic destined for port 53, and the host addressed at 10.10.15.23 is going to be redirected to 10.10.15.3. Is that what you want? If so, the configuration looks fine. You'll need to apply it on the vlan that these hosts are coming in on....

HTH,
John

*** Please rate all useful posts ***

OK. Reloaded the router.I do not have the error anymore. You are right about the policy, its exactly what I want, but the sad part is that its not working.....

Where is it applied?

HTH,
John

*** Please rate all useful posts ***

Can you post the config of that interface?

HTH,
John

*** Please rate all useful posts ***

interface Vlan208

ip address 10.0.8.1 255.255.255.0 secondary

ip address 10.10.15.33 255.255.255.224

ip access-group 115 in

ip access-group 115 out

ip helper-address 10.10.15.1

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache cef

ip policy route-map Restrict

no ip mroute-cache

access-list 110 permit tcp any any eq www

access-list 110 permit udp any any eq domain

access-list 110 permit ip host 10.10.15.23 any

route-map Restricted permit 10

match ip address 110

set ip next-hop 10.10.15.3

!

This is the config.....

I don't see how this is going to work - all you are doing is redirecting specific traffic and changing the next hop - you are not altering the ulitmate destination of the packet, just where it goes next.

So what do you suggest? Can you give me an addvice?

The policy that you applied is Restrict, but your policy is named Restricted....

HTH,
John

*** Please rate all useful posts ***