Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L3 VLANs on Catalyst 3750 and weird traffic forwarding

Hi All,

I need to subnet my net 10.0.0.0/20 to a 32 subnets. It's easy.

But also I need to do a strange trick.

All traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, must be forwarded to MS ISA server if it's destined to network other than 10.0.0.0/20.

for example subnet 10.0.0.0/25 has a default gw 10.0.0.1 propagated from DHCP server via ip helper-address

the same is for subnet 10.0.0.128/25 but with a default gateway 10.0.0.129.

And the trick I must to do is - forward to MS ISA server all traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, if it's destined to network other than 10.0.0.0/20.

I now that I can do this trick with PBR on a Cisco Catalyst. Something like

ip access-l e TO-ISA

deny ip 10.0.0.0 0.0.0.7

permit ip any any

route-map pbr permit 10

match ip address 10

set ip next-hop IP-OF-ISA-SRV

and then insert PBR into each VLAN.

But I think that on a huge network load this configuration would work extremely slow :-(

So how can I do this trick without PBR?

Or may be it would work not very slow?

May be Microsoft Firewall Client can create something like a Tunnel to forward packets directly from PC via default gateway to MS ISA server?

1 REPLY
Bronze

Re: L3 VLANs on Catalyst 3750 and weird traffic forwarding

Hi,

Wouldn't the easiest thing be to add a default-route to the switch and have it forward all traffic to 10.0.0.1 ? This requires the default-gateway on the 10.0.0.0/25 network (vlan1, ex 10.0.0.2) to be the switch's interface instead of the MS ISA server and the MS ISA server to have a route to 10.0.0.0/20 via the switch's interface (vlan1, ex 10.0.0.2)

As more-specific routes have a higher preference than less-specific routes, all 10.0.0.0/20 traffic will stay local and all other traffic will be redirected via the default-route.

Ex:

ip routing

int vlan1

ip address 10.0.0.2 255.255.255.128

int vlan2

ip address 10.0.0.129 255.255.255.128

ip helper-address 10.0.0.xxx

int vlan3

ip address 10.0.1.1 255.255.255.128

ip helper-address 10.0.0.xxx

! int vlan4 to vlan32 analog to vlan2

! the default route to MS-ISA

ip route 0.0.0.0 0.0.0.0 10.0.0.1

Regards,

Erik Tamminga

140
Views
2
Helpful
1
Replies