Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Policy Map redirect port 80 Switch 3750X

Hello,

I would like to know if it possible to create a policy map in order to redirect the traffic ( 80 , http, 8080) to a proxy .

My current equipment its a 3750X using a IP Service License

I was reviewing some options but i want to be sure before implement in production.

Thank for the advice.

Regards,

Everyone's tags (6)
8 REPLIES
Gold

Policy Map redirect port 80 Switch 3750X

Hi there,

I believe this link could help you, I dont know if you have considered WCCP (web-cache) or not ;-)

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swwccp.html

cheerZ

Hope it Helps!

Soroush.
Green

Policy Map redirect port 80 Switch 3750X

Luis,

Are you sure that a route map would not do the same,

may be something like this:-

!
!
access-list 123 remark * MATCH WWW TRAFFIC *
access-list 123 permit tcp any any eq 80
access-list 123 permit tcp any any eq 8080
access-list 123 permit tcp any any eq 443
!
!
route-map REDIRECT_WWW_TRAFFIC permit 10
match ip address 123
set ip next-hop 123.123.123.123
!
!
int vlan 123
ip policy route-map REDIRECT_WWW_TRAFFIC
!
!

The L3-Switch would need connectivity to ip address 123.123.123.123
for this to work

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
Gold

Policy Map redirect port 80 Switch 3750X

Alex,

I think what Luis wants is more of a Applcation Service (web proxy and cache) or sth like this, a route map simply diverts traffic to a defined next hop and thats it.

correct me if im wrong :-)

Rate me too!

Hope it Helps!

Soroush.
New Member

Policy Map redirect port 80 Switch 3750X

Hello,

thank you for your advice, i would like to test this configuration:

access-list 110 remark Internet Traffic

access-list 110 permit tcp any any eq 80

access-list 110 permit tcp any any eq 8080

access-list 110 permit tcp any any eq 443

!

!

route-map Redirect_Internet Traffic permit 10

match ip address 110

set ip next-hop X.X.X.X (IP Proxy)

route-map Redirect_Internet Traffic permit 20

!

!

int vlan 3

ip policy route-map Redirect_Internet

!

int vlan 4

ip policy route-map Redirect_Internet

Tha vlan 3 and vlan 4 are my vlan for users, i would like to know if other traffic ( not listed in the rules) will flow correctly to outside and inside.

Regards,

Purple

Policy Map redirect port 80 Switch 3750X

Hi Luis,

it will work ok and by the way for PBR you don't need this (as traffic not matching the permit 10 will follow normal routing anyway).:

route-map Redirect_Internet Traffic permit 20

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Policy Map redirect port 80 Switch 3750X

Hello,

I apply this configuration but could not get the redirect. i apply this commands:

ip access-list extended ProxyTest

deny   tcp any any neq www

deny   tcp any any neq 8080

permit tcp any any

ip access-list extended ProxyTest2

permit tcp any any eq www

permit tcp any any eq 8080

permit tcp any any eq 443

route-map Redirect-Internet permit 10

match ip address ProxyTest

set ip next-hop 10.10.0.254

inter vlan 12    

ip policy route-map Redirect-Internet


There is connectivity between both host but could not get the redirect hits the ACL, i tried both ACL for the route -map

Regards,

New Member

Policy Map redirect port 80 Switch 3750X

I find this on my sdm configuration:

PERU-STACK3750X#show sdm prefer

The current template is "desktop default" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  6K

  number of IPv4 IGMP groups + multicast routes:    1K

  number of IPv4 unicast routes:                    8K

    number of directly-connected IPv4 hosts:        6K

    number of indirect IPv4 routes:                 2K

  number of IPv4 policy based routing aces:         0

  number of IPv4/MAC qos aces:                      0.5K

  number of IPv4/MAC security aces:                 1K

Do i need to change the SDM ?

Regards,

Purple

Policy Map redirect port 80 Switch 3750X

Hi,

yes for PBR you need to change the sdm ( sdm prefer routing )and do a reload for the change to take effect.

Use an ACL with permit statements as otherwise it could have an inpact on the CPU.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
2207
Views
0
Helpful
8
Replies
CreatePlease to create content