Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Traffic Redirect on a 3550 layer 3 switch

We have a need to redirect all port 80 traffic coming from a specified network to a different gateway than the default gateway on a 3550 layer 3 switch. Any help on this would be appreciated.

The network that we need to direct is 10.0.100.0/24 and should be redirected to 10.0.99.2. What we are trying to accomplish is redirect the port 80 traffic on the 10.0.100.0 network to a content filtering server which will also NAT and sent out to the Internet. However, the 10.0.100.0 network sits down one router hop from the 3550 so we can not directly route the traffic, rather have to rely on the source address of the sending machines.

3 REPLIES

Re: Traffic Redirect on a 3550 layer 3 switch

I was unable to test this, but according to the docs, it should be something like this:

route-map NET100 permit 10 :define a route-map

match ip address 111 :define the access-list to be used

set ip next-hop 10.0.99.2 :redirect the traffic

access-list 111 permit ip 10.0.100.0 0.0.0.255 any eq http : matches your traffic

int vlan xx

ip policy route-map NET100 :point to the route-map for traffic on this interface.

I have looked this up in the config guide for the 3550, and it is there.

In my IOS-version, I was unable to assign the route-map to the interface.

It lets me define the route-map OK, but there is no IP policy .. on the interface command list. Probably a version-issue, you may not be able to do this with the standard sw image, an upgrade may be reqyired. Still, it is a way to solve your problem.

Regards,

Leo

Re: Traffic Redirect on a 3550 layer 3 switch

I noticed a typo in the access-list. It should be something like:

access-list 111 permit tcp 10.0.100.0 0.0.0.255 any eq http

New Member

Re: Traffic Redirect on a 3550 layer 3 switch

Thanks for the feedback on this issue. As you mentioned, I too was able to define the route-map OK, but when assigning it to an interface, it appears not to work. What is different on mine, is that there is an ip policy command, and when I enter the command it simply returns to the command line, no errors. So you would assume it took, but if you sh run, the policy does not show on the interface.

Anyone else with suggestions? Can this be done successfully on a 3550 switch? I am running version 12.1.13(EA1) with te EMI image.

297
Views
0
Helpful
3
Replies
CreatePlease to create content