Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
8
Helpful
1
Replies

Flow interception on Layer-2

yves.haemmerli
Level 1
Level 1

‎12-07-2004 02:27 AM

Hi,

I have a CSS11150 with an SSL Accelerator SCA11000 connected on one of the CSS Ethernet Port. The CSS itself is connected with its GE interface on a Catalyst. Only one VLAN is defined, so the CSS, the SCA and a router are on the same subnet. The default gateway configured in the SCA is the router, not the CSS. I thought first it was a mistake because the return flow from the SCA would pass through the CSS at Layer-2 without interception by the CSS! So I decided to NAT the client address when sending encrypted packets to the SCA to solve this issue.

But, I realized that it works also without NATing the client ! So I concluded that the CSS is able to intercept a packet arriving on one of its interface and associate this packet with a established flow, even if this packet is not destined to the CSS.

Can you confirm this behaviour ? What is the recommendation ?

Thank you ,

Yves

Labels:
0 Helpful
1 Reply 1

seilsz
Level 4
Level 4

‎12-08-2004 08:17 AM

Hi Yves -

This behavior is correct. The CSS will check the flow-table first and switch the flow at L2 before any L3 processing takes places.

~Zach

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card