Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
0
Helpful
21
Replies

Proxy for subnet

AvidPontoon1
Level 1
Level 1

‎04-04-2018 03:34 PM - edited ‎03-03-2019 08:46 AM

I have a proxy on our network at 10.1.1.44 and all the wired devices use it with flawless authentication and it works 100%. The issue is with the 10.1.30.0/24 network that is for the wireless. All the endpoints are having trouble with applications not getting the proxy info and not being able to connect to the internet. I can still access the internet but the phones aren't setting the proxy globally across all apps.

 

What I wonder is if there is a way that I can forward all the data through the proxy before it goes out to the internet on the switch level or router level. So instead of configuring the end point (iPhone) it would be configured on the switch or router to make all data pass through the proxy before it went out.

 

Is this possible or can someone suggest another way of doing things?

Labels:
0 Helpful
21 Replies 21

Seb Rupik
VIP Alumni
VIP Alumni

‎04-05-2018 01:43 AM

Hi there,

What steps have you taken to segregate your wireless clients from your wired network? Is it contained within a separate VRF? If so, you could configure the default route for the VRF to be an interface on your proxy.

If your wireless and wired traffic are sharing the same routing table then, then you could use Policy Based Routing by applying a route-map to the wireless network SVI and setting the next-hop as the proxy IP.

 

cheers,

Seb.

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-05-2018 02:15 AM

@Seb Rupik wrote:

Hi there,

What steps have you taken to segregate your wireless clients from your wired network? Is it contained within a separate VRF? If so, you could configure the default route for the VRF to be an interface on your proxy.

If your wireless and wired traffic are sharing the same routing table then, then you could use Policy Based Routing by applying a route-map to the wireless network SVI and setting the next-hop as the proxy IP.

 

cheers,

Seb.

I just have them on different SVI"s and I have EIGRP setup so yes they are sharing a routing table, could I configure the next hop on the switch that connects to the router?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-05-2018 02:57 AM

Hi there,

The route-map should be configured on the interface which routes the packets for the wireless subnet. This will be the router which has the wireless VLAN SVI configured.

 

cheers,

Seb.

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-05-2018 03:06 AM

@Seb Rupik wrote:

Hi there,

The route-map should be configured on the interface which routes the packets for the wireless subnet. This will be the router which has the wireless VLAN SVI configured.

 

cheers,

Seb.

The router doesn't have the SVI defined, it's not a router on a stick. I have 2 core switches that have link aggregation and HSRP, would I put this route map on both core switches? Could you give me an example of a route map that I could use in the scenario with random ip subnets?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-05-2018 03:49 AM

Yes, PBR should work within an HSRP group. You will need to apply the route-map to the routed interfaces on both switches.

The config will look something like this:

!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int gi1/0/1
  ip policy route-map PBR01
!

cheers,

Seb.

 

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-05-2018 04:15 AM

@Seb Rupik wrote:

Yes, PBR should work within an HSRP group. You will need to apply the route-map to the routed interfaces on both switches.

The config will look something like this:

!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int gi1/0/1
  ip policy route-map PBR01
!

cheers,

Seb.

 

Is gi1/0/1 the interface of the link aggregation on 'switch2' and then the link to the router on 'switch1'?

 

My network looks like this:

 

ROUTER

|

Single link

|

SWITCH1 =====LAGG==== SWITCH2

      |                                            |

So if I'm correct the config on switch 1 would be:

 

int port-channel1 - (the interface that goes to switch2)
  ip policy route-map PBR01

 

And then on switch 2:

 

int fa1/0/1 - (The interface that goes up to the router)
  ip policy route-map PBR01

 

Would that be correct?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-05-2018 04:20 AM

You need to place the route-map on the interfaces which are routing your wireless subnet.

 

Can you please provide the configs of the switches and router to ensure we can give a precise answer?

 

cheers,

Seb.

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-05-2018 10:32 AM - edited ‎04-05-2018 11:47 AM

@Seb Rupik wrote:

You need to place the route-map on the interfaces which are routing your wireless subnet.

 

Can you please provide the configs of the switches and router to ensure we can give a precise answer?

 

cheers,

Seb.

ROUTER (CISCNET-RTR)

↓ 

↓ 

SWITCH1 (CISCNET.LOCAL.CORE.2) ======== SWITCH2 (CISCNET.LOCAL.CORE.1)

                          ↓                                                                        ↓ 

 

The configs are attached.

 

Thanks

Nick

 

Edit: From SWITCH1 fa1/0/2 links to the router 

Preview file
2 KB
Preview file
5 KB
Preview file
5 KB
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-06-2018 12:20 AM

Thanks for the configs. These are the additions you need to make:

!! CISCNET.LOCAL.CORE.2
!
!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int vlan30
  ip policy route-map PBR01
!
!! CISCNET.LOCAL.CORE.1
!
!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int vlan30
  ip policy route-map PBR01
!

cheers,

Seb.

 

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-06-2018 03:17 AM

@Seb Rupik wrote:

Thanks for the configs. These are the additions you need to make:

!! CISCNET.LOCAL.CORE.2
!
!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int vlan30
  ip policy route-map PBR01
!
!! CISCNET.LOCAL.CORE.1
!
!
ip access-list ext 101
  permit 10.1.30.0 0.0.0.255 any
!
route-map PBR01
  match ip address 101
  set ip next-hop 10.1.1.4
!
int vlan30
  ip policy route-map PBR01
!

cheers,

Seb.

 

For some reason the 'ip policy' command is not on my switches, how can this be?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-06-2018 03:46 AM - edited ‎04-06-2018 03:47 AM

ah, what image are you running? You need to have ipservices enabled.

You should also enable the SDM routing template:

!
sdm prefer routing
!

cheers,

Seb.

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-06-2018 03:53 AM

@Seb Rupik wrote:

ah, what image are you running? You need to have ipservices enabled.

You should also enable the SDM routing template:

!
sdm prefer routing
!

cheers,

Seb.

Its just the base model so it will be IPBASE

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to AvidPontoon1

‎04-06-2018 04:00 AM

If I remember rightly the 3750 should support evaluation/ right-to-use licensing.

Try issuing the following configuration commands on both switches:

 

conf t
!
license boot level ipservices
sdm prefer routing
!
exit
wr mem
reload

cheers,

Seb.

0 Helpful

AvidPontoon1
Level 1
Level 1
In response to Seb Rupik

‎04-06-2018 04:17 AM

@Seb Rupik wrote:

If I remember rightly the 3750 should support evaluation/ right-to-use licensing.

Try issuing the following configuration commands on both switches:

 

conf t
!
license boot level ipservices
sdm prefer routing
!
exit
wr mem
reload

cheers,

Seb.

Evaluation being that I wont be able to use it forever? How long is the evaluation?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents