Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
1
Helpful
9
Replies

Source Alternate L3 Interface For Traffic Destined For Internet

Go to solution
Badger-Fi
Level 1
Level 1

‎05-08-2024 01:36 PM

I want to be able to source an alternate L3 interface for traffic destined for the internet, specifically for checking in with the Smart Licensing Portal and Meraki dashboard, sourced from a Catalyst 9300 that has non-routable addresses configured for /31 P2P WAN links.  Right now I am unable to send traffic from the switch because it chooses to source the traffic from the non-"internet" routable IP addresses on either of the two /31 P2P WAN links.  Is there a way to source this specific traffic from another interface that has an IP address that can access the internet?  I am thinking PBR but can't put it together.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Badger-Fi
Level 1
Level 1

‎05-09-2024 08:32 AM - edited ‎05-09-2024 08:32 AM

I figured it out.  I found the command @balaji.bandi was talking about, last night, and I applied it this morning.  Applying that command fixed the switch reporting to Cisco Software Central but DID NOT fix the switch reporting to Meraki.  When running the onboarding prechecks with the Cloud Monitoring for Catalyst tool, the switch would fail precheck testing connection via 443.  A little research turned up that it uses telnet across 443 to make this happen.  I had to add transport output telnet to my VTY lines which was only half of the solution.  I then checked to see if there was something similar to "ip http client source-interface" for telnet specifically, and there was.  I added "ip telnet source-interface <interface>" which solved the Meraki problem.

So the solution to my problem was adding the following commands:

ip http client source-interface <interface>

ip telnet source-interface <interface>

View solution in original post

0 Helpful
9 Replies 9

Go to solution
MHM Cisco World
VIP
VIP

‎05-08-2024 01:38 PM - edited ‎05-09-2024 09:23 AM

 

MHM

0 Helpful

Go to solution
Badger-Fi
Level 1
Level 1
In response to MHM Cisco World

‎05-09-2024 06:49 AM

I see where you are going with this.  Thanks!  The problem is that the traffic isn't destined for a single host.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Badger-Fi

‎05-09-2024 08:07 AM - edited ‎05-09-2024 09:24 AM

MHM

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-08-2024 10:44 PM

Hello,

post the running configuration of your Catalyst 9300, and indicate which interface you want traffic for the Internet to be sourced from...

0 Helpful

Go to solution
Badger-Fi
Level 1
Level 1
In response to Georg Pauwen

‎05-09-2024 07:35 AM - edited ‎05-13-2024 05:47 AM

I would prefer to use SVI 35 because that is our management, but any SVI would work because they can reach the internet.  The only L3 interfaces that can't reach the internet are the two WAN connections Tw 1/0/47 and Tw 1/0/48, which is where my problem lies because these two interfaces are used to source the traffic. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-08-2024 11:09 PM 

Smart Licensing Portal and Meraki dashboard

This was not clear to me that, why does the switch initiate the connection to above mentioned portals ? is the for smart License ?

or is the switch in the transit clients like to connect to "Smart Licensing Portal and Meraki dashboard" using that public address.

if the switch initiating connecting for smart license you can use source interface :

ip http client source-interface interface-type interface-number

as asked you need also provide configuration bit to look and suggest - if above mentioned solution not correct.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Badger-Fi
Level 1
Level 1
In response to balaji.bandi

‎05-09-2024 07:38 AM

"This was not clear to me that, why does the switch initiate the connection to above mentioned portals ? is the for smart License ?"

yes, that is correct

Also, yes, I have heard of the "ip http client source-interface...".  Does this include both 80 and 443?  I imagine I need both to access the Meraki dashboard and tools.cisco for licensing.

0 Helpful

Go to solution
Badger-Fi
Level 1
Level 1

‎05-09-2024 08:32 AM - edited ‎05-09-2024 08:32 AM

I figured it out.  I found the command @balaji.bandi was talking about, last night, and I applied it this morning.  Applying that command fixed the switch reporting to Cisco Software Central but DID NOT fix the switch reporting to Meraki.  When running the onboarding prechecks with the Cloud Monitoring for Catalyst tool, the switch would fail precheck testing connection via 443.  A little research turned up that it uses telnet across 443 to make this happen.  I had to add transport output telnet to my VTY lines which was only half of the solution.  I then checked to see if there was something similar to "ip http client source-interface" for telnet specifically, and there was.  I added "ip telnet source-interface <interface>" which solved the Meraki problem.

So the solution to my problem was adding the following commands:

ip http client source-interface <interface>

ip telnet source-interface <interface>

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Badger-Fi

‎05-09-2024 10:59 PM

glad the suggestion works for smart license, since that is the way to configure.

I have not tried using Meraki Dashboard - but looking at the document it used same http client source interface to contact meraki dahsboard:

https://documentation.meraki.com/MS/Deployment_Guides/Getting_started%3A_Cisco_Catalyst_9300_Management_with_Meraki_Dashboard

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card