right now default route point to 10.10.10.61 is not making me success. any other idea. Infact by putting route none of the systems able to ping Vlan 1 IP 10.10.50.1

If so there must be something wrong in your current configuration. You must be able ping 10.10.50.1 as it is default-gateway of your Vlan1 subnet. And 10.10.10.61 is default gateway for your L3 switch.

PC:

IP: 10.10.10.103

Mask: 255.255.0.0

GW: 10.10.50.1

3750:

ip routing

int vlan 1

ip add 10.10.50.1 255.255.0.0

ip route 0.0.0.0 0.0.0.0 10.10.10.61

It should be like this.  Don't forget enable ip routing on L3 switch. It is by default disabled.

Check route table on 3750:

sh ip route

Hope it will help.

I have done exactly like you said, but still same issue.

Post here current configuration of 3750. And output of command sh ip route. And route print on server. Is it windows server 2003?

Shouldn't this impact in production, as whenever I inject this route my system wouldn't b able to ping 10.10.50.1.and I had to use console to remove the route. Can we make route specific to single client or particular subnet. Do I need to add route on Internet server, route print of server is pasted in my daigram. Pls refer also, switch config is also posted. This is windows 2008 R2 server with mirosoft TMG.

guys, issue has been resolved after ejecting the default route. thanks to every one who suggested. I did't remove the static route 10.10.10.103 255.255.255.255 10.10.50.1 that is why my pc was unable to ping default gateway. Anyhow,  thanks to every one who suggested me

Now, another issue raised in same reference. There is another Internet Server 10.10.10.59 in which some users are allowed to access internet. Those users were had their PC's gateway IP 10.10.10.59. After assigment of Switch IP 10.10.50.1 same issue raised again. Because we have enjected default route on switch 0.0.0.0 0.0.0.0 10.10.10.61 which means the default gateway of L3 will be only 10.10.10.61.

How I route the traffic destined to 10.10.10.59, can we have configured two default routes if yes then how switch will determine the traffic whether to route 10.10.10.61 or 10.10.10.59.

Your swift response will be highly appreciated

Hi Fahad,

What is the version of IOS on 3750X? Users connected on the same LAN as 10.10.50.0?

You have two options:

1. Use Policy Based Routing (if switch supports it).

2. Or create another VLAN (another subnet) for users that use 10.10.10.59 as server. But the server need to be on this VLAN too. Then just add route to the server.

Abzal

3750x-24SE 12.2(58)se2.

PBR is good option pls advice on which scenario do u think PBR can be implemented.

Server farm vlan will be different from users subnet, according to local policy

Hi,

You can apply PBR on any L3 interface( SVI or routed port) if you have  IP services feature set but you'll have to change the sdm template with sdm prefer routing command   and reload the switch for this change to take effect before configuring PBR.

Suppose you have some hosts for example 10.10.10.5 - 10.10.10.7 that need to be forwarded to 10.10.10.59.

First you define hosts:

access-list 10 permit host 10.10.10.5

access-list 10 permit host 10.10.10.6

access-list 10 permit host 10.10.10.7

route-map server2

match ip address 10

set ip next-hop 10.10.10.59

int vlan 1

ip policy route-map server2

Does this server has public IP too?

Hope it will help.

Yes it has public IP, also switch has IP Services enabled,  here remember pls that now I have planned to target Step 2 which has shifting of both Public Networks (Internet Connections) from servers to Layer 3 Switch Routed Ports.

In this activity on server end, new VLAN subnets will be treated the External Subnets and cleints/users will access internet via this VLAN subnet as proxy. The scenerio will like as

Inernet Server 1:

Internal IP: 10.10.10.61/16 with no gateway

External IP: 10.13.1.10/16 (Proxy Address for cleints) with Gateway of L3 SVI 10.13.1.1

Ineternet Server 2:

Internal IP: 10.10.10.59/16

External IP: 10.13.1.11/16 (Proxy Address for cleints) with Gateway of L3 SVI 10.13.1.1

Public Networks will be configured on switch like as (which are used to connected with Servers Directly)

interface gi 1/0/3

no switch port

ip address 210.2.154.226 255.255.255.248

interface gi 1/0/4

no switch port

ip address 210.9.122.2 255.255.255.0

In this scenerio current default route will be changed from 0.0.0.0 0.0.0.0 10.10.10.61 To

0.0.0.0 0.0.0.0 210.2.154.225

Now please advice the further configuration for PBR and how will route traffic to second Public Network.

Also Note, For Normal Users Internet Timing are defined  currently in our setup which say

From 9AM to 10AM and 7PM to 9AM users have free access to internet via 10.10.10.59

However, Executive and Managers Group have unlimited internet Access via Proxy 10.10.10.61.

These permission are being managed from Microsoft TMG Server.

Which means, from every host both internet servers should be accessed.

Hi,

It's possible if you have a router. But I'm afraid not with 3750X because it doesn't support NAT (Network Address Translation).

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml#topic1

Abzal

Appologies, but I totally disagree with u. As per my understanding there is no NAT requirement  here. We don't want to translate any address neither we need this. Need to know ur though which make NAT mandatory, pls explain briefly otherwise it's making me confuse

Pls input, support feedback always help