Re: how to configure traffic redirect in switch?

de.joe · ‎06-11-2009

Can we use Cisco switch realize traffic redirect, did C2960G/C3560E support this function, if no, which series switch can do this.

My aim is:

1. If some specification flow (P2P, HTTP) come from uplike, can we difference those flow and apoint P2P flow to PC1 and apoint HTTP to PC2;

2. Can we apoint specification IP address to the PC1 and PC2 that come from uplike?

Thanks!

|

|UPLIKE FLOW

|

CISCO SWITCH

/ \

HTTP/ \P2P

/ \

PC1 PC2

octroncisco · ‎06-12-2009

I think you can do it with NAT. For example, you can redirect the 80 port to the PC1 and the P2P port to the PC2. But you will need a router to implement NAT, I think there aren't switches that implement NAT.

de.joe · ‎06-14-2009

If we use switch configure traffic redirect, more PC can connect to the switch, thanks!

Giuseppe Larosa · ‎06-13-2009

Hello Shaofei,

C3560E supports PBR

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_46_se/configuration/guide/swintro.html#wp1528015

â€¢Policy-based routing (PBR) for configuring defined policies for traffic flows

But you need a Layer 3 design to use it: the uplink and the PC1 and PC2 have to be in two different subnets because the feature is applied inbound to a Layer3 interface.

C2960 is a L2 only switch so it cannot do this job.

Note:

NAT is supported only on routers and C6500 so it is not a viable option here.

Hope to help

Giuseppe

hasmurizal · ‎07-01-2009

Hi all,

just like what Giuseppe said. A multilayer switch with routing capabilities, or catalyst switch with PBR setup.

guilherme · ‎07-01-2009

Hi,

You can do this easily with a small appliance like the ASA 5505, 1841 router and many other "cheap" boxes but unfortunatelly not with the switches you got.

Regards,

Guilherme

hasmurizal · ‎07-01-2009

Hi,

i'm not too sure about Guilherme. Not all "cheap" boxes can handle ip address with port inspection since mostly, i guest can inspect the ip address only.

18xx series should do the job for simple lan/low traffic design, but if you have higher needs than, some "expensive" equipment(s) you have to have it.

Rick Morris · ‎07-13-2009

guiseppe gave you what you need in this post.

You need sometype of routing to be done and it can only be done via layer 3 device.

I have a set-up in my lab that has 2 3560's running bgp with my edge routers, and the 2950 sits behind the 3560's. I am running vtp on the switches and making sure that all vlans are propigated from the server to the clients. I then port channeled the 2 3560's and also have 2 trunks between the 2950 and the 2 3560's. Basically what I am doing from this point is any traffic from my 2950 to my routers is being used by the default route given back to the 3560's learned via bgp from the edge routers. I can easly change this but it is done via routing. I can create acl's that permit or allow certain traffic on different ports.