Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
2
Helpful
1
Replies

L3 VLANs on Catalyst 3750 and weird traffic forwarding

MaximBudyonny
Level 1
Level 1

‎02-08-2007 09:27 AM - edited ‎03-05-2019 02:14 PM

Hi All,

I need to subnet my net 10.0.0.0/20 to a 32 subnets. It's easy.

But also I need to do a strange trick.

All traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, must be forwarded to MS ISA server if it's destined to network other than 10.0.0.0/20.

for example subnet 10.0.0.0/25 has a default gw 10.0.0.1 propagated from DHCP server via ip helper-address

the same is for subnet 10.0.0.128/25 but with a default gateway 10.0.0.129.

And the trick I must to do is - forward to MS ISA server all traffic from subnets 10.0.0.0/25, 10.0.0.128/25 and so on, if it's destined to network other than 10.0.0.0/20.

I now that I can do this trick with PBR on a Cisco Catalyst. Something like

ip access-l e TO-ISA

deny ip 10.0.0.0 0.0.0.7

permit ip any any

route-map pbr permit 10

match ip address 10

set ip next-hop IP-OF-ISA-SRV

and then insert PBR into each VLAN.

But I think that on a huge network load this configuration would work extremely slow :-(

So how can I do this trick without PBR?

Or may be it would work not very slow?

May be Microsoft Firewall Client can create something like a Tunnel to forward packets directly from PC via default gateway to MS ISA server?

Labels:
0 Helpful
1 Reply 1

etamminga
Spotlight
Spotlight

‎02-08-2007 09:42 AM

Hi,

Wouldn't the easiest thing be to add a default-route to the switch and have it forward all traffic to 10.0.0.1 ? This requires the default-gateway on the 10.0.0.0/25 network (vlan1, ex 10.0.0.2) to be the switch's interface instead of the MS ISA server and the MS ISA server to have a route to 10.0.0.0/20 via the switch's interface (vlan1, ex 10.0.0.2)

As more-specific routes have a higher preference than less-specific routes, all 10.0.0.0/20 traffic will stay local and all other traffic will be redirected via the default-route.

Ex:

ip routing

int vlan1

ip address 10.0.0.2 255.255.255.128

int vlan2

ip address 10.0.0.129 255.255.255.128

ip helper-address 10.0.0.xxx

int vlan3

ip address 10.0.1.1 255.255.255.128

ip helper-address 10.0.0.xxx

! int vlan4 to vlan32 analog to vlan2

! the default route to MS-ISA

ip route 0.0.0.0 0.0.0.0 10.0.0.1

Regards,

Erik Tamminga

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card