Luis,

Are you sure that a route map would not do the same,

may be something like this:-

!
!
access-list 123 remark * MATCH WWW TRAFFIC *
access-list 123 permit tcp any any eq 80
access-list 123 permit tcp any any eq 8080
access-list 123 permit tcp any any eq 443
!
!
route-map REDIRECT_WWW_TRAFFIC permit 10
match ip address 123
set ip next-hop 123.123.123.123
!
!
int vlan 123
ip policy route-map REDIRECT_WWW_TRAFFIC
!
!

The L3-Switch would need connectivity to ip address 123.123.123.123
for this to work

Regards,
Alex.
Please rate useful posts.

Alex,

I think what Luis wants is more of a Applcation Service (web proxy and cache) or sth like this, a route map simply diverts traffic to a defined next hop and thats it.

correct me if im wrong :-)

Rate me too!

Hello,

thank you for your advice, i would like to test this configuration:

access-list 110 remark Internet Traffic

access-list 110 permit tcp any any eq 80

access-list 110 permit tcp any any eq 8080

access-list 110 permit tcp any any eq 443

!

!

route-map Redirect_Internet Traffic permit 10

match ip address 110

set ip next-hop X.X.X.X (IP Proxy)

route-map Redirect_Internet Traffic permit 20

!

!

int vlan 3

ip policy route-map Redirect_Internet

!

int vlan 4

ip policy route-map Redirect_Internet

Tha vlan 3 and vlan 4 are my vlan for users, i would like to know if other traffic ( not listed in the rules) will flow correctly to outside and inside.

Regards,

Hi Luis,

it will work ok and by the way for PBR you don't need this (as traffic not matching the permit 10 will follow normal routing anyway).:

route-map Redirect_Internet Traffic permit 20

Regards.

Alain.

Don't forget to rate helpful posts.

Hello,

I apply this configuration but could not get the redirect. i apply this commands:

ip access-list extended ProxyTest

deny   tcp any any neq www

deny   tcp any any neq 8080

permit tcp any any

ip access-list extended ProxyTest2

permit tcp any any eq www

permit tcp any any eq 8080

permit tcp any any eq 443

route-map Redirect-Internet permit 10

match ip address ProxyTest

set ip next-hop 10.10.0.254

inter vlan 12    

ip policy route-map Redirect-Internet

There is connectivity between both host but could not get the redirect hits the ACL, i tried both ACL for the route -map

Regards,

I find this on my sdm configuration:

PERU-STACK3750X#show sdm prefer

The current template is "desktop default" template.

The selected template optimizes the resources in

the switch to support this level of features for

8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  6K

  number of IPv4 IGMP groups + multicast routes:    1K

  number of IPv4 unicast routes:                    8K

    number of directly-connected IPv4 hosts:        6K

    number of indirect IPv4 routes:                 2K

  number of IPv4 policy based routing aces:         0

  number of IPv4/MAC qos aces:                      0.5K

  number of IPv4/MAC security aces:                 1K

Do i need to change the SDM ?

Regards,

Hi,

yes for PBR you need to change the sdm ( sdm prefer routing )and do a reload for the change to take effect.

Use an ACL with permit statements as otherwise it could have an inpact on the CPU.

Regards.

Alain

Don't forget to rate helpful posts.