Cisco Switching/Routing :: 3560 Redirect Internet Traffic
Nov 24, 2011
At one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out. At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch. I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this?
View 6 Replies
ADVERTISEMENT
Jan 14, 2012
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
View 15 Replies
View Related
Dec 6, 2012
i want to to ask about redirecting in MLS 7600 .assume the user a has an ip x.x.x.xand that user requested url...i want to to redirect his request to url...the users that have to pay the monthly bills , i want to give thim an ips and redirect all the http requests from this to a special local webpage .is is applicable to to it on router cisco 7600 ??or is it applicable on router 7206 npeg2 ? also i have siwtch 2960g.i dont want to do it by proxy server.
View 4 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Jun 3, 2013
I am unable to redirect the HTTPS traffic on my cisco router with WCCP V2
View 2 Replies
View Related
Mar 26, 2012
On a Catalyst 6509 switch I have configured wccp protocol in order to redirect the Http traffic to a Bluecoat SG8100. It was working fine until a new L3 interface implementation.Thereafter I was unable to redirect the http traffic due to an error reported from the Cat6509: [code] After some checks I supposed that the problem should be the UDP 2048 port connection between the Switch and the Bluecoat while the switch L3 port and the bluecoat are on the same Lan. A deep analysis found that the WCCP protocol seems to be as follow:
-Proxy address 10.64.28.240 to Switch Port 10.64.28.250 Here I Am
-Switch Port 10.64.28.250 to Proxy address 10.64.28.240 I See You
-Switch Port 10.66.0.251 to Proxy address 10.64.28.240 UDP 2048 packet (dropped by firewall)
It's strange to me that the first dialog is correctly handled by the correct Cat6509 interface while the UDP packets are flowing from another Vlan interface not configured with the WCCP and apparently not involved on the protocol.Last of all the WCCP is now disabled and unusable?
View 4 Replies
View Related
Oct 20, 2011
I am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop.
View 25 Replies
View Related
Jul 19, 2012
I have a 3560 switch where I have 4 ports connected, one is to our WAN provider - 10Mbps and the other three are connected to different customers who I want to get an equal share of the 10Mbps bandwidth.I'm fairly clued up about configuring modular QoS but I'm being thrown by the fact that you can't apply a service-policy outbound on the ethernet ports.
View 3 Replies
View Related
Dec 17, 2012
How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies
View Related
Jan 16, 2013
We are in the process of rolling out iPads to our offices. As part of this implementation, we need to print from the iPads to our network printers. Our network printers are mostly HP and Xerox and do not have native Apple AirPrint capabilities. As such, we have been using the FingerPrint software to share out the network printers as Apple AirPrint printers. We have a mixture of switches at our offices. Most offices utilize a 3550 PoE switch. In these offices the AirPrint traffic is being transferred successfully and everything works great. In the offices which are using 3560 PoE switches, the traffic is never seen at the iPads. We are using EnGenius EAP300 access points connected into the Cisco switches to provide wireless access to the iPads. Both 3550 and 3560 switches are running iOS 12.2(25). What might be stopping/blocking the AirPrint traffic on the 3560 switches?
View 3 Replies
View Related
Jul 15, 2009
I use WS-C3560G-24TS and try both ios 12.2.50.SE1 and 12.2.46.SE but problem the same. The config as following,
interface GigabitEthernet0/1
no switchport
ip address 1.1.1.2 255.255.255.0
[code].....
but I find the int g0/1 output traffic only can achieve about 500kbps then I try config below,
interface GigabitEthernet0/1
no switchport
[code]....
I find int g0/1 output traffic only can achieve about 5Mbps,but if I change "srr-queue bandwidth limit xx" command xx to 20-90,the int g0/1 can achieve normal traffic bps, for example,
interface GigabitEthernet0/1
no switchport
[code]...
the int g0/1 output can achieve 2Mbps that is correct,just only when limit set to 10%,the traffic only can achieve half of limit bandwidth.
View 5 Replies
View Related
Nov 19, 2012
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
View 7 Replies
View Related
May 30, 2012
We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
note: there is no L3 interface on swtiches.
View 2 Replies
View Related
Feb 24, 2013
We have offices in USA and Venezuela.In our USA office we have a RV042 router and in Venezuela we have a RV082 router.We have connected a VPN tunnel (gateway-to-gateway) between both offices.
The point is:How could we redirect the internet traffic from our Venezuela office (RV082) to the USA Office (RV042) to navigate using USA public IP's?
The reason for this is that we need to use online streaming services which are only available for IP's from USA and we can't use them from the Venezuelan IP's.
We can not use the PPTP option since the equipment which will use the streaming services (like hulu, crackle, etc.) in Venezuela is a Google TV device which doesn't allow the configuration of proxy navegation or PPTP VPN connections itself. That's the reason why we need to do that through the routers.
View 1 Replies
View Related
Feb 24, 2013
In our USA office we have a RV042 router and in Venezuela we have a RV082 router. We have connected a VPN tunnel (gateway-to-gateway) between both offices.
The point is: How could we redirect the internet traffic from our Venezuela office (RV082) to the USA Office (RV042) to navigate using USA public IP's?
The reason for this is that we need to use online streaming services which are only available for IP's from USA and we can't use them from the Venezuelan IP's.
We can not use the PPTP option since the equipment which will use the streaming services (like hulu, crackle, etc.) in Venezuela is a Google TV device which doesn't allow the configuration of proxy navegation or PPTP VPN connections itself. That's the reason why we need to do that through the routers.
View 1 Replies
View Related
Aug 12, 2012
I have 5 SVIs configured for VLAN Interfaces 121-125 for my vSphere environment.
All VMs can ping IPs on all the VLANs (VMs on VLAN 124 can ping VMs on VLAN121)
All VMs, except those on VLAN 124, can access the Internet or even ping my router IP.
If I change one of the VLAN 124 VMs to use a different VLAN, and update the addressing appropriately, it can access the Internet.
The problem is exhibited with Windows and Linux VMs. So, I believe something in my switch setup is the problem with VLAN 124 in particular.
If i do a show vlan brief, VLAN 124 is listed.
If I do a show ip int brief, VLAN 124 is listed as upup. I also tried to shut o shut the VLAN 124 interface.
Only one specific VLAN has connectivity problems?
My topology is Catalyst 3560 to home router to Internet.
Here is my IOS image: c3560-ipservicesk9-mz.122-55.SE6.bin
Here is my show run output:
3560_02#sh run
Building configuration...
[Code].....
View 4 Replies
View Related
Feb 23, 2012
I have configured vlans in 3560G switch but vlans notable to accessing Internet
View 6 Replies
View Related
Nov 12, 2012
I have been reading for awhile now on all the Cisco forums on the 3560 and shaping egress traffic but I wanted to verify my thoughts on this. I have 3560 that connects to the ISP that is policing at 10Megs, I want to shape my egress traffic going to the ISP, I do not want to provided QOS to any specific traffic type but only shape all traffic outbound. Will my config below shape "all" egress traffic going to the ISP on the 3560, on a port that is physically connect at 100Meg Full duplex?
int gi0/1
srr-queue bandwidth shape 40 40 40 40
I gathered these numbers using the formula of 100* 1/weight, which would equal 2.5 and if each queue has 2.5 meg that would = 10Meg. However another concern is that I don't think I have the full 100Meg on the interface to use (correct?)
View 3 Replies
View Related
Feb 21, 2013
I have an 891w as my edge device for my home office. I have a VLAN for family use (wired and wireless) that routes out to the internet just fine. I have a second VLAN assigned to a VPN tunnel that backhauls traffic to my corporate network (wired and wireless) and all of the traffic gets to the corporate network fine when I am on that VLAN.
However, while I am on the VPN VLAN, no traffic gets to the internet. I believe it is because I have the gateway of last resort (0.0.0.0) set to the WAN IP address provided by my ISP, so DNS is resolving against corporate, but because there is no specific route, it is trying to dump the traffic back out the WAN without traversing the VPN tunnel.
View 4 Replies
View Related
Mar 16, 2012
Is it possible to redirect all web traffic to a Symantec web filtering address on a particular listening port. I had a look at the Srp527w Router and can't find where this could be done.
View 1 Replies
View Related
Jul 12, 2011
We have W2K3 domain with Catalyst 4507 routers.Client (laptop, tablet etc) needs to redirect web traffic (port 80) to a proxy server that listens on port 8080.
Before you ask, this cannot be done using a PAC file distributed via Group Policy or the like because these devices are not controlled by us. These devices are client owned and could be non-Microsoft OS and/or non-IE browser. The theory is to have a WiFi network where clients can bring whatever they like - iPad, Android, Windows, whatever it may be but we do not control them and therefore cannot send a PAC file to it. In the case on Android it does not have a proxy setting even if we could force something.
I've looked at Policy Based Routing which appears to do half the job. I can route a web request that is on port 80 to a new location ie our proxy server. But the problem is that it arrives on the same port 80 when the proxy server only listens on port 8080.
View 10 Replies
View Related
Sep 16, 2012
I have tried search but found found anything for the 3750 switch about how to redirect HTTP, HTTPS & SMTP traffic to altenative gateway, than our standard gateway on our network, so here goes:
The network that need the HTTP, HTTPS and SMTP traffic redirect is 192.168.5.0/24 and should be redirect to 192.168.5.205 where as all other traffic need to be direct to 192.168.5.199.
Can the 3750 switch do this typo of refirect and if how?? I cannot find anything on the Cisco site stating how or even if it is possible!
View 2 Replies
View Related
Apr 25, 2011
i have the following scenario :
ISP1-------ASA 5510----------ISP2
|
|
|
LAN
i would like to use ISP2 for all http/https/ftp traffic.how could I force my ASA to set a different gateway for http/https/ftp traffic ?i have tried several solutions such as nat/pat rules, nothing seems to work.
View 7 Replies
View Related
Mar 1, 2013
We need to create Guest WLAN on WLC 5508 which will be used for internet access only. My questions are:
1. Is it possible to use our external web proxy server to authenticate users?
2. Can we also forward all traffic to the external web proxy to filter the websites that can be accessed (without configuring it on the browser)?
3. Can this be achieved using the L3 webauth?
Our topology:
WLC -- Switch -- ASA Firewall -- Internet -- External Web Proxy
We are using WLC as DHCP server for Guest WLAN with ASA Firewall as the gateway.
View 6 Replies
View Related
Oct 9, 2012
We want design a topology based on transparent proxies using WCCP. Our proxies can do spoofing of user ip addresses. So, the HTTP request will go out our network with the user ip address as source ip. The HTTP Response will arrive with destination address the user ip address. We want use WCCP to redirect inbound and outbound traffic because we have c3750 with L2 WCCP support. The outbound redirection, when the packet is going out our network is simple. But, the problem is the inbound redirection. How we redirect this packets to proxies by WCCP?. Is it possible?. This redirection is done by c3750 using TCAMs/hardware?. Our throughput could grow until 2-3Gbps and we are worried about the performance.
View 1 Replies
View Related
May 15, 2012
I would like to know if it possible to create a policy map in order to redirect the traffic ( 80 , http, 8080) to a proxy.
My current equipment its a 3750X using a IP Service License ,I was reviewing some options but i want to be sure before implement in production.
View 8 Replies
View Related
Mar 13, 2012
Today, my customer have 1 project that have to deploy Cisco 3750 to redirect wccpv2 to Websense Security Gateway.However, i can't excute "ip wccp redirect out" on Cisco Catalyst 3750.
View 5 Replies
View Related
Apr 29, 2013
Amazed I cannot find this in any documentation but I want to know the default aging timer for ICMP redirects on a 3750 switch running at layer 2.
View 10 Replies
View Related
May 20, 2011
I have ASA5505 with bese-license. I like to install proxy sever in my network and i want redirect traffic to the proxy server.
Below i added configuration in my firewall.
ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any ASA(config)#wccp web-cache group-list wccp-servers redirect-list wccp-traffic ASA(config)#wccp interface inside web-cache redirect in
furher configuration and if this configuration is enough, then how to check whther its working or not in my firewall.
View 1 Replies
View Related
Nov 5, 2012
We run a workers camp here and we currently have around 2500-3000 people using our 100MB internet pipe. We are upgrading the pipe to 200MB soon but I still would like to limit how much bandwidth everyone is using.
We allow streaming media such as Netflix, youtube, apple TV and of course .So it gets full pretty fast. We have QOS implemented although I wasn't here when it was done so I don't know a lot about it. I would like to limit IPs to a certain amount of bandwidth. [code]
View 1 Replies
View Related
Feb 16, 2012
So I have a proxy server in my home that all the computers use to access the internet (XP Pro). I edited the host file on the proxy to redirect traffic for various reasons (ad blocking, etc.) But I have noticed that it doesn't seem to affect the computers that use the proxy. For example one entry in the host file could be 127.0.0.1 abc123.com so that abc123.com would loopback to the localhost. For some reason this isn't working. Is there anyway to get this to work without changing the host file on each individual computer?
View 3 Replies
View Related
Mar 21, 2012
I am desperate to make some kind of translation which convert an outside IP Address of our web server to its inside ip address so that requests can be routed internally to the server.
This is what we have: A wireless network with an SSID to serve visitors. We also have an in-house web server which can be accessed internally and externally. We have a ASA 5520 that protects the internal network, including the Web server, and also routes all traffic from the all visitors connected to the public SSID to the outside. The DHCP server for the wireless network for visitors is configured to give the 8.8.8.8 as dns server. The problem with that is that the www.ourwebserver.com is resolved by Google's dns server to the public IP Address of our web server! The traffic then is sent to the outside interface of the ASA 5520. The visitor who wants to access our web server cannot connect!
How can I configure the ASA to route that traffic to our web server with the public ip address to the inside ip address of the web server?
View 2 Replies
View Related
Dec 31, 2012
Can i use acl object group with wccp redirect list?My platforms are 6500 and isr 2921
View 1 Replies
View Related
