Cisco Switching/Routing :: Isolating Two Different VLANs With Subnets On 6509E Sup 2T

Oct 1, 2012

I have a pair of Core VSS 6509E SUP 2T. Two different LANs, two diff. Subnets. larger LAN has been connected to the VSS pair usng normal SVI and Post-Channles (has lots of closets 3750 stacks) and no problem. Second LAN, two closets, stacked and connected to each other via Port channel and trunk + SVI interfaces. Now, I have SVI interfaces for both LANs on teh VSS pair and that is causing traffic from one LAN to jump over to the other VLAN and rightly so because the VSS pair see both subnets as directly connected subnets. I was wondring if I delete the SVI for the second LAN and only keep the L2 VLAN this will be resolved> The reason for the second LAN to connect to the VSs pair is only that It has to go through the VSS pair to get to the WAN router (both LANs will go out through this Same WAN router) but WAN router is not my concern at this time. I need to isolate these two LANs/subnets traffic so no one VLAM traffic jumps over the other.I have also thought about VRF but at this point I am not sure if teh 3750 stacks supports VRF and if it does how to implement VRF on the second and samller LAN to just allow it go through the VSS pair in order to get to the WAn router.

View 13 Replies


ADVERTISEMENT

Cisco WAN :: 3750X / Isolating Traffic On Different Subnets?

Apr 19, 2012

What I have is two Cisco 3750X switches, 10 bridges, and 10 routers. What I'm doing is throughput testing. The problem is all of the routers have identical subnets because in the real world there won't be two of them in the same place. The 10 bridges were the easy part. I have one switch dedicated to LAN side and one dedicated to WAN side. Since the bridges themselves allow any traffic through because they are bridges I set all of the individual ports to essentially be their own subnet by making them L3 ports. Then, I set the switch to route the traffic based on subnet through the correct port using the ip route command in the CLI. I'm using a Spirent to generate traffic and the spirent lets me wrap traffic on different streams in different IP addresses. I made the uplink have a subnet of 10.0.28.0 and I made every port have a subnet starting with 10.0.5.0 being incremented by 1. This allowed me to send traffic from source address 10.0.5.5 to destination address 10.0.28.5 and vice versa by telling the switch to route any traffic with a 10.0.5.0 subnet to port 1 (first device) and any traffic with a 10.0.28.0 address to port 24 (uplink). The reason this works is because bridges don't care what the traffic is or where it is going so everybody is fine and happy. Now I have to introduce 10 new devices that are all routers while maintaining the previous set up and I'm stumped. I've tried everything I can think of, different Vlans, trunking, routing, L3 ports, etc. If i try to isolate everything by Vlan they can't talk to each other. If i try to isolate everything by Vlan and trunk the uplink port it won't work because you need to do Vlan tagging and my device doesn't do that and I don't think the switch can do that for you. The routing doesn't work because the uplink port has to be it's own subnet and when that subnet tries to send traffic to the router it's considered foreign and gets dropped. With L3 ports you run in to the same problem, you can isolate all of the individual ports with their own subnet but the uplink port has to have a different subnet which automatically causes the router to drop the packets. The only configuration that works is a completely default dumb switch configuration and that is unacceptable because I need all of this traffic to be isolated because of the bridges. Without the isolation, all of the data will go through the nearest easy hop which will be one of the bridges, even if that isn't the right path the switch doesn't know any better. I can change the subnet on the routers but I can't deviate too far from the original subnet which is 192.168.0.0. I tried setting up different subnets by incrementing the third octet by 1 every time, 192.168.0.1, 192.168.1.1, 192.168.2.1, etc. and think this setup will work I just don't know how to set the switch up. Setting up the switch to route the traffic properly without changing the subnet on any of the devices would be ideal.

View 1 Replies View Related

Cisco Switching/Routing :: 5510 Isolating Switch Ports For A Separate Network

Feb 2, 2012

I have to configure failover Active/Standby on my ASA 5510.I am wondering how i could do for the outside interface, i mean, actually the ASA1 outside interface is linked directly to our Internet router.So now if i have to add ASA2 connecting to that router i will need a switch between them.I have already a switch for DMZ & LAN.The thing is that i will have to allow 3 switchs ports to communicate with each others.

- 1 for ASA1--outside
- 1 for ASA2--outside
- 1 for Internet router
 
How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?

View 1 Replies View Related

Cisco Switching/Routing :: SG200 / 3550 - Creating VLAN And Isolating PC On Network

Feb 12, 2013

I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:

PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.

I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:

Client ip address: 192.168.100.2
VLAN 110: 192.168.100.3
 
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.

View 2 Replies View Related

Making 4 Subnets For VLANs?

Dec 4, 2012

You have to make 4 subnets for 4 VLANs, the router interface assigned to each VLAN is the LAST usable host on the subnet.so unless I'm really bad at networking the graph should be:

NET ID // HOSTS // BROADCAST ADDRESS // VLAN

192.168.0.0 // 192.168.0.1 - 192.168.0.62 // 192.168.0.63 // VLAN1
192.168.0.64 // 192.168.0.65 - 192.168.0.126 // 192.168.0.127 // VLAN2
192.168.0.128 // 192.168.0.129 - 192.168.0.190 // 192.168.0.191 // VLAN3
192.168.0.192 // 192.168.0.193 - 192.168.0.254 // 192.168.0.255 // VLAN4

So if I'd have to write down a single host configuration for VLAN2..I think it should be:

IP: 192.168.0.65
subnet mask: 255.255.255.192
default gateway: 192.168.0.126

Is this correct? I'm not sure whether the default gateway should be 192.168.0.255 (as would with normal subnets) or as I wrote down 192.168.0.126, this is the first time i've ever gotten assignments including VLANs and I havn't really gotten a solid explanation.

View 1 Replies View Related

Cisco Switching/Routing :: 6509E With 2 Sup 2T Cards

Apr 30, 2012

I have a new 6509E with 2 sup 2T cards. The 10GE ports on both sup cards will connect to 2 5548s. Can i connect the management interface on the new 6509E to the old 6509 until i free up space to bring the line cards over?

View 2 Replies View Related

Cisco Switching/Routing :: 10G Upgrade For 6509E

Dec 9, 2012

I have a couple of 6509-E combined in a VSS system. I need to upgrade them to support 8 (or 16 at max) 10G uplinks. I already used the two built-in VS-S720-10G fiber connectors for VSL links. Which Ethernet modules do you suggest to use? are there any related upgrades that I have to do? 
 
supervisor used: VS-S720-10G
Chassis: WS-C6509-E

View 2 Replies View Related

Cisco Switching/Routing :: Migrating Cat 6503-E VSS To Cat 6509E VSS

Aug 7, 2012

I want to migrate a Cat 6503-E VSS to Cat 6509E VSS. We plan to use the same supervisor that we have on the Cat6503E, for minimizing the configuration change on the Doing this, the vss link will need to be changed, due to the fact that the supervisor slot will change with the Cat 6509, slot 5 instead of 1.

Question: is there a way to just change the vsl-link interface on a existing VSS ?

View 3 Replies View Related

Cisco Switching/Routing :: Cat 6509E 6Kw PS AC Input Level Verification

Oct 27, 2011

I have a 6509E switch with dual 6Kw power supply that is logging "Power supply 1 input has changed.  Power capacity adjusted to 2671.20W" then will bounce back to normal at random times from 1sec to 10sec. Is there a command to check what each input level of the power supply to try to identify possibly which source is causing the problem? The power supply input lights remains green while this is occuring.

View 3 Replies View Related

Cisco Switching/Routing :: 6509E - Installing And Setting Up Second Sup720

Feb 27, 2013

Trying to find documentation on the proper procedure for installing a second sup720 into our 6509-E chassis for sup redundancy. I have found documents that tout how 'cool' and 'awesome' NSF/SSO, and all that is, but haven't found any docs on installing a second sup720 into a chassis that is currently in production and is only running one sup720. In all the years that this chassis has been out, there must me a documented procedure out here to explain this.I have been through the following pages, and have found nothing to this effect.

View 1 Replies View Related

Cisco Switching/Routing :: Best Current Stable IOS Version For 6509E?

Jul 2, 2012

upgrade experience with the 6509E on what IOS version to use. This is a new install, so I want the most current version that supports SSH and works with dual supervisors.
 
Here is some information:
WS-C5609-E with 983008K/65536K bytes of memory
Current version 12.2(18)SXF17b
Slot 5 Supervisor 720 (Active)
Slot 6 Supervisor 720 (Hot)  
 
Just need a strong base code, no advanced services. Let me know if you any additional information. 

View 2 Replies View Related

Cisco Switching/Routing :: 6509E - Four Port 10G Blade Buffers 16M

Dec 29, 2011

Looking at the specs for WS-X6704-10GE, it shows the port buffers at 16M per port. This doesn't seem like very much for a 10G port. Is this upgradable or related to how much RAM is in the blade?

View 4 Replies View Related

Cisco Switching/Routing :: 6509E-VSS High CPU Process Due To ARP Input

Feb 6, 2012

We are experiencing with high CPU input due to ARP input between 20:30 and 22:30 every day At this time we have a lot of backup operations. When I look the netflow report, I can't see anything anormal.
 
We are changing our backup server's NIC card from 1gig to 10Gig. The backup operation's traffic is high (approx 2Gbps level) but 6509 has to be handle this size of traffic.
 
We are using two 6509E in VSS mode and our image version is  s72033-adventerprisek9_wan-mz.122-33.SXJ.bin 
 
20:00
show ip arp summary
--------------
2588 IP ARP entries, with 166 of them incomplete

[Code].....

View 16 Replies View Related

Cisco Switching/Routing :: Upgrade Catalyst 6509E CatOS To IOS

Nov 7, 2012

I have to upgrade two Cisco Catalyst 6509E from Catos to IOS. I would want to know the requirements hardware or software for upgrading. Which are the recommended images I must download? From cat6000-sup32pfc3k9.8-4-5 to the latest stable version of IOS, is it recomended to pass to another previously version before?
 
I have viewed the following links,[URL]but, it doesn`t mention anything about that. The image below is the result of the "show version" command of one of our Cisco Catalyst.
 
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug  3 2005, 13:13:36

[code]....

View 2 Replies View Related

Cisco VPN :: ASA5505 - Multiple Distinct Inside Subnets And VLANs?

Nov 17, 2011

The ASA device is going to be the gateway for multiple distinct inside IP subnets.   We can have have a unique outside IP address to correspond to each inside IP subnet if needed, but we need some means for a VPN client or a site-to-site VPN to have acess to a pre-definied IP subnet (i.e. if customer A establishes a VPN connection, they have connectivity to IP subnet X; customer B establishes a VPN connection, they have connectivity to IP subnet Y, etc.).Currently, the two inside IP subnets are 10.10.0.0/16 and 10.20.0.0/16. We will be adding more.The problem we are facing is that we cannot reach the VLAN 201 from the ASA we believe this is because. I have setup two addresses on port 0/1 Vlan1, 10.10.20.2 and 10.20.20.1 as an alias. How can we make traffic for the 10.10.0.0/16 subnet untagged and traffic for the 10.20.0.0/16 subnet tagged for VLAN 201.

View 1 Replies View Related

Cisco Switching/Routing :: Higher Than Normal CPU With Spikes To 90 / 100% - Snmp - 6509e?

Nov 2, 2011

we are seeing network latency problems and our cpu on the 6509e is spiking and have a above average % for the past week or so. When we do see these spikes it seems that snmp and apr input is high 
 
CPU utilization for five seconds: 75%/53%; one minute: 17%; five minutes: 14%
PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process   9     1636168     95505      17131 4.19%  0.36%  0.34%   0 Check heaps =======>
  12      478096   1011864        472  3.07%  0.12%  0.12%   0 ARP Input =====>  52       30420    436000         69  0.07%  0.07%  0.07%   0 Per-Second Jobs
  53      317496      7789      40762  0.87%  0.10%  0.06%   0 Per-minute Jobs
220       55380     87807        630  0.07%  0.06%  0.07%   0 Compute load avg

[code]....

we recently upgraded our 3560 switches to the new 12.2-55 ios version but have not upgraded our 6509 because its ios is on 12.2(33)SXJ1. Not sure if this is related or not but it seems that after we upgraded to the later ios that the latency started.over the last 24 hours the spike is several times an hour and at least one a day that it hits the 90 - 100 % mark.is there a way that we can limit what snmp view but would not effect functionality or network?

View 2 Replies View Related

Cisco Switching/Routing :: 6509 And 6509E Chassis Physical Characteristics

Oct 18, 2012

Are there any physical characteristic differences between the 6509 and 6509-E chassis?

View 4 Replies View Related

Cisco Switching/Routing :: 6509E - Purpose Of ROMmon F1 And F2 And Gold Regions

Apr 27, 2012

On my 6509-E, all the modules show this:
Region F1: INVALID
Region F2: INVALID
Currently running ROMMON from S (Gold) region
 
Is this alright? Is the Gold region like a default region where ROMMON is always installed. And are F1 and F2 just storage partitions that are available to hold backup copies of the ROMMON? From what I read, it sounds like I can copy ROMMON images to F1 and F2, either the same version as the Gold region or different versions. Is that correct? Why would I want to copy different ROMMON versions to F1 and F2?

View 3 Replies View Related

Cisco Switching/Routing :: Total Output Drops On Switch Port On 6509E

May 22, 2012

What is the cause of having a huge number ( 875349) of total output drops on one of my gigabit utp port  gi 2/12 which is connected to Cisco 1841 fa0/0 router by mean of cat5e cable.I did change the cable from cat5e to cat 6 and tried to increase hold queue to 4096 and to tweak wrr queue bandwidth

View 4 Replies View Related

Cisco Switching/Routing :: 6509E Port-channel Flapping When Two More Links Are Added?

Sep 11, 2012

I have two Core 6509E SUP2T configued as VSS and has two 48 ports fiber blades. I have two 3750s, I have two gig on each 3750 port-channle to po1 and connected to both the core, one link to each core.Now, I was asked ot add two more links on each 3750 switch to make it a total of 4 gigs on each 3750s (all 4 gig ports/uplinks will be in used an dtwo links to core one an dtwo links to core 2).when i added two additional links on 3750s and bundled them to po1, I created another port channel on core and bundeled the additional two gigs on each core to accomodate for the two additional links (ports on core switches are not consequtives).
 
adding these two additional ports makes the 3750 switches flap between managemnet vlan and po1.now, i am not sure if I must have added the two additional links on the core to teh current port-channel or core!? I have created another port-channel on core to accomodate for this currently!?

View 26 Replies View Related

Cisco Switching/Routing :: Large Number Of Queue Output Drops On 6509E

Apr 3, 2013

we have two 6509E, as our core switches. Recently I noticed that on some connections I have a high output queue drop rate.
 
These 4 x 2 interfaces (gigabit) are connected to our blade encolure, consisting of 4 x WS-CBS3120X-S. The utilization of the links is really quite low, when I see the increase of the drops. (~=60Mbps). All the links are fiber (SFP) and the distance between the core switches and the enclosure is about 15-20m.
 
I am not aware of any service degradation on the part of the servers. No CRCs, collisions etc, on the interfaces, apart from the drops.
 
The line card is a WS-X6748-SFP, but other interfaces don't seem to be experiencing any problems.

View 2 Replies View Related

Cisco Switching/Routing :: Catalyst 6509E Upgrade IOS Required Memory Size

Oct 21, 2012

I have Catalyst 6509 E with redudant SUP720-3B (and MSFC3) running 12.2(18)SXF6 IP Services Lan Only IOS (this IOS requires 512MB DRAM and 64MB of flash) SUP has 512MB DRAM (458720K/65536K) and 512MB sup-bootdisk:, but, there is65536K bytes of Flash internal SIMM (Sector size 512K).
 
My question is can I put 12.2(33)SXJ3 IP Services Lan Only IOS to this 6500 because this IOS requires 512MB DRAM and 512MB od flash?This is "sh ver" and "dir all-filesystems" of my 6500:
 
cat6500#sh verCisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1)Technical Support: [URL] Copyright (c) 1986-2006 by cisco Systems, Inc.Compiled Mon 18-Sep-06 23:59 by tinhuangImage text-base: 0x40101040, data-base: 0x42D90000
ROM: System Bo

View 6 Replies View Related

DELL 2816 - Benefit Of Setting Up VLANs If Subnets Wired Separately

Jun 12, 2013

I have 2 sub nets within my office: 172.16.1.0/24 and 172.16.2.0/24. All devices on each subnet are wired independently from each other into the server closet. Previously each sub net had it's own switch in the closet to connect to that sub nets servers. We are replacing the 2 switches with a single Dell 2816 managed switch.

Is there a benefit to setting up the switch with 2 VLANs over just letting everything pass through the switch in un managed mode?

My only security concern is this: 1 sub net has access to the internet while the other does not. Does setting up 2 VLANs provide additional security by preventing 1 subnet from accessing the other? In other words, if a computer with internet access gets hacked will it being on one side of a VLAN prevent the hacker from accessing the other subnet?

View 1 Replies View Related

Cisco Switching/Routing :: Configuring EtherChannel Between 3750-X Cross-stack And 6509E Switch?

Mar 3, 2013

configuring EtherChannel between 3750-X cross-stack and 6509E switch. I use two ports on 3750s, and two ports on 6509. I just need it as a trunk. For some elusive reason one port on 3750 keeps being err-disabled, and one on 6509 notconnected.
 
Here is what I did so far.
 
3750
!
interface GigabitEthernet1/0/22
description ***VSS-RNOC-link***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2

[code]....
 
Problem with :

GigabitEthernet1/0/22 is down, line protocol is down (err-disabled)
GigabitEthernet2/1/29 is down, line protocol is down (notconnect)
 
I tried shutting them down, then no shutting them again. Didn't work.

View 11 Replies View Related

Cisco Switching/Routing :: Modules Operating Temperature And Major Error On 6509E Switch

Apr 6, 2013

we have two 6509E which are configured in VSS mode with the following modules in each:
 
  1   48  CEF720 48 port 10/100/1000mb Ethernet 
  2    8  DCEF2T 8 port 10GE                    
  3    4  CEF720 4 port 10-Gigabit Ethernet    
  5    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G  
 
 I need to know if the temperature of the attached modules are normal or there is a problem?

the status of one of the supervisor engines is "MajFail" as shown below:
 
Mod  Online Diag Status
---- -------------------
  1  Pass
  2  Pass
  3  Pass
  5  Major Error

View 3 Replies View Related

Cisco Switching/Routing :: 6509E 20% Speed Loss When Router Introduced To Transfer Path

Jun 11, 2012

I have an issue that I am trying to track down.  When I have 2 servers on the same VLAN on my AS pair, all is good because nothing leaves the switch.  Where the issue is, is when I have 2 servers on different VLAN's and it requires a hop across the Core router pair.  This hop drops the throughput rate by about 20-25% (from 44M to 35-36M)I think I know the issue, but want some input to from other to make sure I am not off-base.  I have a pair of 6509E chassis' running Sup720 (VS-S720-10G) with CEF720 (X6748-GE-TX) modules.  This is my Access Pair running VSS to look as 1 switch.
 
These tie into the Core pair of 6500E chassis' running Sup720 (Sup720-3B).  This issue I see is that the core has a CEF720 card (6724-SFP), but the AS pair does not connect to the core on that card, they connect on a RJ45 Ethermodule (6148A-GE-TX) card.  Would the fact that the AS pair does not connect to the core on the CEF7220 module on the core, cause the traffic to not make use of the CEF features of the Core and make each packet then have to be processed by the core instead of Express Forwarded?

View 1 Replies View Related

Cisco Switching/Routing :: 6509E / SUP720 (Standby Hot) - Console Port Indicate Software Crash

Oct 28, 2012

I have one Catalyst 6509E chassis and two SUP720. The bootup sequence  on SUP 720 (standby hot) failed . Messages that appear on SUP 720, on the console port indicate o software crash.  I don't have a flash card in SUP720. 
 
This is the bootup process:
 
System Bootstrap, Version 8.5(3)
Copyright (c) 1994-2008 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory

[code].....

View 1 Replies View Related

Cisco Switching/Routing :: 887 - IP Multicast Routing Between Subnets Same Router

Feb 21, 2013

I’ve been trying a few days now to implement multicast routing on my home network in order to make airplay work between subnets. Specifically between an iphone and a hifi separated by different vlans. Failed, as I have no experience in multicast routing. we have a clean configuration and simple network which consists of two SVIs

Vlan 10: 192.168.1.0 255.255.255.0
Vlan 20: 192.168.2.0 255.255.255.0
 
ios platform cisco 887

View 5 Replies View Related

Cisco Switching/Routing :: How To Configure Route Between Two Subnets On 2960-S

Jun 21, 2012

configuring a working route between two subnets (172.28.0.0/16 and 192.168.0.0/24) on a Cisco Catalyst 2960-S.
 
Problem: The subnet 172.28.0.0/16 is on VLAN 40 and the clients on this subnet have to access a preconfigured device with an ip in 192.168.0.0/24 subnet. The configuration of this device cannot be changed.
 
I have an Cisco 2960-S Lan Base (c2960s-universalk9-tar.150-1.SE3) switch [URL] that I would like to use to solve this problem.

View 17 Replies View Related

Cisco Switching/Routing :: Two Subnets Through Pair Of SG200-08 Switches

Mar 21, 2012

I have two separate companys both with staff at two locations and thier own networks connected with a wireless antenna which provides a high speed LAN connection between offices.  I only have a single path through this antenna bridge.  I have an SG200-08 switch at each end.  What I am attempting to do is utlise the switches to take the two subnets at one office, combine them to one for transfer through the antenna bridge, and then resolve them into the two separate networks again at the other end.

View 1 Replies View Related

Cisco Switching/Routing :: ASA 5510 / Subnets Unable To Reach Outside?

Feb 18, 2012

I'm replacing our current router with an ASA 5510 running 8.4(3) and I'm having what I think are NAT issues.From the 192.168.0.0/24 subnet, I'm able to reach the outside world (via NAT/PAT) without any issues. However none of the internal subnets (e.g. 192.168.10.0/24) are able to. Packet-tracer shows no ACL issues.

Here's my config:
 
ASA Version 8.4(3)
!
hostname gw
domain-name internal.mycompany.com
enable password asdf encrypted

[code].....

View 6 Replies View Related

Cisco Switching/Routing :: 2901 - Multiple Subnets On Same Vlan Switchport?

Jun 29, 2012

I have a Cisco 2901 with the 4port gigabit ethernet switch module that I'm trying to get configured to have a seperate subnet for each port.  So far I have it set up so each subnet is a vlan, then on each port I use the switchport access vlan command to tell it which subnet I want that port to be on.  However, there is one port that I need to have 2 subnets on.  The way I found to do that was to use switchport trunking on that port, but it doesn't seem to be working properly. how they would configure this?  Right now I have vlan 101 as x.x.x.17/28 and vlan 103 as x.x.x.53/30.  I think where I'm getting hung up is the proper association between the physical port and the vlan subnets.

View 5 Replies View Related

Cisco Switching/Routing :: 7206VXR - WCCP Redirection Of Non-directly Connected Subnets

Jul 18, 2012

I have a Cisco 7206VXR running 12.4(24)T3 IOS. It is configured with WCCPv2 using L2 mask redirection. I am using service groups and associated extended ACLs to select which subnets I want to redirect port 80 traffic from.
 
It is working fine for the subnet 192.168.1.0/24....
 
int gi0/2
ip wccp 10 redirect in
ip address 192.168.1.99 255.255.255.0
  
... however, there is OSPF running between the router and a Mikrotik device directly connected to this interface. The gateway addresses for all the client subnets are on the Mikrotik. Traffic from other subnets, e.g. 192.168.2.0/24, 192.168.3.0/24 come in on this interface and I want to redirect those too. But it appears that the redirection doesn't work for those subnets (I don't see any hits on the relevant ACL for any subnet except 192.168.1.0/24).
 
It seems like the router only wants to redirect traffic for subnets that it has an IP address in itself. Admittedly, all of the example configs i've found on cisco.com are for redirecting traffic from directly connected subnets but I can't find anything that denies thie possibility of redirecting any traffic that comes in on a given interface.
 
The question is, is this how WCCPv2 redirection works? i.e., the router must have an IP address in the subnet to be redirected?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved