RE : Switching redirection [urgent ...]

Sorry to post again but it's important for me ... If it's impossible, just say it :)

---------------------------------------------------------------------- Hi,

I have a little question.

I want to redirect traffic to one port on a switch 3750 (and 2950).

I know that is easy with the 6500 switch.

We make our vlan, access-list and finally our access-map.

Access-map provide "action redirect" port.

With 3750 we don't have "action redirect" in access-map. Just drop & forward.

Somebody know how can i have a similar configuration without "action redirect" in access-map ?

thank a lot,

Fwed

a scheme to help : ____________ |stationA_vlan10|----------fa0/1| | | Switch |fa0/24------------Firewall |stationB_vlan20|----------fa0/2|____________|

I want when "stationA_vlan10" ping "stationB_vlan20", it's the firewall that permit traffic.

So all traffic will redirect to fa0/24

Thanks for your help

Reply to
Fwed
Loading thread data ...

In article , Fwed wrote: :Sorry to post again but it's important for me ... If it's impossible, :just say it :)

Your diagram shows the hosts as being in different VLANs. If those different VLANs are in different subnets, then perhaps you could put a policy based route on the VLAN.

Anything else... sorry, I have an odd firewall problem to deal with and cannot "urgently" review the documentation.

Reply to
Walter Roberson

Thank you a lot. I just would know if someone has a *flash* in their head, not a full explaination :) With a "world", i'll search documentation :p

I will search with route :))

very thanks for your time spending !

Reply to
Fwed

In article , Fwed wrote: :I want to redirect traffic to one port on a switch 3750 (and 2950).

:|stationA_vlan10|----------fa0/1| | : | Switch |fa0/24------------Firewall :|stationB_vlan20|----------fa0/2|____________|

:I want when "stationA_vlan10" ping "stationB_vlan20", it's the firewall :that permit traffic.

:So all traffic will redirect to fa0/24

You shouldn't need a redirect for this. fa0/1 and fa0/2 are in different VLANs. Trunk both VLANs to fa0/24 and let the firewall handle them on different interfaces, with the only routing between the VLANs being via the firewall.

The exact mechanism for this will depend on the facilities provided by the firewall. If it is a PIX 506/506E, 515/515E, 520, 525, or 535, then you could use "logical interfaces".

On the other hand, if it were a PIX, then it wouldn't be working for you now without logical interfaces, not unless there is some missing information as to how the firewall is connected.

Reply to
Walter Roberson

thank a lot, i will look for that.

I've found

formatting link
pix 501 does not supported.

I'll test with 515 now

:))

Reply to
Fwed

In article , Fwed wrote: :> The exact mechanism for this will depend on the facilities provided :> by the firewall. If it is a PIX 506/506E, 515/515E, 520, 525, or 535, :> then you could use "logical interfaces".

:I've found

formatting link
pix 501 does not supported.

Right. That's why I didn't list it -- the 501 (and 510) do not support "logical interfaces".

:I'll test with 515 now

You would not have been able to get your original port redirect plan to work with a PIX 501. The PIX 501 has no mechanism at all to permit traffic received on one interface to go back out the same interface. The models I list above support "logical interfaces" (802.1Q vlans). The 515/515E, 525, and 535 can be upgraded to PIX 7.0 which supports looping back more directly, but (a poster indicated) only when one of the sources is an IPSec tunnel.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.