Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Address Translation on a particular VLAN

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
AU
I have a Catalyst 4507 with multiple VLANs. One is for a WiFi network. I would like it so that when a client on that particular VLAN61 makes a web request (port 80) that it is redirect to a proxy server (10.11.0.19 on VLAN11) on port 8080.

How can this be achieved?
 
Sort by date Sort by votes
are you familiar with policy-based routing? either that or simply set up the proxy server information in the browsers of the users on VLAN61

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Yes I've looked into PBR but it appears that it cannot change the port. It can redirect traffic and that works but only from port 80 to port 80. Unless you know something I don't.

The problem is we can't set proxy settings in the browser. This works great if we control the device - we can use Group Policy to force it but that only works for Windows with IE that are members of our domain. For users who bring in their own WiFi device we can't control their settings and automatically deploy a setting to them. That would only be possible if they were Windows. But if they bring an iPad/iPod we can't use GPO. If they bring an Android device which doesn't have any proxy settings we couldn't even manually set it even if we wanted to.

Even if users all had eg iPads we could manually do it but that is not feasible for 100, 500, 1000 devices. And Android is out of the question completely.

I have been looking at this for weeks and struggle to believe that it can't be done. Surely the mammoth that is Cisco should be able to do what seems to be a relatively simple request???
 
Upvote 0 Downvote
the only thing i can think of would be to use a combination of PBR and an additional router or firewall behind the proxy to do the port translation. does your proxy permit you to specify ports for it to listen on other than tcp/8080?

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Ok, slight change of plan. It appears this cannot be done solely with a Cisco device.

I have now got an Ubuntu box purely to use iptables to redirect traffic coming to it on port 80 to our proxy server on port 8080. This works fine. If I browse to it goes to
Now I need to reroute traffic inside the Cisco to the Ubuntu box staying on port 80. Much simpler you'd think ;)

Having looked at PBR previously it looks straight forward so I went about creating a policy but ran into a problem when trying to apply it to a VLAN. I ran the following commands....

Code: 
access-list 101 permit tcp 10.60.0.0 0.0.255.255 any eq www

route-map webtraffic permit 101 
match ip address 101
set ip next-hop 10.100.0.9

interface vlan 60
ip policy route-map webtraffic

It appears that under 'interface vlan 60 ip' there is no option to add a policy command. Why not? We have a brand new Catalyst 4507. Any ideas?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
229
Zero6
Zero6
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
212
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
295
iggsterman
iggsterman
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
231
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
164
BleuBell
BleuBell

Part and Inventory Search

Sponsor

Back
Top