10

I have configured my 3550 L3 switch to redirect HTTP traffic to a significant Machine:

This is my scenario ( PCs instead of Routers):

enter image description here

This is the switch configuration:

CAT3550# show running-config 
Building configuration...
.
.
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0 
!
interface Vlan2
ip address 20.20.20.1 255.255.255.0
ip policy route-map pbr
!
interface Vlan3
ip address 30.30.30.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip classless
ip http server
!
!
access-list 10 permit 20.20.20.0 0.0.0.255
route-map pbr permit 10
match ip address 10
set ip next-hop 30.30.30.2
!
. 
!
end

on the PCs I have put an IP address and a GW:

for example 10.10.10.2 and the gw is:10.10.10.1

My questions is:

Why can't I ping from one computer to another for example (from 20.20.20.4):

ping 10.10.10.2

return :Request time out.

Community
  • 1
Nidal
  • 341
  • 5
  • 14

2 Answers2

14

You seem to be missing the ip routing command which enables L3 routing on the switch.

YLearn
  • 27,291
  • 5
  • 59
  • 128
2

According to the config provided:

access-list 10 permit 20.20.20.0 0.0.0.255
route-map pbr permit 10 match ip address 10
set ip next-hop 30.30.30.2

Any traffic from the 20.20.20.0/24 subnet traversing the VLAN 2 gateway will be redirected to 30.30.30.2 as a next hop. This should effectively drop packets destined to 10.10.10.2 when sourced from the 20.20.20.0/24 subnet...
Unless 30.30.30.2 is in fact configured as a router with a good route to 10.10.10.2, but that wasn't part of the scenario.

Nidal
  • 341
  • 5
  • 14
Jeff Vincent
  • 149
  • 2
  • 7