Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall
From: Dale W. Carder (dwcarder_at_doit.wisc.edu)
To: Vinicius Pavanelli Vianna <firstname.lastname@example.org> Date: Thu, 21 Jul 2005 11:18:49 -0500
Thus spake Vinicius Pavanelli Vianna (email@example.com) on Wed, Jul 13, 2005 at 06:39:35PM -0300:
> Anyone knows how I can forward all traffic the came to a Cisco Catalyst
> swith to an gateway to do some IDS/Firewall/Traffic Shape?
Use a policy route to force the next-hop. I think that's the
closest thing to what you want. However, given that traditional
switches are more or less agnostic to layer 3 information, you can't
do that unless you have a switch with a routing card, or actually
have a router.
If you're only looking for IDS stuff, most high end switches support
So, a layer-2 solution could use vlans and have your IDS/Firewall/Traffic
Shape thingy route, bridge, or proxy-arp between them.
Or, use a PC or some other device that can make switching decisions
based on higher level stack information.
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
firewall-wizards mailing list