2 separate subnets in one context of a bridge mode ACE

axfalk · ‎09-13-2012

We've configured an ACE SM context in bridge mode with 2 separate subnets (2 vlan per subnet) as in the following:

interface vlan 1

description vip vlan

bridge-group 1

mac-sticky enable

no icmp-guard

access-group input bpdu

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input VLAN111-VIPS

no shutdown

interface vlan 2

description server vlan

bridge-group 1

mac-sticky enable

no icmp-guard

access-group input bpdu

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

no shutdown

interface vlan 3

description server vlan

bridge-group 2

mac-sticky enable

no icmp-guard

access-group input bpdu

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

no shutdown

interface vlan 4
description vip vlan
bridge-group 2

mac-sticky enable

no icmp-guard

access-group input bpdu

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input VLAN111-VIPS

no shutdown

interface bvi 1

ip address 10.0.1.7 255.255.255.0
no shutdown

interface bvi 2

ip address 192.168.1.7 255.255.255.0
no shutdown

We were wondering if we could route from one subnet (10.0.1.0/24) to the other (192.168.1.0/24)..in other words, can we have the VIP on the 10.0.1.0 subnet and the back-end servers on the other, 192.168.1.0?

Thanks.

_ Greg...

chrhiggi · ‎09-17-2012

Hello Greg-

There is no problem having a server be on a non-bridged vlan compared to the inbound traffic. The bridge is only used to determine how to handle non-loadbalanced traffic.

Regards,

Chris Higgins

Cisco ANS Escalation