11-08-2010 10:26 AM
It has been suggested we configure an ACE with the VIPs not associated with a VLAN, By that I mean we have an inside and outside interface as normal (routed mode), but the VIP address is not associated with either interface - on a router it would be on a loopback.
Is this possible? If so how would I configure it?
Thanks,
Paul.
11-08-2010 12:12 PM
this is entirely possible the vip can be anything you want as long as you have a route to it consid
er
client---------gatewayA(10.10.100.1)-----vlan100-------------acevip---------vlan200--------server
lets say ace is configred as:
interface vlan 100
ip address 10.10.100.5 255.255.255.0
interface vlan 200
ip address 10.10.200.5 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.100.1
lets say vip is 20.20.20.100
in routed mode server points to 10.10.200.5 as default gateway
gatewa A needs host route that uses 10.10.100.5 as the next hop for 20.20.20.11.
If the vip were in the 10.10.100.0 space then this would not be needed since the vip would respond to arp requests from gateway A.
11-08-2010 12:20 PM
Hi Paul,
A VIP is never associated to a VLAN, rather it is associated to a policy map.
Having said that, it is true that you can apply a policy map either to the global conf (i.e. ex 1 below)or to a specific VLAN (i.e. ex 2 below).
When you apply it globally, then any request coming from any VLAN might hit the VIP. Otherwise if you apply it under a interface VLAN, only requests directed to the VIP and coming from those specific VLAN will hit the service policy.
Normally I can tell you that policy maps are applied under an interface VLAN. However depending on your set up, it might be worthy to apply them in the global.
1)
conf t
service-policy input VIP
2)
conf t
interface vlan 536
....
service-policy input VIP
11-08-2010 12:32 PM
Hi,
I'm not sure to understand your question so I try to explane what I got.
You want to configure a VIP address (for example 10.10.10.1) on a vlan interface of the ACE that has an IP address on another subnet (for example 192.168.1.0/24).
If you want to do this you can do it just:
- creating a class-map with the virtual-address field with the IP you chose for the VIP
- creating a policy-map type loadbalance with the serverfarm to forward the client request
- creating a policy-map type multi-match to tie the class-map with VIP and the policy-map with serverfarm
- applying the policy-map typ multi-match under the Vlan interface where you want to expose the VIP
remember that the router/firewall connected to the ACE must have the IP address of the Vlan interface of the ACE (where is exposed the VIP) as next-hop to forward correctly the client request.
Hope to be helpful
regards
Giorgio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide