11-30-2009 03:13 PM
I am setting up the 4710 to do load balancing using routed mode
now I have setup an interface address 172.16.7.86 on the client side vlan(vlan7), and the VIP of 172.16.7.85,
I have an ACL allowing all, but I cannot ping the real ip address of 172.16.7.86 yet I can ping the virtual IP address of 172.16.7.85
also which addres is used as the gateway address for users getting to the servers
please see config below
thanks
Richard
access-list ALL line 10 extended permit ip any any
probe http http-dev
interval 15
passdetect interval 60
open 1
probe icmp icmp
interval 15
passdetect interval 60
rserver host chijpw71
description JDE Prod 1
ip address 172.17.1.80
inservice
rserver host chijpw72
description JDE prod 2
ip address 172.17.1.81
inservice
rserver host chijpw73
description JDE prod 3
ip address 172.17.1.82
inservice
serverfarm host JDE-Prod
description production server farm
probe icmp
rserver chijpw71 12001
inservice
rserver chijpw72 12001
inservice
rserver chijpw73 12001
inservice
sticky ip-netmask 255.255.255.255 address source Sickyjde
serverfarm JDE-Prod
class-map type management match-any JDE-mgmt
201 match protocol telnet any
202 match protocol http any
203 match protocol icmp any
class-map match-all jdepd
2 match virtual-address 172.16.7.85 tcp eq 12001
policy-map type loadbalance first-match jdepd-l7slb
class class-default
sticky-serverfarm Sickyjde
policy-map multi-match int7
class jdepd
loadbalance vip inservice
loadbalance policy jdepd-l7slb
loadbalance vip icmp-reply
interface vlan 7
description "client vlan7"
ip address 172.16.7.86 255.255.255.0
access-group input ALL
service-policy input int7
no shutdown
interface vlan 171
description default gateway for servers
ip address 172.17.1.250 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.7.254
Solved! Go to Solution.
11-30-2009 04:12 PM
You need ACL to allow traffic "through the ace" on each interface
access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any
interface vlan 7
access-group input ALL
no shutdown
interface vlan 171
access-group input ALL
no shutdown
HTH
Syed Iftekhar Ahmed
11-30-2009 04:12 PM
You need ACL to allow traffic "through the ace" on each interface
access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any
interface vlan 7
access-group input ALL
no shutdown
interface vlan 171
access-group input ALL
no shutdown
HTH
Syed Iftekhar Ahmed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide