06-16-2012 06:30 PM
hi all
If ace4710 one-armed mode must have two subnet ?
and sw or router must config pbr or snat ?
tks
06-17-2012 12:39 AM
only one subnet with source nat is usually the best practice
06-18-2012 02:15 AM
thank you
I config it successful
but another question
1:Shutdown left or right realservice ,test ok
2:Shutdown1.1.1.28 7001 and 1.1.1.29 7002 test result :telnet 1.1.1.19 7001 Ok
Telnet 1.1.1.19 7002 fail ;but telnet 109.101.108.29 7002 test ok
3:cross shutdown realservice why only single service ok?
1.1.1.28
Tcp port 7001
Tcp port 7002
Tcp port 7009
1.1.1.29
Tcp port 7001
Tcp port 7002
Tcp port 7009
VIP 1.1.1.19
##########################################################
[BEGIN] 2012/6/17 18:47:48
sh run
Generating configuration....
logging enable
resource-class RC1
limit-resource all minimum 10.00 maximum unlimited
limit-resource rate bandwidth minimum 20.00 maximum unlimited
limit-resource sticky minimum 10.00 maximum unlimited
boot system image:c4710ace-mz.A4_2_0.bin
peer hostname SFMI-2
hostname SFMI-1
shared-vlan-hostid 2
peer shared-vlan-hostid 1
interface gigabitEthernet 1/1
shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
ft-port vlan 199
switchport trunk native vlan 1
--More--
switchport trunk allowed vlan 1-3,6-8
no shutdown
interface gigabitEthernet 1/4
shutdown
clock timezone shanghai 8 10
context Admin
member RC1
access-list SFMI-ACL line 10 extended permit icmp any any
access-list SFMI-ACL line 20 extended permit ip any any
access-list SFMI-ACL line 30 extended permit tcp any any
probe tcp 7001
port 7001
interval 30
faildetect 1
passdetect interval 30
passdetect count 2
receive 2
--More--
open 2
probe tcp 7002
port 7002
interval 30
faildetect 1
passdetect interval 30
passdetect count 2
receive 2
open 2
probe tcp 7008
port 7008
interval 30
faildetect 1
passdetect interval 30
passdetect count 2
receive 2
open 2
probe tcp 7009
port 7009
interval 30
faildetect 1
passdetect interval 30
--More--
passdetect count 2
receive 2
open 2
probe icmp PROBE-ICMP
interval 10
faildetect 1
passdetect interval 2
passdetect count 1
receive 1
rserver host Rserver1
ip address 1.1.1.28
inservice
rserver host Rserver2
ip address 1.1.1.29
inservice
serverfarm host SERVERFARM
probe 7001
probe PROBE-ICMP
rserver Rserver1
inservice
--More--
rserver Rserver2
inservice
serverfarm host SERVERFARM2
probe 7002
probe PROBE-ICMP
rserver Rserver1
inservice
rserver Rserver2
inservice
serverfarm host SERVERFARM3
probe 7009
probe PROBE-ICMP
rserver Rserver1
inservice
rserver Rserver2
inservice
sticky ip-netmask 255.255.255.255 address source SGROUP1
timeout 300
serverfarm SERVERFARM
sticky ip-netmask 255.255.255.255 address source SGROUP2
timeout 300
--More--
serverfarm SERVERFARM2
sticky ip-netmask 255.255.255.255 address source SGROUP3
timeout 300
serverfarm SERVERFARM3
class-map match-all VIP-17
2 match virtual-address 1.1.1.19 any
class-map match-all VIP-18
2 match virtual-address 1.1.1.19 any
class-map match-all VIP-19
2 match virtual-address 1.1.1.19 any
class-map type management match-any remote-manage
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
5 match protocol https any
6 match protocol http any
7 match protocol snmp any
policy-map type management first-match remote-manage
class remote-manage
--More--
permit
policy-map type loadbalance first-match VIP-17
class class-default
sticky-serverfarm SGROUP3
policy-map type loadbalance first-match VIP-18
class class-default
sticky-serverfarm SGROUP2
policy-map type loadbalance first-match VIP-19
class class-default
sticky-serverfarm SGROUP1
policy-map multi-match global
class VIP-19
loadbalance vip inservice
loadbalance policy VIP-19
loadbalance vip icmp-reply active
nat dynamic 1 vlan 6
class VIP-18
loadbalance vip inservice
loadbalance policy VIP-18
loadbalance vip icmp-reply active
--More--
nat dynamic 1 vlan 6
class VIP-17
loadbalance vip inservice
loadbalance policy VIP-17
loadbalance vip icmp-reply active
nat dynamic 1 vlan 6
interface vlan 6
ip address 1.1.1.4 255.255.255.0
peer ip address 1.1.1.5 255.255.255.0
no normalization
access-group input SFMI-ACL
access-group output SFMI-ACL
nat-pool 1 1.1.1.99 1.1.1.99 netmask 255.255.255.0 pat
service-policy input global
service-policy input remote-manage
no shutdown
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide