Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
1
Replies

Cisco ACE Module in Bridge Mode

greecemonkey
Level 1
Level 1

‎05-17-2011 09:28 AM

Hi people,

I am hoping you can help me. I have inherited a bit of a mess on my current job. I think I have it right, but it is not working.

We have a 6509 with an ACE module. For reasons I dont fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.

Our BVI looks like this

interface bvi 2

  ip address 10.7.40.4 255.255.255.0

  peer ip address 10.7.40.3 255.255.255.0

  ip address 10.7.42.1 255.255.255.0 secondary

  peer ip address 10.7.42.2 255.255.255.0 secondary

  ip address 10.7.43.2 255.255.255.0 secondary

  peer ip address 10.7.43.1 255.255.255.0 secondary

  ip address 10.7.44.2 255.255.255.0 secondary

  peer ip address 10.7.44.1 255.255.255.0 secondary

  ip address 10.7.45.2 255.255.255.0 secondary

  peer ip address 10.7.45.1 255.255.255.0 secondary

  no shutdown

I know it is a mess, but this is how I have found it.

We have two VLANS

interface vlan xxx
description interface facing Servers  
bridge-group 2  
access-group input BPDU  
access-group input ALLOW_ALL

interface vlan xxx  
description interface facing FWSM  
bridge-group 2 

access-group input BPDU 

access-group input ALLOW_ALL

I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509.

I have all the routes configured properly on the 6509 pointing to the ACE for these subnets

The question is though the config has been excepted, is there a limit to the number of secondarys on a BVI.

I know this is a messy way of doing things, and when the time permits, it will be changed.

Graham M

Labels:
0 Helpful
1 Reply 1

ohynderi
Level 1
Level 1

‎05-18-2011 06:37 AM

Hello Graham,

Can you maybe write a basic l3 network diagram with the ace, fwsm, the server and the destination you are trying to ping?

I guess the servers are behind following vlan on the ace:

interface vlan xxx
description interface facing Servers 
bridge-group 2 
access-group input BPDU 
access-group input ALLOW_ALL

How is the routing configured on the server? It should be the fwsm interface and the ace. Do you have as well all those ip's configured on the fwsm interface? Can you show us the fwsm interface and routing config?

Thanks,

Olivier

0 Helpful
Customers Also Viewed These Support Documents