05-17-2011 09:28 AM
Hi people,
I am hoping you can help me. I have inherited a bit of a mess on my current job. I think I have it right, but it is not working.
We have a 6509 with an ACE module. For reasons I dont fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.
Our BVI looks like this
interface bvi 2
ip address 10.7.40.4 255.255.255.0
peer ip address 10.7.40.3 255.255.255.0
ip address 10.7.42.1 255.255.255.0 secondary
peer ip address 10.7.42.2 255.255.255.0 secondary
ip address 10.7.43.2 255.255.255.0 secondary
peer ip address 10.7.43.1 255.255.255.0 secondary
ip address 10.7.44.2 255.255.255.0 secondary
peer ip address 10.7.44.1 255.255.255.0 secondary
ip address 10.7.45.2 255.255.255.0 secondary
peer ip address 10.7.45.1 255.255.255.0 secondary
no shutdown
I know it is a mess, but this is how I have found it.
We have two VLANS
interface vlan xxx
description interface facing Servers
bridge-group 2
access-group input BPDU
access-group input ALLOW_ALL
interface vlan xxx
description interface facing FWSM
bridge-group 2
access-group input BPDU
access-group input ALLOW_ALL
I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509.
I have all the routes configured properly on the 6509 pointing to the ACE for these subnets
The question is though the config has been excepted, is there a limit to the number of secondarys on a BVI.
I know this is a messy way of doing things, and when the time permits, it will be changed.
Graham M
05-18-2011 06:37 AM
Hello Graham,
Can you maybe write a basic l3 network diagram with the ace, fwsm, the server and the destination you are trying to ping?
I guess the servers are behind following vlan on the ace:
interface vlan xxx
description interface facing Servers
bridge-group 2
access-group input BPDU
access-group input ALLOW_ALL
How is the routing configured on the server? It should be the fwsm interface and the ace. Do you have as well all those ip's configured on the fwsm interface? Can you show us the fwsm interface and routing config?
Thanks,
Olivier
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide