Hi Faris,You don't have any

Wan Mohamad Faris Wan Mohamed · ‎01-18-2015

Hi all,

I need advise/help with this situation:

I want to create a new context. lets say i want to create 2 vlans:

-20 (server side) and 30 (vip/client side).

FYI the other context (existing) already have vlan 20 for server side also.

Can it work?

Is it possible to use management IP same vlan with the server side?

thanks,

faris

Kanwaljeet Singh · ‎01-19-2015

Hi Faris,

The vlans can be shared across contexts if your ACE is in routed mode. It shouldn't be a problem and it also depends on your design but VLAN's can be shared across contexts.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Wan Mohamad Faris Wan Mohamed · ‎01-19-2015

Hi Kanwal,

thanks for the fast response.

I need some help here with this configuration:

----------------------------------------------------------------------------------------------------------------------------------

lb01/test# sh run
Generating configuration....

logging enable
logging timestamp
logging trap 5

access-list ALL line 1 extended permit ip any any

rserver host RS_test1
ip address 172.16.30.78
inservice
rserver host RS_test2
ip address 172.16.30.79
inservice

serverfarm host SF_test1
serverfarm host SF_test2

class-map match-all VS_test1
2 match virtual-address 172.16.37.111 tcp eq www
class-map match-all VS_test2
2 match virtual-address 172.16.37.112 tcp eq www
class-map type management match-any management_vlan_test
201 match protocol snmp any
202 match protocol https any
203 match protocol icmp any
204 match protocol ssh any
205 match protocol http any
206 match protocol telnet any
207 match protocol xml-https any
208 match protocol kalap-udp any

policy-map type management first-match management_vlan_test
class management_vlan_test
permit

policy-map type loadbalance first-match VS_test1-l7slb
class class-default
serverfarm SF_test1
policy-map type loadbalance first-match VS_test2-l7slb
class class-default
serverfarm SF_test2

policy-map multi-match int37
class VS_test1
loadbalance vip inservice
loadbalance policy VS_test1-l7slb
loadbalance vip icmp-reply active
class VS_test2
loadbalance vip inservice
loadbalance policy VS_test2-l7slb
loadbalance vip icmp-reply active

interface vlan 30
description "server side/management"
ip address 172.16.30.115 255.255.255.0
nat-pool 1 172.16.30.110 172.16.30.110 netmask 255.255.255.0
service-policy input management_vlan_test
no shutdown
interface vlan 37
description "client side"
ip address 172.16.37.121 255.255.255.0
access-group input ALL
service-policy input int37
no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.30.254

snmp-server contact "ANM"
snmp-server location "ANM"
snmp-server community public group Network-Monitor

snmp-server trap-source vlan 30

-------------------------------------------------------------------------------------------------------------------------------------------

I cannot ping vlan 37 interface 172.16.37.121. this configuration is done in new context.

thanks,

faris

Wan Mohamad Faris Wan Mohamed · ‎01-19-2015

network design:

my PC----------L3 switch(172.16.37.254)----------cisco ACE---------new context (172.16.37.191)

Kanwaljeet Singh · ‎01-20-2015

Hi Faris,

You don't have any rservers in the serverfarm which will make it INACTIVE and if serverfarm is Inactive you won't be to able to ping the VIP because you have configured " loadbalance vip icmp-reply active", which means that you can only PING VIP when serverfarm is ACTIVE. Your config shall look like this:

serverfarm host SF_test1

rserver host RS_test1

Inservice

rserver host RS_test2

inservice.

Also, if you change the statement from "loadbalance vip icmp-reply" and remove "active", the ping shall work too but in any case you need those rservers in the serverfarm for the loadbalancing to work.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Cisco ACE new context config