cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1087
Views
5
Helpful
2
Replies

CSM configuration question

astanislaus
Level 2
Level 2

Customer wasnt current CSM config changed:

===================================

Customer's request is to make all requests go to real server 173.200.12.109 and if that server is down only then send all requests to backup server 173.200.12.110. But if server 173.200.12.109 comes back online then start sending all requests back to 173.200.12.109 and not use 173.200.12.110.

Questions:

==========

1. I think I have to put the two servers in VLAN 110 and not VLAN 12 and use the CSM in bridge mode by giving the same IP addresses of 173.200.12.8 for client VLAN 12 and server VLAN 110. Right?

2. There are two CAT 6500 with a CSM in each in Fault Tolerant Mode already configured and running and now need the above config changes added. Do I need to configure both CSM manually or if I configure one CSM will the other copy the config automatically.

3. I need to add VLAN 12 and VLAN 110 to Switch VLAN DATABASE, but not add VLAN 12 or VLAN 110 to the MSFC2 or should I only add VLAN 12 to MSFC2 and not VLAN 110.

4.Do new firewall rules need to be created for the two new server real IP addresses or VIP or non change required to the Firewall Rules.

4. What are some useful troubleshooting commands I can see if this doesn't work ? -

show module csm x connection detail, etc.

2 Replies 2

astanislaus
Level 2
Level 2

Config of other CSM

Jon Marshall
Hall of Fame
Hall of Fame

1 & 3) The servers will go into vlan 110. You need to create this vlan on the switch but there is not a routed interface for it.

The client vlan (vlan 12) will need a routed interface however it is not clear from your diagram where this should be. You will need to create vlan 12 on the switch as well. If you are putting a firewall in front of this vlan which it seems you are from your diagram then the routed interface for vlan 12 will be on the firewall not the MSFC. If you put it on the MSFC you will simply route round the firewall - probably not what you want.

2) Version 4.1(1) does not seem to support the command "hw-module csm 'slot no" standby config-sync" (worth checking tho). Looks like this was brought in on version 4.2. Without this command yes you will have to manually copy the config.

4) if you are not allowing through http ( assuming it is http) to the VIP already yes you will need a new firewall rule. That will allow application traffic. If you need direct access to the servers for management etc. then you will need to add in rules for those as well.

5) sh mod csm x reals

sh mod csm x vservers.

sh mod csm x ft

sh mod csm x conn

HTH

Review Cisco Networking for a $25 gift card