09-18-2012 01:59 PM
I have an ACE 30 running in routed mode with 2 client vland and 2 server vlans. I need to allow servers from server vlan 1 to talk to servers on server vlan 2. How do you configure that?
Thank you
Tony.
09-19-2012 03:34 AM
Hi Tony,
here is the config guide to communicate servers across two vlans.
Regards,
Siva
09-19-2012 06:12 AM
Thanks Siva but that document descibes access for server to server via a VIP and the servers are on the same VLAN. I have servers spread across t different vlans and they want to talk to each other directly, not through a VIP.
09-19-2012 10:21 AM
Hi,
Do you see the connection passing the ACE? What is the behavior if you try to send TCP traffic from server to server?
------------------------------------
Cesar R
09-19-2012 10:34 AM
Tony,
Are all of the servers Layer 2 adjacent to the ACE and if so do the servers use the ACE as a default gateway? If this is the case you really should not have to do anything other than creating an ACL to allow the traffic and apply the access-group to the interfaces. The ACE will see that the destination server is local and will route the traffic to the correct device. If the servers are not using the ACE as the default gateway and you have another L3 interface on these vlans it may be a bit trickier to get communication to work though the ACE depending on the traffic flow.
Regards
Jim
09-19-2012 11:16 AM
Here is a little better explanation of the setup. The servers are not L2 adjacent.
Server vlan 1 = 10.192.34.0/24
Server Vlan 2 = 10.192.44.0/24
The ACE is the gateway for both vlans.
a server on vlan 1 wants to talk to a server on vlan 2.
Cesar, This is just a request right now. The server team hasn't done any testing yet so I don't have any packet captures to show what is occurring.
09-19-2012 11:49 AM
Tony,
Can you share your config showing interface vlan and IP routes? Also let me know what IP each of the servers in the two subnets are pointing to as the default gateway.
I want to confirm I understand your topology correctly.
Regards
Jim
09-20-2012 06:28 AM
Here is my interface configuration and routing table. Each server's gateway is the .1 address of these interfaces.
interface vlan 226
description Intranet Services Server Vlan 226
ip address 10.192.34.2 255.255.255.0
alias 10.192.34.1 255.255.255.0
peer ip address 10.192.34.3 255.255.255.0
no icmp-guard
access-group input ALL-IN
service-policy input FROMVLAN226
service-policy input RMGT_P
no shutdown
interface vlan 246
description Intranet Services Server Vlan 246
ip address 10.192.44.2 255.255.255.0
alias 10.192.44.1 255.255.255.0
peer ip address 10.192.44.3 255.255.255.0
no icmp-guard
access-group input ALL-IN
service-policy input FROMVLAN246
service-policy input RMGT_P
no shutdown
interface vlan 292
description Intranet Services Client Vlan 292
ip address 10.192.8.4 255.255.254.0
alias 10.192.8.6 255.255.254.0
peer ip address 10.192.8.5 255.255.254.0
mac-sticky enable
no icmp-guard
access-group input ALL-IN
service-policy input INTRA-v292_P
service-policy input RMGT_P
no shutdown
interface vlan 294
description Intranet Services Client Vlan 294
ip address 10.192.6.4 255.255.254.0
alias 10.192.6.6 255.255.254.0
peer ip address 10.192.6.5 255.255.254.0
mac-sticky enable
no icmp-guard
access-group input ALL-IN
service-policy input INTRA-v294_P
service-policy input RMGT_P
no shutdown
Destination Gateway Interface Flags
------------------------------------------------------------------------
0.0.0.0 10.192.6.1 vlan294 S [0xc]
10.192.6.0/23 0.0.0.0 vlan294 IA [0x30]
10.192.8.0/23 0.0.0.0 vlan292 IA [0x30]
10.192.44.0/24 0.0.0.0 vlan246 IA [0x30]
10.192.34.0/24 0.0.0.0 vlan226 IA [0x30]
09-20-2012 07:00 AM
Tony,
Since the servers are local and pointing their default gateway at the ACE there should be no problem with this communication. I see you have an ACL applied to both interfaces named ALL-IN. If this is allowing all IP traffic then the config and topology are correct. If traffic is not working correctly between these hosts I would first confirm the default gateway of the servers is correctly pointing at the alias of the ACE interface. I would then confirm if the traffic leaving the server is using the same MAC address as the ACE shows in the "show arp" output. If the servers are using active active NIC teaming or some sort of clustering the MAC address that is being sent at the ACE may not be the same as what the ACE has learned for this device. If the MAC does not match the show arp mapping then this is the issue. The ACE needs to know the MAC address of each device that is forwarding traffic to it. If this is the case you could try configuring a static arp entry matching the MAC that the server is using.
Regard
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide