Need help with configure Bridged Mode on the ACE

Phi Bui Chau · ‎11-19-2013

Dear all!

I need to configure my new ACE appliance in bridged mode

my topology

Configure on ACE:

Context Admin

switch/Admin# show running-config

Generating configuration....

!

boot system image:c4710ace-t1k9-mz.A5_1_2.bin

!

interface gigabitEthernet 1/1

channel-group 1

no shutdown

interface gigabitEthernet 1/2

channel-group 1

no shutdown

interface gigabitEthernet 1/3

switchport access vlan 1001

shutdown

interface gigabitEthernet 1/4

switchport access vlan 1000

no shutdown

interface port-channel 1

switchport trunk native vlan 1

no shutdown

!

access-list ALL line 8 extended permit ip any any

!

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

!

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

!

interface vlan 1000

ip address 10.104.10.19 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

!

ip route 0.0.0.0 0.0.0.0 10.104.10.1

!

context Websphere

allocate-interface vlan 20

allocate-interface vlan 200

!

username admin password 5 $1$Ei88yeEz$CT5Gy5MCkewwUT/XCV5350 role Admin domain default-domain

username www password 5 $1$a.NWKsco$sOiUlxJdrdrYbkoobfr/d1 role Admin domain default-domain

!

ssh key rsa 1024 force

!

Context Websphere

switch/Websphere# show running-config

Generating configuration....

!

logging enable

logging timestamp

logging trap 5

!

access-list everyone line 8 extended permit ip any any

access-list everyone line 16 extended permit icmp any any

!

rserver host was01

ip address 10.104.20.33

inservice

rserver host was02

ip address 10.104.20.34

inservice

rserver host was03

ip address 10.104.20.35

inservice

!

serverfarm host Websphere

rserver was01

inservice

rserver was02

inservice

rserver was03

inservice

!

class-map match-all slb-vip

2 match virtual-address 10.104.20.36 any

!

policy-map type management first-match remote-access

class class-default

permit

!

policy-map type loadbalance http first-match slb

class class-default

serverfarm Websphere

!

policy-map multi-match client-vips

class slb-vip

loadbalance vip inservice

loadbalance policy slb

interface vlan 20

description "Client Side"

bridge-group 1

access-group input everyone

service-policy input client-vips

no shutdown

interface vlan 200

description "Server Side"

bridge-group 1

service-policy input remote-access

no shutdown

interface bvi 1

ip address 10.104.20.30 255.255.255.0

description "client - server bridge group"

no shutdown

ip route 0.0.0.0 0.0.0.0 10.104.20.1

!

It didn't work.

i can not ping to GW, server or VIP

plz help

Kanwaljeet Singh · ‎11-19-2013

Hi,

Your configuration looks fine. Can you also apply access group to vlan200 as well? I see you have applied remote access policy but no access group on that VLAN. Can you do that and check again.

Normally without access group on server side VLAN normal SLB should work with the above configuration.

Regards,

Kanwal