Here's the interface configuration for the context I'm having a problem with.

interface vlan 87
  description BGVLAN87
  bridge-group 887
  mac-sticky enable
  access-group input BPDU
  service-policy input LBIFS01
  service-policy input LBOAS01
  service-policy input LBINTRA
  service-policy input LBNWP
  no shutdown
interface vlan 501
  description BGVLAN501
  bridge-group 801
  no normalization
  mac-sticky enable
  access-group input BPDU
  service-policy input LBSAP
  no shutdown
interface vlan 801
  bridge-group 801
  mac-sticky enable
  access-group input BPDU
  access-group input IP_TRAFFIC
  no shutdown
interface vlan 887
  description BGVLAN87
  bridge-group 887
  mac-sticky enable
  access-group input BPDU
  access-group input IP_TRAFFIC
  no shutdown

interface bvi 801
  ip address 192.165.90.249 255.255.255.0
  alias 192.165.90.250 255.255.255.0
  peer ip address 192.165.90.251 255.255.255.0
  no shutdown
interface bvi 887
  ip address 194.132.92.119 255.255.255.192
  alias 194.132.92.121 255.255.255.192
  peer ip address 194.132.92.120 255.255.255.192
  description BGVLAN87
  no shutdown

ip route 0.0.0.0 0.0.0.0 192.165.90.254
ip route 0.0.0.0 0.0.0.0 194.132.92.65

Can you send the ACL and the output of the routing table ?

What are the two IP addresses of your servers ?

access-list IP_TRAFFIC line 8 extended permit ip any any

sho ip route

Destination         Gateway          Interface         Flags
------------------------------------------------------------------------
0.0.0.0             192.165.90.254   vlan501           SE [0x4c]
0.0.0.0             194.132.92.65    vlan87            SE [0x4c]
192.165.90.0/24     0.0.0.0          bvi801            IA [0x30]
194.132.92.64/26    0.0.0.0          bvi887            IA [0x30]

rserver host TEST01
  ip address 194.132.92.114
  inservice

rserver host saxceap1
  ip address 192.165.90.42
  inservice

what is the default gateway defined on the servers ? Can you ping the rservers from the ACE ? Is arp table populated correctly ?

rserservers have gatewys 192.165.90.254 and 194.132.92.65 respec

tively.

Ping rservers from ACE work arp is populated properly!

Tyrone

just a guess, but can you put your access-list on the other 2 vlans

too? actually you have traffic going out of your ace and coming back in.

I can't

apply the same access-list on the interface

Error: An access-list of the same type has been already activated on the interface

Tyrone

yes because you already have the access-list BPDU attached. so change the

access-list BPDU or remove it and attach the other one.

The BPDU access-list is there to allow incoming BPDU's I don't think it will be a good idea to remove that.

Has anyone ever seen this problem before??

Can anyone send me an example of a working config in bridged-mode 2 rservers in the same context on different vlans and are able to ping each other????

Tyrone