cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1469
Views
5
Helpful
5
Replies

Trouble with ACE 4710 configuration

dtushing123
Level 3
Level 3

Hi,

I'm having trouble getting my ACE 4710 configured - you can ping the VIP but cannot http to the VIP address and see the servers.

I have an admin network, a client network and a server network - all with layer 3 interfaces on my 6509 that connects to the ACE.

I have 2 servers in the VC server farm with addresses on the server network.

The server's default gw is the layer 3 address on the 6509 (it's a HSRP address by the way)

I can ping the VIP from the 6509, also the servers. I cannot ping the server side VLAN address.

This is my first ACE configuration, I've tried to follow the Cisco docs - everything seems to be as it should but the VIP just does not work. It seems to be going up / down.

Any ideas would be appreciated !

Thanks

D

5 Replies 5

dario.didio
Level 4
Level 4

Hi,

it would help alot if you could post your config.

You say that you have an admin, client and server network. I assume these are 3 different IP subnets? This means you want to use routed mode.

In case of routed mode, your servers should have the ACE as default gateway, not the C6K.

logically it should look like this:

Assume:

VLAN 10 : client-side

VLAN 20 : server side

int VLAN10 on MSFC ------- VLAN 10 ----- int VLAN10 on ACE + VIP ADDRESSES IN VLAN 10-|ACE|int VLAN20 on ACE ---- VLAN 20 ----- servers with an address in VLAN20.

Don't forget to put an ACL on the VLAN interfaces of your ACE to allow traffic to and from the servers!

But it would be alot easier to post your config ;-)

HTH,

Dario

Hi Dario,

Thanks for your response on this.

I think I've configured it the same as your logical diagram above.

Although I do not have the server's default gateway as the ACE.

I've attached config for the ACE and the 6509.

Thanks for your help.

D

Hi,

Try this:

* Remove the int vlan85 from your C6500, the ACE will do the routing for vlan85. Make sure the default-gw on your servers is the IP Address of the int vlan85 of the ACE.

* You don't need to configure an IP Address in VLAN 84 in the admin context because it is done in the VC_TEST.

* VLAN 14 isn't configured on between the ACE and C6500. What is the purpose of it?

* create a static route on your C6500 for the subnet of VLAN85 with next-hop the ACE int vlan84. This way you have also direct access to your servers.

Normally things will work if you make those changes.

Pls rate if this was helpful.

Kind regards,

Dario

Hey Dario,

Vlan 14 is doing nothing - cannot delete it though - always get an error that it's in use.

I removed the layer3 configuration for vlan85 from the C6500.

Changed the Vlan85 interface address on the ACE to 10.65.85.1 (this is the server's default gateway)

Created a static on the C6500

RS05#show ip route 10.65.85.1

Routing entry for 10.65.85.0/28

Known via "static", distance 1, metric 0

Redistributing via eigrp 1

Advertised by eigrp 1

Routing Descriptor Blocks:

* 10.65.84.4

Route metric is 0, traffic share count is 1

Can ping the client Vlan84 int on the Ace from the C6500.

Can sometimes ping the VIP address.

Cannot HTTP to the VIP.

Cannot ping the servers from the C6500.

Cannot ping the server VLAN int on the ACE from the C6500.

It's like the ACE is not routing the server subnet.

From CLI on the ACE in the VC_Test context I can ping the server Vlan interface but not the servers.

Any ideas ?

Thanks again

D

Hi,

I found a problem with the Vlan85 interface - it was set to trunk. I changed it to access and for a moment everything was working :-)

Now, of course it does not work again.

I can ping server to server on the Vlan but not to the Ace.

D

Review Cisco Networking for a $25 gift card