Unable pingCilent Side to Server Sever (ACE4710) - Cisco Community

1469

Views

0

Helpful

5

Replies

1,My client side Trunk Layer 2 Switch,allowed vlan 64

2.Server side Switch vlan 55,

3,My 4 sarver 192.168.55.46,

192.168.55.47,

192.168.55.48,

192.168.55.49

interface gigabitEthernet 1/1

description client_side

switchport trunk native vlan 1

switchport trunk allowed vlan 1,64

no shutdown

interface gigabitEthernet 1/2

description server_side

switchport access vlan 55

no shutdown

interface gigabitEthernet 1/3

shutdown

interface gigabitEthernet 1/4

switchport access vlan 1000

no shutdown

object-group network ALL

access-list ALL line 8 extended permit ip any any

rserver host 1

description Application_sever1

ip address 192.168.55.48

conn-limit max 4000000 min 4000000

inservice

rserver host 2

description Application_Server2

ip address 192.168.55.49

conn-limit max 4000000 min 4000000

inservice

rserver host 3

description Application_Server3

ip address 192.168.55.46

conn-limit max 4000000 min 4000000

inservice

rserver host 4

description Application_Server4

ip address 192.168.55.47

conn-limit max 4000000 min 4000000

inservice

serverfarm host VS_WEB

rserver 1 80

conn-limit max 4000000 min 4000000

inservice

rserver 2 80

conn-limit max 4000000 min 4000000

inservice

rserver 3 80

conn-limit max 4000000 min 4000000

inservice

rserver 4 80

conn-limit max 4000000 min 4000000

inservice

class-map match-all VS_Web

2 match virtual-address 192.168.100.1 any

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance first-match VS_Web-l7slb

class class-default

serverfarm VS_WEB

policy-map multi-match int55

class VS_Web

loadbalance vip inservice

loadbalance policy VS_Web-l7slb

interface vlan 55

bridge-group 1

access-group input ALL

service-policy input int55

no shutdown

interface vlan 1000

ip address 192.168.56.15 255.255.255.224

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

interface bvi 1

ip address 172.16.1.1 255.255.255.0

description Virtual port

no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.56.1

5 Replies 5

Hi,

I suppose you are unable to ping VIP.

Please configure command " loadbalance vip icmp-reply" or loadbalance vip icmp-reply active".

You should be able to ping VIP after configurig the first command no matter whether servers are active or not. If you configure second one then only if servers in serverfarm are operational you will get the response.

Let me know if that works out for you.

Regards,

Kanwal

policy-map multi-match int55

class VS_Web

loadbalance vip inservice

loadbalance policy VS_Web-l7slb

loadbalance vip icmp-reply active

-------------------------------------------

no ping client side to server side

Hi,

You are trying to ping from a client on Vlan 64 to a server in VLan 55???

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

i try to ping Vlan 64 to Vlan 55 but no ping

Hi Faisal,

This is actually expected. Check this;

'For security reasons, the ACE does not allow pings from an interface on a VLAN on one side of the ACE through the ACE to an interface on a different VLAN on the other side of the ACE. For example, a host can ping the ACE address that is on the IP subnet using the same VLAN as the host, but cannot ping IP addresses configured on other VLANs on the ACE. "

http://tools.cisco.com/squish/944F8

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community