Solved: vip & interface redundancy for css11506

julxu · ‎12-20-2005

When I configure redundancy on my two css11506s, I find when I put acl on, I can not see the vip if not working fine.

and also, if remove redundancy it works fine.

my access list is only bypass ssh and permit VIPs. do I need add more for redundancy?

Any comments will be appreciated

Thanks in advance

Gilles Dufour · ‎12-21-2005

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].

Gilles.

Thanks for rating this answer.

Gilles Dufour · ‎12-21-2005

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].

Gilles.

Thanks for rating this answer.

julxu · ‎12-21-2005

what is the source ip ? I did:

master:

======

circuit VLAN295

ip address 10.2.95.2 255.255.255.0

ip virtual-router 2 110 preempt

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream

backup:

=======

circuit VLAN295

ip address 10.2.95.3 255.255.255.0

ip virtual-router 2

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream

so the acl should be:

clause 1 permit ip 10.2.95.2 destination 224.0.0.18?

Should I use bypass?

Should I use src ip as any?

Please advance.

julxu · ‎12-21-2005

I think I found the solution myself. the src should be the interfaces of vrrp.

I will try today and thanks for help.

Gilles Dufour · ‎12-22-2005

the source is the ip address configured on the interface where you configured the virtual vip or virtual interface.

So in your example, your clause 1 is correct.

Gilles.