CSM Setup Review

Unanswered Question
Apr 30th, 2007
User Badges:

Hi Folks-


I've recently "inherited" responsibility of our CSMs.


Unfortunately, the configs are a mess and I'm looking to clean them up a bit.

Honestly, I'm astounded they're working -albeit, not without issue.


And so, I believe I have a good approach in starting to configure these correctly .


However, I do have some immediate issues and I was hoping to solicit some feedback as to any interim workarounds.


I have one client vlan - 146 and two server vlans - 74 and 75.


Problem #1: servers in vlan 74 cannot get out to internet - network 206.212.105.0. i've done some sniffer traces and I see the connection attempts going out but return packets are getting lost. also, direct access from client network to these system are required - which works fine.


Problem #2: servers located in vlan 75 can get to the internet ok but direct access to these servers is not working.

again i ran some sniffer traces and I see the connection attempts going out but return packets are getting lost.


Observations:


1. client gateway on the MFSC is not properly defined. All traffic is traversing over vlan 1. i do not want to do this...


2. Server VLAN interfaces (74 & 75) are defined on MFSC. I believe this may be causing an issue as well.


I believe these issues are due to mis-configuration on the CSMs and the MFSC.


I was hoping to get some feedback to address the more immediate problems described above.


Thanks in advance! //C




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 05/02/2007 - 05:27
User Badges:
  • Cisco Employee,

the problem of having the MSFC in the same vlan as the CSM [vlan 74 and 75] will cause asymetric routing.

The CSM does not tolerate asymetric routing.


So, you should find a way to remove those vlans.

Create a static route on the MSFC pointing to the CSM.

However, if there are devices in these vlans that generate a lot of traffic and are not of any use to the CSM, you may end up killing the CSM [which does not have the same bandwidth as the MSFC]. Just make sure what is there and if necessary, move some devices in a different vlan.


If the return packet is getting lost when accsing from vlan 74, it could be because the subnet associated with this vlan is not know by the remote end. It should be troubleshooted at the other end to be sure.


Another solution could be to enable client nat for server initiated traffic. You could nat the traffic from vlan 74 with an ip of vlan 75 since it seems to work for this one.


For that you would create a new serverfarm like this


serverfarm route_nat

no nat server

predictor forward

nat client SPEEDPOOL


and a new vserver


vserver SERV_ACCESS_105_VLAN74

virtual 206.212.105.0 255.255.255.0 any

serverfarm ROUTE_NAT

vlan 74

idle 26400

persistent rebalance

inservice


Gilles.

Actions

This Discussion