ACE - bridging basics?

Unanswered Question
May 22nd, 2008
User Badges:

Hi - have just started a initial configuration on a new ACE running A2 software. I have configured a bridging SLb farm. I can connect to the VIP when the client is on the L2 bridged VLAN however cannot connect to the VIP when I am in a routed VLAN off my sup. It seems I am missing something obvious. is there any sample config for this or can someone point me in the correct direction. Thx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
d-fillmore Fri, 05/23/2008 - 07:54
User Badges:

Make sure the ACE has a default route configured on it. I had this problem, customer wanted to not have any sort of routing on the ACE or FWSM, but my understanding is that the TCP connection is made to the ACE, and then from the ACE to the server farm, therefore the ACE needs a route out of it's own VLAN.

w.frye Sun, 05/25/2008 - 22:34
User Badges:

I have a default route back via the mgmt interface. I would have thought this would have been sufficent?

Syed Iftekhar Ahmed Tue, 05/27/2008 - 14:39
User Badges:
  • Blue, 1500 points or more

If you use bridging mode then default route configured on ACE is only for management traffic.

If you cannot reach your VIP from a remote vlan then you need to make sure that your routing infrastructure has appropriate routes for VIPs.

Your real servers in bridge mode points to the upstream routers (like MSFC on the switch.)



w.frye Tue, 05/27/2008 - 15:48
User Badges:

yes this makes sense. I tried to create a Interface VLAN on the MSFC for the gateway for the real servers - but I get the error


switch(config)#int vlan 52

switch(config-if)#ip address

switch(config-if)#no shut

Forcing SVI 52 to stay shutdown (SVI 50 tied to line card in slot 8.)


Interface vlan 50 is the interface used for mgmt of the ACE. I had a route to the VIP's using the mgmt interface on the switch - somehow this needs to be a directly connected network. I have attached the relevant config to a reply to any earlier request in this conversation.

Syed Iftekhar Ahmed Tue, 05/27/2008 - 22:58
User Badges:
  • Blue, 1500 points or more

Create SVI for Vlan 51.

Since ACE is in bridge mode both vlan 51 & 52 will be using the same Subnet.

There is an additional command "svclc multiple interfaces" which must be used when allocating multiple Layer 3 VLANs (MSFC routed Switch Virtual Interfaces) on MSFC.


w.frye Tue, 05/27/2008 - 23:23
User Badges:

I have got this working - but I'm not 100% in the correct method. What I found was that I didn't have the "access-group input ACL1"

applied under my vlan 50 (mgmt interface) on the ACE. When I apply this I can route to my bridged subnet successfully from my MSFC. However I am not sure of the performance impact of this. Also it means I might have to add multiple static routes to my mgmt interface on the MSFC. I will take a look at the command you have provided to see what it does. Thanks


This Discussion