CSM-S configure issue

Unanswered Question
Dec 16th, 2008
User Badges:

There are two vlans (vlan 151 and 443)on ssl module. One is for mangement and another one is for server. I think I need to setup "ssl-proxy module X allowed-vlan 151,443" on our core switch. I know that module is located on blade 5 on that core. But when i tried to type ssl-proxy module 5 allowed-vlan 151,443, i got the error message (Unrecognized command). Do I have to do other additional settings about that?

please advice. Thanks a lot:)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Tue, 12/16/2008 - 17:21
User Badges:
  • Blue, 1500 points or more

"ssl-proxy module X allowed-vlan" commmand is only needed for SSL module (SSLM).Since you have CSM-S in module X you dont need this command.


Unlike SSLM You just need to put in a definition for vlan X into the csm config (for SSL daughter card):


vlan 151 client

ip address 1.1.1.100 255.255.255.0


HTH

Syed Iftekhar Ahmed

HWangLoyalty_2 Wed, 12/17/2008 - 12:51
User Badges:

Actually we had an individual CSM and SSL module in our data center. Now we added a CSM-S module in another site .I want to move "individual" settings to the new one. But I found this was totally different. I will the send to your configuration. I will appreciate it if you could give me any support.


There are two Vlans on our SSL module, one is vlan 151 for admin (communication with MSFC),another one is vlan 443 for CSM traffic. Both vlan 1064 and 1068 are for CSM part.

In our core switch:


vlan 443 server


description *** SSL-TRAFFIC-VLAN ***


ip address 10.129.64.4 255.255.254.0


!


vlan 151 client


ip address 172.29.151.100 255.255.255.0


vlan 1064 client


ip address 10.129.64.4 255.255.254.0


gateway 10.129.64.1


alias 10.129.64.6 255.255.254.0


!


vlan 1068 server


ip address 10.129.68.4 255.255.252.0


alias 10.129.68.6 255.255.252.0



vserver A-SSL


virtual 10.129.64.13 tcp https


serverfarm SSL-TRAFFIC


replicate csrp connection


persistent rebalance


parse-length 4000


inservice



serverfarm SSL-TRAFFIC


no nat server


no nat client


predictor leastconns


failaction purge


real 10.129.64.10


inservice


probe ICMP




In our SSL module



ssl-proxy vlan 443


ipaddr 10.129.64.10 255.255.254.0


gateway 10.129.64.1


ssl-proxy vlan 151


ipaddr 172.29.151.71 255.255.255.0


gateway 172.29.151.1


admin


ip route 0.0.0.0 0.0.0.0 172.29.151.1


But from my workstation, I could ping 172.29.151.71 instead of 10.129.64.10. So serverfarm SSL-TRAFFIC is out of service. I followed the settings from “individual” one. But I think something is wrong. please give advice!

Actions

This Discussion