Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

CSM-S configure issue

HWangLoyalty_2
Level 1
Level 1

‎12-16-2008 01:36 PM

There are two vlans (vlan 151 and 443)on ssl module. One is for mangement and another one is for server. I think I need to setup "ssl-proxy module X allowed-vlan 151,443" on our core switch. I know that module is located on blade 5 on that core. But when i tried to type ssl-proxy module 5 allowed-vlan 151,443, i got the error message (Unrecognized command). Do I have to do other additional settings about that?

please advice. Thanks a lot:)

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎12-16-2008 05:21 PM

"ssl-proxy module X allowed-vlan" commmand is only needed for SSL module (SSLM).Since you have CSM-S in module X you dont need this command.

Unlike SSLM You just need to put in a definition for vlan X into the csm config (for SSL daughter card):

vlan 151 client

ip address 1.1.1.100 255.255.255.0

HTH

Syed Iftekhar Ahmed

0 Helpful

HWangLoyalty_2
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎12-17-2008 12:51 PM

Actually we had an individual CSM and SSL module in our data center. Now we added a CSM-S module in another site .I want to move "individual" settings to the new one. But I found this was totally different. I will the send to your configuration. I will appreciate it if you could give me any support.

There are two Vlans on our SSL module, one is vlan 151 for admin (communication with MSFC),another one is vlan 443 for CSM traffic. Both vlan 1064 and 1068 are for CSM part.

In our core switch:

vlan 443 server

description *** SSL-TRAFFIC-VLAN ***

ip address 10.129.64.4 255.255.254.0

!

vlan 151 client

ip address 172.29.151.100 255.255.255.0

vlan 1064 client

ip address 10.129.64.4 255.255.254.0

gateway 10.129.64.1

alias 10.129.64.6 255.255.254.0

!

vlan 1068 server

ip address 10.129.68.4 255.255.252.0

alias 10.129.68.6 255.255.252.0

vserver A-SSL

virtual 10.129.64.13 tcp https

serverfarm SSL-TRAFFIC

replicate csrp connection

persistent rebalance

parse-length 4000

inservice

serverfarm SSL-TRAFFIC

no nat server

no nat client

predictor leastconns

failaction purge

real 10.129.64.10

inservice

probe ICMP

In our SSL module

ssl-proxy vlan 443

ipaddr 10.129.64.10 255.255.254.0

gateway 10.129.64.1

ssl-proxy vlan 151

ipaddr 172.29.151.71 255.255.255.0

gateway 172.29.151.1

admin

ip route 0.0.0.0 0.0.0.0 172.29.151.1

But from my workstation, I could ping 172.29.151.71 instead of 10.129.64.10. So serverfarm SSL-TRAFFIC is out of service. I followed the settings from “individual” one. But I think something is wrong. please give advice!

0 Helpful
Customers Also Viewed These Support Documents