Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
3
Replies

Access-List and Ace-4710 Question

jfraasch
Level 3
Level 3

‎08-17-2009 06:04 AM - edited ‎03-06-2019 07:17 AM

I have a lab with the Ace-4710 implemented.

I have four production VLANs and four standby VLANs for the servers. I am connected via trunk ports for the vlans down to a switch. I can ping from the 4710 to all servers on all VLANs. I can ping from all servers to their default gateway which is the 4710 VLAN interface. So for this reason I believe trunking is working.

The VIP address for my Tomcat VLAN is working fine as I can bring up HTTP for that IP that gets load balanced to the VLAN behind it. So that seems to work which is another reason I am thinking this is a access list issue.

However, I cannot ping from one VLAN through the 4710 to another VLAN. I have to think this is a access-list issue. Below is the config for the 4710. What I need is help figuring out whether this is a Access-List issue or not. I am not an ACL guy but I am learning

Actually, the config is attached. Too big to post.

Thanks for any help you can give.

James

Labels:
11401-putty.log
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎08-17-2009 08:48 AM

James-

You have one ACL configured (named ALL) and it is applied only to the management interface. It permits all ports and protocols. None of the other interfaces have an ACL applied. I would double check the routing and make sure the remote VLAN's know how to get the VLANs behind the ACE's. Hope that helps.

0 Helpful

jfraasch
Level 3
Level 3
In response to Collin Clark

‎08-17-2009 08:51 AM

Yeah, I figured out in the meantime that the 4710 does NOT route between VLANs so I have been playing with my Dell Chassis internal PowerConnect layer 3 switch. I have it almost there as I can ping between all the VLANs except for one.

Can't figure this next part out.

Thanks for the reply. Good lesson on the 4170 though. It does not route!

James

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to jfraasch

‎08-17-2009 08:59 AM

James

"Good lesson on the 4170 though. It does not route!"

The ACE can route and will if it is in routed mode -

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/routing_bridging/guide/iproute.html

I recommend posting this query into the "Data Center -> Application Networking" forum where all the experts on these devices live.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card