ACE4710 IP address and VIP address

Answered Question
Nov 30th, 2009

I am setting up the 4710 to do load balancing using routed mode

now I have setup an interface address 172.16.7.86  on the client side vlan(vlan7), and the VIP of 172.16.7.85,

I have an ACL allowing all, but I cannot ping the real ip address of 172.16.7.86 yet I can ping the virtual IP address of 172.16.7.85

also which addres is used as the gateway address for users getting to the servers

please see config below

thanks

Richard

access-list ALL line 10 extended permit ip any any

probe http http-dev
  interval 15
  passdetect interval 60
  open 1
probe icmp icmp
  interval 15
  passdetect interval 60

rserver host chijpw71
  description JDE Prod 1
  ip address 172.17.1.80
  inservice
rserver host chijpw72
  description JDE prod 2
  ip address 172.17.1.81
  inservice
rserver host chijpw73
  description JDE prod 3
  ip address 172.17.1.82
  inservice


serverfarm host JDE-Prod
  description production server farm
  probe icmp
  rserver chijpw71 12001
    inservice
  rserver chijpw72 12001
    inservice
  rserver chijpw73 12001
    inservice

sticky ip-netmask 255.255.255.255 address source Sickyjde
  serverfarm JDE-Prod

class-map type management match-any JDE-mgmt
  201 match protocol telnet any
  202 match protocol http any
  203 match protocol icmp any
class-map match-all jdepd
  2 match virtual-address 172.16.7.85 tcp eq 12001

policy-map type loadbalance first-match jdepd-l7slb
  class class-default
    sticky-serverfarm Sickyjde

policy-map multi-match int7
  class jdepd
    loadbalance vip inservice
    loadbalance policy jdepd-l7slb
    loadbalance vip icmp-reply

interface vlan 7
  description "client vlan7"
  ip address 172.16.7.86 255.255.255.0
  access-group input ALL
  service-policy input int7
  no shutdown
interface vlan 171
  description default gateway for servers
  ip address 172.17.1.250 255.255.255.0
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.7.254

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 7 years 1 month ago

You need ACL to allow traffic "through the ace"  on each interface

access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any

interface vlan 7
     access-group input ALL
    no shutdown
interface vlan 171
   access-group input ALL
    no shutdown

HTH

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Mon, 11/30/2009 - 16:12

You need ACL to allow traffic "through the ace"  on each interface

access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any

interface vlan 7
     access-group input ALL
    no shutdown
interface vlan 171
   access-group input ALL
    no shutdown

HTH

Syed Iftekhar Ahmed

Actions

This Discussion