ACE4710 IP address and VIP address

Answered Question
Nov 30th, 2009
User Badges:
  • Silver, 250 points or more

I am setting up the 4710 to do load balancing using routed mode

now I have setup an interface address 172.16.7.86  on the client side vlan(vlan7), and the VIP of 172.16.7.85,

I have an ACL allowing all, but I cannot ping the real ip address of 172.16.7.86 yet I can ping the virtual IP address of 172.16.7.85

also which addres is used as the gateway address for users getting to the servers

please see config below

thanks

Richard



access-list ALL line 10 extended permit ip any any


probe http http-dev
  interval 15
  passdetect interval 60
  open 1
probe icmp icmp
  interval 15
  passdetect interval 60

rserver host chijpw71
  description JDE Prod 1
  ip address 172.17.1.80
  inservice
rserver host chijpw72
  description JDE prod 2
  ip address 172.17.1.81
  inservice
rserver host chijpw73
  description JDE prod 3
  ip address 172.17.1.82
  inservice


serverfarm host JDE-Prod
  description production server farm
  probe icmp
  rserver chijpw71 12001
    inservice
  rserver chijpw72 12001
    inservice
  rserver chijpw73 12001
    inservice

sticky ip-netmask 255.255.255.255 address source Sickyjde
  serverfarm JDE-Prod

class-map type management match-any JDE-mgmt
  201 match protocol telnet any
  202 match protocol http any
  203 match protocol icmp any
class-map match-all jdepd
  2 match virtual-address 172.16.7.85 tcp eq 12001

policy-map type loadbalance first-match jdepd-l7slb
  class class-default
    sticky-serverfarm Sickyjde

policy-map multi-match int7
  class jdepd
    loadbalance vip inservice
    loadbalance policy jdepd-l7slb
    loadbalance vip icmp-reply

interface vlan 7
  description "client vlan7"
  ip address 172.16.7.86 255.255.255.0
  access-group input ALL
  service-policy input int7
  no shutdown
interface vlan 171
  description default gateway for servers
  ip address 172.17.1.250 255.255.255.0
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.7.254

Correct Answer by Syed Iftekhar Ahmed about 7 years 6 months ago

You need ACL to allow traffic "through the ace"  on each interface


access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any


interface vlan 7
     access-group input ALL
    no shutdown
interface vlan 171
   access-group input ALL
    no shutdown



HTH


Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Mon, 11/30/2009 - 16:12
User Badges:
  • Blue, 1500 points or more

You need ACL to allow traffic "through the ace"  on each interface


access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any


interface vlan 7
     access-group input ALL
    no shutdown
interface vlan 171
   access-group input ALL
    no shutdown



HTH


Syed Iftekhar Ahmed

Actions

This Discussion