ACE 4710 and vlan1 for virtual context

Answered Question
Jan 26th, 2010

hello guys,

I need 'send' vlan1 to virtual context, but it's not working. where is the problem?

ACE1/Admin# sh run interface
Generating configuration....
interface gigabitEthernet 1/1
  description data to internet
  switchport trunk allowed vlan 200
  no shutdown
interface gigabitEthernet 1/2
  description data to lan
  switchport trunk allowed vlan 1
  no shutdown
interface gigabitEthernet 1/3
  description mgmt
  switchport access vlan 40
  no shutdown
interface gigabitEthernet 1/4
  description fault-tolerance
  ft-port vlan 250
  no shutdown

ACE1/Admin# sh vlans

Vlans configured on physical port(s)
vlan1  vlan40  vlan200  vlan250

ACE1/Admin# sh run context
context WEB-PROXY
  allocate-interface vlan 200
  member RC-WEB-PROXY

ACE1/Admin# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ACE1/Admin(config)# context WEB-PROXY
ACE1/Admin(config-context)# allocate-interface vlan ?
  <WORD>  Enter a vlan id or a range of vlans (Max Size - 20)
ACE1/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id
ACE1/Admin(config-context)#

ACE1/Admin#

why is 1 invalid vlan id?

sh ver:

Software
  loader:    Version 0.95.1
  system:    Version A3(2.0) [build 3.0(0)A3(2.0) adbuild_17:35:22-2008/10/01_/auto/adbu-rel4/rel_a3_2_0_dev_build/REL_3_0_0_A3_2_0]
  system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin
  Device Manager version 1.1 (0) 20080805:0415

  installed license: ACE-AP-01-LIC ACE-AP-C-500-LIC ACE-AP-OPT-50-K9 ACE-AP-SSL-05K-K9

I have this problem too.
0 votes
Correct Answer by Sean Merrow about 6 years 11 months ago

Hi Martin,

I do not believe the information I provided regarding the internal use of VLAN 1 is published in the ACE documentation, however, that is not because we keep it a secret.

I have checked our documentation and can see in two areas of the Configuration Guides that we have it correct (2-4094).  However, as you pointed out, it is incorrect in the Command Reference.  Indeed, the only VLANs you can use are 2-4094.  Thank you for pointing that out.  I will reach out to our documentation team to have that addressed.

ace-appliance-15/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id

ace-appliance-15/Admin(config-context)# allocate-interface vlan 2
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4094
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4095
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4096
Error: Invalid vlan id

As for the ACE module, VLAN 1 is the native VLAN on the trunk that exists between the service module and the 6500, and as such it's untagged. The 802.3 driver on our services modules expect tagged frames so it can't do anything with VLAN 1.  This is common on most (if not all) of the service modules on the Catalyst 6500.

Have a nice day.

Sean

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dario.didio Tue, 01/26/2010 - 05:34

Hi,

VLAN 1 is not supported:

The syntax of this command is as follows:
allocate-interface vlan number1
For the number argument, enter the number of an existing VLAN or a range of VLANs that you want to assign to the context as integers from 2 to 4094.

See config guide for virtual configurations.

HTH,

Dario

Martin Kyrc Tue, 01/26/2010 - 13:29

hello dario,

configuration guide shows something other:

http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/context.html#wp1010776

vlan number_id

Identifies the VLAN to assign to the user context. For the number_id argument, enter the number of an existing VLAN that you want to assign to the context as an integer from 1 to 4096.

maybe wrong information in doc.

martin

Sean Merrow Tue, 01/26/2010 - 12:01

Hello,

You may notice that, even without configuring VLAN 1 on the ACE, VLAN 1 shows up on the following command output:

ace-appliance-14/Admin# sho service-policy det

Policy-map : CLIENT_VIPS
Status     : ACTIVE
Description: -----------------------------------------
Interface: vlan 1 2
  service-policy: CLIENT_VIPS
   :

   :

This is because, while you cannot manually configure VLAN 1, the ACE 4710 actually is already using VLAN 1 internally.  This is what prevents you from using it in your configurtion.

Hope this helps clear it up.

Thanks,

Sean

Martin Kyrc Tue, 01/26/2010 - 13:33

hello sean,

can you show me in documentation for ace 4700, where is this information (internaly usage of vlan 1) described? I didn't find this information. even though, thank you for description. it's clear for me now. can you tell me, if the same problem is for ace module?

martin

Correct Answer
Sean Merrow Tue, 01/26/2010 - 13:53

Hi Martin,

I do not believe the information I provided regarding the internal use of VLAN 1 is published in the ACE documentation, however, that is not because we keep it a secret.

I have checked our documentation and can see in two areas of the Configuration Guides that we have it correct (2-4094).  However, as you pointed out, it is incorrect in the Command Reference.  Indeed, the only VLANs you can use are 2-4094.  Thank you for pointing that out.  I will reach out to our documentation team to have that addressed.

ace-appliance-15/Admin(config-context)# allocate-interface vlan 1
Error: Invalid vlan id

ace-appliance-15/Admin(config-context)# allocate-interface vlan 2
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4094
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4095
Error: Invalid vlan id
ace-appliance-15/Admin(config-context)# allocate-interface vlan 4096
Error: Invalid vlan id

As for the ACE module, VLAN 1 is the native VLAN on the trunk that exists between the service module and the 6500, and as such it's untagged. The 802.3 driver on our services modules expect tagged frames so it can't do anything with VLAN 1.  This is common on most (if not all) of the service modules on the Catalyst 6500.

Have a nice day.

Sean

Sean Merrow Fri, 01/29/2010 - 05:28

Hi Martin,

Just wanted to let you know that the Command Reference for both ACE Module and ACE Appliance has been updated on Cisco.com to reflect the proper VLANs that can be allocated to a context:  2-4094.

Thanks for bringing it to our attention and have a nice day.

Sean

Peter Koltl Sun, 01/31/2010 - 02:12

Workaround:

If you can't have the customer migrate into a different VLAN, you need to trick a bit, as VLAN1 is not usable on the ACE.

Pick a VLAN number that you will use inside the ACE for the outer VLAN1. Say, VLAN101.

If you have an access port connecting to the server segment, just set it to 101:

     switchport access vlan 101

If you connect via a trunk, set your native VLAN to 101:

     switchport trunk native vlan 101

Actions

This Discussion