ACE 4710 in bridge mode

Unanswered Question
Mar 4th, 2010
User Badges:

Hi,


We got new ACE 4710 device and i am trying to configure that in Bridging mode.

I am trying to loadbalance between two servers which is connected as shown below:


Servers -> Switch -> Router (with subinterface).


Servers IP: 172.16.11.1 and 172.16.11.2


Router IP: 172.16.11.254


Default route is router IP address for servers.


I am new to ACE and I am confused about how to assign interface on ACE so that ACE can bridge the traffic between router and servers VLAN.

We have some more servers which are on different VLAN but can connect to these servers as router is doing inter-vlan routing too.


I want inter-vlan routing and load balancing between above two servers concurrently. Pls. help in this regard.


Also attaching the ACE config file.

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
Gilles Dufour Fri, 03/05/2010 - 00:29
User Badges:
  • Cisco Employee,

You have to first change the vlan to which the router is attached.

Than on the ACE you configure both the router vlan and the server vlan.

Do not configure any ip address under the vlan, but instead configure a bridge-group with the same id.

Then create a bvi interface with that bridge group id.

Under the bvi interface, configure an ip address from the same subnet of the router and servers.

ACE will bridge the server and router vlan so that the servers will appear as direclty connected to the router.

No need to change ip addresses or gateways.


Gilles.

winpwnkmr Fri, 03/05/2010 - 01:41
User Badges:

So in that case, will other VLAN servers can directly access those two servers which are part of ACE?

Do I have to assign different VLANs on switch for physical interface on ACE. In my case gig1/1 - VLAN10 and gig1/2 to VLAN13?


Thanks,

Pawan

winpwnkmr Fri, 03/05/2010 - 02:18
User Badges:

Hi,


I tried the setup as per your suggestions, below are the details:


Router interface config:

---------------------------------

interface GigabitEthernet0/0.13

description "ACE vlan 13"
encapsulation dot1Q 13
ip address 172.16.11.254 255.255.255.0
!

Topology

-------------

Router

   |     vlan 13 (gig1/2)

ACE

   |     vlan 11 (gig1/3)

Servers


interface gigabitEthernet 1/2
  channel-group 1
  no shutdown
interface gigabitEthernet 1/3
  channel-group 1
  no shutdown
interface gigabitEthernet 1/4
  shutdown
interface port-channel 1
  switchport trunk allowed vlan 11,13
  no shutdown


interface vlan 11
  description "Server side"
  bridge-group 3
  service-policy input remote-access
  no shutdown

interface vlan 13
  description "Client side"
  bridge-group 3
  access-group input everyone
  service-policy input client-vips
  no shutdown

interface bvi 3
  ip address 172.16.11.10 255.255.255.0
  no shutdown


ip route 0.0.0.0 0.0.0.0 172.16.11.254


Servers default route is 172.16.11.254 (Router,s interface)


The problem is that now I am not able to ping servers from other VLAN's and even from ACE I am not able to ping servers and router IP.


I assigned vlan13 and vlan11 to ACE gig1/2 and gig1/3 respectively in layer 2 switch.


Appreciate your help in this..


Thanks,

Pawan 

mbroberson1 Tue, 06/01/2010 - 18:21
User Badges:

Hi Pawan,


Did you ever get this setup? Check out this link:




Thanks

winpwnkmr Tue, 06/01/2010 - 23:17
User Badges:

Yes, I am successfully able to done this solution.


Thanks,

Pawan

mbroberson1 Wed, 06/02/2010 - 05:46
User Badges:

Hi Pawan,


Could you please provide a code snippet of your solution? I would like to see the way you implemented your setup.


Thanks

winpwnkmr Wed, 06/02/2010 - 05:57
User Badges:

Here is the config, hope this will help.


Admin Context

=============

resource-class ngmp_rc1

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 0.20 maximum unlimited


interface gigabitEthernet 1/1

switchport access vlan 1000

no shutdown

interface gigabitEthernet 1/2

switchport trunk allowed vlan 10,13

no shutdown

interface gigabitEthernet 1/3

no shutdown

interface gigabitEthernet 1/4

shutdown


access-list ALL line 8 extended permit ip any any

access-list everyone line 8 extended permit ip any any

access-list everyone line 16 extended permit icmp any any


class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any


policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit


interface vlan 1000

ip address 192.168.16.16 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown


ip route 0.0.0.0 0.0.0.0 192.168.16.254


context apps

allocate-interface vlan 10

allocate-interface vlan 13

member apps_rc1


APPS Context

============

rserver host srv1

ip address 192.168.10.1

inservice

rserver host srv2

ip address 192.168.10.2

inservice

rserver host srv3

ip address 192.168.10.3

inservice


serverfarm host apps_srv

rserver srv1

inservice

rserver srv2

inservice

rserver srv3

inservice


class-map match-all ftp-vip

2 match virtual-address 172.16.10.10 tcp eq ftp

class-map match-all http-vip

2 match virtual-address 172.16.10.11 tcp eq 8080


class-map type management match-any remote-mgmt

201 match protocol snmp any

202 match protocol ssh any

203 match protocol icmp any

204 match protocol http any

205 match protocol https any

206 match protocol xml-https any

policy-map type management first-match remote-mgmt

class remote-mgmt

permit


policy-map type loadbalance first-match slb

class class-default


serverfarm apps_srv

policy-map multi-match client-vips

class ftp-vip

loadbalance vip inservice

loadbalance policy slb

loadbalance vip icmp-reply

inspect ftp

class http-vip

loadbalance vip inservice

loadbalance policy slb

loadbalance vip icmp-reply


interface vlan 10

bridge-group 1

access-group input bpdu-fixup

access-group input ALL

access-group output ALL

no shutdown


interface vlan 13

bridge-group 1

access-group input bpdu-fixup

access-group input ALL

access-group output ALL

service-policy input remote-mgmt

service-policy input client-vips

no shutdown


interface bvi 1

ip address 192.168.10.9 255.255.255.0

no shutdown


ip route 0.0.0.0 0.0.0.0 192.168.10.254



Thanks,

Pawan

Peter Koltl Sat, 06/05/2010 - 14:48
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Member's Choice, March 2016

There are inconsistencies in the configs:

  • port-channel or one trunk interface to ACE?
  • vlan 10,13 or vlan 11,13?


After the setup, clear the ARP table in the ACE.

Gilles Dufour Mon, 06/07/2010 - 00:28
User Badges:
  • Cisco Employee,

Peter,


I think you misunderstood Pawan.

The config he sent is the one that WORKS for him...and indeed there is nothing wrong with it.

Thanks Pawan for sharing it.


Gilles.

Actions

This Discussion