cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2947
Views
6
Helpful
9
Replies

ACE 4710 in bridge mode

winpwnkmr
Level 1
Level 1

Hi,

We got new ACE 4710 device and i am trying to configure that in Bridging mode.

I am trying to loadbalance between two servers which is connected as shown below:

Servers -> Switch -> Router (with subinterface).

Servers IP: 172.16.11.1 and 172.16.11.2

Router IP: 172.16.11.254

Default route is router IP address for servers.

I am new to ACE and I am confused about how to assign interface on ACE so that ACE can bridge the traffic between router and servers VLAN.

We have some more servers which are on different VLAN but can connect to these servers as router is doing inter-vlan routing too.

I want inter-vlan routing and load balancing between above two servers concurrently. Pls. help in this regard.

Also attaching the ACE config file.

9 Replies 9

Gilles Dufour
Cisco Employee
Cisco Employee

You have to first change the vlan to which the router is attached.

Than on the ACE you configure both the router vlan and the server vlan.

Do not configure any ip address under the vlan, but instead configure a bridge-group with the same id.

Then create a bvi interface with that bridge group id.

Under the bvi interface, configure an ip address from the same subnet of the router and servers.

ACE will bridge the server and router vlan so that the servers will appear as direclty connected to the router.

No need to change ip addresses or gateways.

Gilles.

So in that case, will other VLAN servers can directly access those two servers which are part of ACE?

Do I have to assign different VLANs on switch for physical interface on ACE. In my case gig1/1 - VLAN10 and gig1/2 to VLAN13?

Thanks,

Pawan

Hi,

I tried the setup as per your suggestions, below are the details:

Router interface config:

---------------------------------

interface GigabitEthernet0/0.13

description "ACE vlan 13"
encapsulation dot1Q 13
ip address 172.16.11.254 255.255.255.0
!

Topology

-------------

Router

   |     vlan 13 (gig1/2)

ACE

   |     vlan 11 (gig1/3)

Servers

interface gigabitEthernet 1/2
  channel-group 1
  no shutdown
interface gigabitEthernet 1/3
  channel-group 1
  no shutdown
interface gigabitEthernet 1/4
  shutdown
interface port-channel 1
  switchport trunk allowed vlan 11,13
  no shutdown

interface vlan 11
  description "Server side"
  bridge-group 3
  service-policy input remote-access
  no shutdown

interface vlan 13
  description "Client side"
  bridge-group 3
  access-group input everyone
  service-policy input client-vips
  no shutdown

interface bvi 3
  ip address 172.16.11.10 255.255.255.0
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.11.254

Servers default route is 172.16.11.254 (Router,s interface)

The problem is that now I am not able to ping servers from other VLAN's and even from ACE I am not able to ping servers and router IP.

I assigned vlan13 and vlan11 to ACE gig1/2 and gig1/3 respectively in layer 2 switch.

Appreciate your help in this..

Thanks,

Pawan 

Hi Pawan,

Did you ever get this setup? Check out this link:


Thanks

Yes, I am successfully able to done this solution.

Thanks,

Pawan

Hi Pawan,

Could you please provide a code snippet of your solution? I would like to see the way you implemented your setup.

Thanks

Here is the config, hope this will help.

Admin Context

=============

resource-class ngmp_rc1

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 0.20 maximum unlimited

interface gigabitEthernet 1/1

switchport access vlan 1000

no shutdown

interface gigabitEthernet 1/2

switchport trunk allowed vlan 10,13

no shutdown

interface gigabitEthernet 1/3

no shutdown

interface gigabitEthernet 1/4

shutdown

access-list ALL line 8 extended permit ip any any

access-list everyone line 8 extended permit ip any any

access-list everyone line 16 extended permit icmp any any

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 1000

ip address 192.168.16.16 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.16.254

context apps

allocate-interface vlan 10

allocate-interface vlan 13

member apps_rc1

APPS Context

============

rserver host srv1

ip address 192.168.10.1

inservice

rserver host srv2

ip address 192.168.10.2

inservice

rserver host srv3

ip address 192.168.10.3

inservice

serverfarm host apps_srv

rserver srv1

inservice

rserver srv2

inservice

rserver srv3

inservice

class-map match-all ftp-vip

2 match virtual-address 172.16.10.10 tcp eq ftp

class-map match-all http-vip

2 match virtual-address 172.16.10.11 tcp eq 8080

class-map type management match-any remote-mgmt

201 match protocol snmp any

202 match protocol ssh any

203 match protocol icmp any

204 match protocol http any

205 match protocol https any

206 match protocol xml-https any

policy-map type management first-match remote-mgmt

class remote-mgmt

permit

policy-map type loadbalance first-match slb

class class-default

serverfarm apps_srv

policy-map multi-match client-vips

class ftp-vip

loadbalance vip inservice

loadbalance policy slb

loadbalance vip icmp-reply

inspect ftp

class http-vip

loadbalance vip inservice

loadbalance policy slb

loadbalance vip icmp-reply

interface vlan 10

bridge-group 1

access-group input bpdu-fixup

access-group input ALL

access-group output ALL

no shutdown

interface vlan 13

bridge-group 1

access-group input bpdu-fixup

access-group input ALL

access-group output ALL

service-policy input remote-mgmt

service-policy input client-vips

no shutdown

interface bvi 1

ip address 192.168.10.9 255.255.255.0

no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.10.254

Thanks,

Pawan

There are inconsistencies in the configs:

  • port-channel or one trunk interface to ACE?
  • vlan 10,13 or vlan 11,13?

After the setup, clear the ARP table in the ACE.

Peter,

I think you misunderstood Pawan.

The config he sent is the one that WORKS for him...and indeed there is nothing wrong with it.

Thanks Pawan for sharing it.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: