08-10-2010 01:58 PM
I have a pair of 6509's with CSM and SSL modules. We are migrating these to ACE modules in a few days. I have the configuration (except for the interfaces) configured on the ACE, including exported/imported SSL certificates/keys. By not configuring the interfaces with service-policy, the VIP's nor the server IP addresses can conflict with the CSM.
Also, the supervisor config has already been set up to include the client and server vlans for the service linecard. That connectivity has been established, however, I will be changing the client side interface vlan to the one that the CSM was using as the existing one is temporary.
My plan is as follows:
1. Remove the vlan statements for server and client from the supervisor (from config mode, csm mod #).
2. Power down CSM and SSL modules from supervisor.
3. Session into ACE. Modify inteface vlans for both client and server side to use the IP addresses from the vlan server and vlan client configs.
At this time, the servers should begin to appear in the ACE modules' ARP table and the client VIP's should start responding.
Now, what or how do we clean up the rest of the CSM configuration in the supervisor?
If you see any flaws in this plan, please let me know.
Thanks in advance for your assistance.
08-16-2010 08:09 PM
Regarding clean up the CSM configuration, please refer to the following discussion.
Erasing CSM configuration
https://supportforums.cisco.com/message/446477
You can remove CSM config with 'no mod csm [slot#]' command, where you have
to remove all vserver config before you issue this command as Phil said in above
discussion. (I checked with 12.2(18)SXF13 and the result was as below.)
#conf t
(config)#no mod csm 3
% Remove vserver before unconfiguring slot 3 <<==
(config)#
(config)#mod csm 3
(config-module-csm)#no vser test
(config-module-csm)#end
#coff t
(config)#no mod csm 3
(config)#end
#
Regarding migration step, probably it works fine.
When I migrate from CSM to ACE in my lab, I use the following step.
1) issue 'no power enable' command on the sup for the CSM
2) issue 'svclc vlan-group' command on the sup for the ACE module
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)#no power enable module 3
Aug 17 00:24:29.643: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin request)
(config)#end
#conf t
(config)#svclc vlan-group 1 771,772
(config)#end
## sup config for ACE in slot4
#sh run | i svclc
svclc autostate
svclc multiple-vlan-interfaces
svclc module 4 vlan-group 1
svclc vlan-group 1 771,772
## CSM config in slot 3
#sh run mod 3
Building configuration...
Current configuration : 458 bytes
module ContentSwitchingModule 3
vlan 771 client
ip address 192.168.71.250 255.255.255.0
!
vlan 772 server
ip address 192.168.72.250 255.255.255.0
!
real SV1
address 192.168.72.11
inservice
real SV2
address 192.168.72.12
inservice
!
serverfarm SF
nat server
no nat client
real name SV1
inservice
real name SV2
inservice
!
vserver TEST
virtual 192.168.71.100 any
serverfarm SF
persistent rebalance
inservice
!
end
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(cnfig)#mod csm 3
(config-module-csm)#no vser test
(config-module-csm)#exit
(config)#no mod csm 3 <<== clear config
(config)#end
*Aug 17 00:31:07.619: %SYS-5-CONFIG_I: Configured from console by console
#sh run mod 3
Building configuration...
Current configuration : 5 bytes
end
## ACE config
ACE20/Admin# sh run
Generating configuration....
hostname ACE20
boot system image:c6ace-t1k9-mz.A2_3_1.bin
access-list all line 8 extended permit ip any any
rserver host sv1
ip address 192.168.72.11
inservice
rserver host sv2
ip address 192.168.72.12
inservice
serverfarm host sf
rserver sv1 80
inservice
rserver sv2 80
inservice
class-map match-all vip-l3
2 match virtual-address 192.168.71.100 any
policy-map type loadbalance first-match lb
class class-default
serverfarm sf
policy-map multi-match client-vips
class vip-l3
loadbalance vip inservice
loadbalance policy lb
loadbalance vip icmp-reply
access-group input all
interface vlan 771
ip address 192.168.71.250 255.255.255.0
service-policy input client-vips
no shutdown
interface vlan 772
ip address 192.168.72.250 255.255.255.0
no shutdown
Regards,
Yuji
08-17-2010 04:52 AM
Your assistance is much appreciated. I will give these instructions a go after submitting change request.
CONFIDENTIALITY NOTICE
This email message, including any attachment(s), is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is strictly prohibited. If you are not the intended recipient, please immediately contact the sender by email. Thank you
Al Nelson Jr.
ConocoPhillips
Analyst - Global Web Infrastructure
614-10 IC Building
420 South Keeler
Bartlesville, OK 74006
Phone: 918-661-0943
Cell: 918-841-2814
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide