vip & interface redundancy for css11506

Answered Question
Dec 20th, 2005
User Badges:

When I configure redundancy on my two css11506s, I find when I put acl on, I can not see the vip if not working fine.


and also, if remove redundancy it works fine.


my access list is only bypass ssh and permit VIPs. do I need add more for redundancy?


Any comments will be appreciated


Thanks in advance


Correct Answer by Gilles Dufour about 11 years 8 months ago

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].


Gilles.

Thanks for rating this answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Gilles Dufour Wed, 12/21/2005 - 00:18
User Badges:
  • Cisco Employee,

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].


Gilles.

Thanks for rating this answer.

julxu Wed, 12/21/2005 - 16:08
User Badges:

what is the source ip ? I did:


master:

======

circuit VLAN295


ip address 10.2.95.2 255.255.255.0

ip virtual-router 2 110 preempt

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream


backup:

=======

circuit VLAN295


ip address 10.2.95.3 255.255.255.0

ip virtual-router 2

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream



so the acl should be:

clause 1 permit ip 10.2.95.2 destination 224.0.0.18?


Should I use bypass?

Should I use src ip as any?


Please advance.

julxu Wed, 12/21/2005 - 17:44
User Badges:

I think I found the solution myself. the src should be the interfaces of vrrp.


I will try today and thanks for help.

Gilles Dufour Thu, 12/22/2005 - 01:06
User Badges:
  • Cisco Employee,

the source is the ip address configured on the interface where you configured the virtual vip or virtual interface.

So in your example, your clause 1 is correct.


Gilles.

Actions

This Discussion