Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
3
Replies

ACE and VIPs not associated with a vlan

paul.matthews
Level 5
Level 5

‎11-08-2010 10:26 AM

It has been suggested we configure an ACE with the VIPs not associated with a VLAN, By that I mean we have an inside and outside interface as normal (routed mode), but the VIP address is not associated with either interface - on a router it would be on a loopback.

Is this possible? If so how would I configure it?

Thanks,

Paul.

Labels:
Preview file
28 KB
0 Helpful
3 Replies 3

litrenta
Level 3
Level 3

‎11-08-2010 12:12 PM

this is entirely possible the vip can be anything you want as long as you have a route to it consid

er

client---------gatewayA(10.10.100.1)-----vlan100-------------acevip---------vlan200--------server

lets say ace is configred as:

interface vlan 100

ip address 10.10.100.5 255.255.255.0

interface vlan 200

ip address 10.10.200.5 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.10.100.1

lets say vip is 20.20.20.100

in routed mode server points to 10.10.200.5 as default gateway

gatewa A needs host route that uses 10.10.100.5 as the next hop for 20.20.20.11.

If the vip were in the 10.10.100.0 space then this would not be needed since the vip would respond to arp requests from gateway A.

0 Helpful

ddastoli
Cisco Employee
Cisco Employee

‎11-08-2010 12:20 PM

Hi Paul,

A VIP is never associated to a VLAN, rather it is associated to a policy map.

Having said that, it is true that you can apply a policy map either to the global conf (i.e. ex 1 below)or to a specific VLAN (i.e. ex 2 below).
When you apply it globally, then any request coming from any VLAN might hit the VIP. Otherwise if you apply it under a interface VLAN, only requests directed to the VIP and coming from those specific VLAN will hit the service policy.

Normally I can tell you that policy maps are applied under an interface VLAN. However depending on your set up, it might be worthy to apply them in the global.

1)

conf t

     service-policy input VIP

2)

conf t

     interface vlan 536
       ....
       service-policy input VIP

0 Helpful

Giorgio Romano
Level 1
Level 1

‎11-08-2010 12:32 PM

Hi,

I'm not sure to understand your question so I try to explane what I got.

You want to configure a VIP address (for example 10.10.10.1) on a vlan interface of the ACE that has an IP address on another subnet (for example 192.168.1.0/24).

If you want to do this you can do it just:

- creating a class-map with the virtual-address field with the IP you chose for the VIP

- creating a policy-map type loadbalance with the serverfarm to forward the client request

- creating a policy-map type multi-match to tie the class-map with VIP and the policy-map with serverfarm

- applying the policy-map typ multi-match under the Vlan interface where you want to expose the VIP

remember that the router/firewall connected to the ACE must have the IP address of the Vlan interface of the ACE (where is exposed the VIP) as next-hop to forward correctly the client request.

Hope to be helpful

regards

Giorgio

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents