Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ACE and VIPs not associated with a vlan

It has been suggested we configure an ACE with the VIPs not associated with a VLAN, By that I mean we have an inside and outside interface as normal (routed mode), but the VIP address is not associated with either interface - on a router it would be on a loopback.

Is this possible? If so how would I configure it?



  • Application Networking
Everyone's tags (2)
Cisco Employee

Re: ACE and VIPs not associated with a vlan

this is entirely possible the vip can be anything you want as long as you have a route to it consid



lets say ace is configred as:

interface vlan 100

ip address

interface vlan 200

ip address

ip route

lets say vip is

in routed mode server points to as default gateway

gatewa A needs host route that uses as the next hop for

If the vip were in the space then this would not be needed since the vip would respond to arp requests from gateway A.

Cisco Employee

Re: ACE and VIPs not associated with a vlan

Hi Paul,

A VIP is never associated to a VLAN, rather it is associated to a policy map.

Having said that, it is true that you can apply a policy map either to the global conf (i.e. ex 1 below)or to a specific VLAN (i.e. ex 2 below).
When you apply it globally, then any request coming from any VLAN might hit the VIP. Otherwise if you apply it under a interface VLAN, only requests directed to the VIP and coming from those specific VLAN will hit the service policy.

Normally I can tell you that policy maps are applied under an interface VLAN. However depending on your set up, it might be worthy to apply them in the global.


conf t

     service-policy input VIP


conf t

     interface vlan 536
       service-policy input VIP

New Member

Re: ACE and VIPs not associated with a vlan


I'm not sure to understand your question so I try to explane what I got.

You want to configure a VIP address (for example on a vlan interface of the ACE that has an IP address on another subnet (for example

If you want to do this you can do it just:

- creating a class-map with the virtual-address field with the IP you chose for the VIP

- creating a policy-map type loadbalance with the serverfarm to forward the client request

- creating a policy-map type multi-match to tie the class-map with VIP and the policy-map with serverfarm

- applying the policy-map typ multi-match under the Vlan interface where you want to expose the VIP

remember that the router/firewall connected to the ACE must have the IP address of the Vlan interface of the ACE (where is exposed the VIP) as next-hop to forward correctly the client request.

Hope to be helpful