Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
3
Replies

Ace config question?

ppun88
Level 1
Level 1

‎05-26-2010 12:22 AM

Hello,

I'm changing our LB from CSS11500 to ACE 4710. I use the converting tool but I know it's not perfect. I got the config for actual server side but I'm still not clear with interface (alias, peer IP and FT interface). Can you take a look and let me know if i need to add alias or make changes to the following config:

ACE 1

peer hostname ACELB-2

hostname ACELB-1

interface gigabitEthernet 1/1

  channel-group 10

  no shutdown

interface gigabitEthernet 1/2

  channel-group 10

  no shutdown

interface gigabitEthernet 1/3

channel-group 10

  no shutdown

interface gigabitEthernet 1/4

channel-group 10

  no shutdown

interface port-channel 10

  switchport trunk native vlan 119

  switchport trunk allowed vlan 2,5-6,98,119,1111

  no shutdown

context Admin

  member RC1

access-list ALL line 8 extended permit ip any any

access-list PERMIT_ALL line 8 extended permit ip any any

interface vlan 2

  ip address 192.168.1.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 5

  ip address 192.168.2.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 6

  ip address 192.168.3.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 98

  ip address 192.168.4.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 119

  ip address 192.168.5.1 255.255.255.0

  peer ip address 192.168.5.2 255.255.255.0

  access-group input ALL

  service-policy input remote_mgmt_allow_policy

  no shutdown

ft interface vlan 1111

  ip address 10.1.1.1 255.255.255.252

  peer ip address 10.1.1.2 255.255.255.252

ft peer 1

  heartbeat interval 300

  heartbeat count 10

  ft-interface vlan 1111

ft group 1

  peer 1

  peer priority 200

  associate-context Admin

  inservice

ACE 2

hostname ACELB-2

interface gigabitEthernet 1/1

  channel-group 10

  no shutdown

interface gigabitEthernet 1/2

  channel-group 10

  no shutdown

interface gigabitEthernet 1/3

channel-group 10

  no shutdown

interface gigabitEthernet 1/4

channel-group 10

  no shutdown

interface port-channel 10

  switchport trunk native vlan 119

  switchport trunk allowed vlan 2,5-6,98,119,1111

  no shutdown

interface vlan 2

  peer ip address 192.168.1.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 5

  peer ip addres 192.168.2.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 6

  peer ip addres 192.168.3.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 98

  peer ip addres 192.168.4.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 119

  ip address 192.168.5.2 255.255.255.0

  peer ip address 192.168.5.1 255.255.255.0

  service-policy input remote_mgmt_allow_policy

  access-group input ALL

  no shutdown

ft interface vlan 1111

  ip address 10.1.1.2 255.255.255.252

  peer ip address 10.1.1.1 255.255.255.252

ft peer 1

  heartbeat interval 300

  heartbeat count 10

  ft-interface vlan 1111

ft group 1

  peer 1

  peer priority 200

  associate-context Admin

  inservice

I'm using VLAN 119 as management, do i need to use alias IP for management or for all vlan interface? Also is my FT config correct?

Thanks for your help in advance!

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-26-2010 06:41 AM

one mistake is the missing "peer ip address" for all interfaces on the active unit.

In the ACE world , you only configure the active which duplicates the config to the standby automatically.

So, for each interface you need an 'ip address' (for the primary) and a 'peer ip address' (for the secondary).

Then, everywhere you need to reach the Active unit, you will need an alias ip address.

For example on server vlans, where servers should set their default gateway to be the active ACE, you will need an alias ip address.


On client vlans however, the clients normally contacts the VIP ... and therefore they do not need an alias ip address.

Gilles.

0 Helpful

ppun88
Level 1
Level 1
In response to Gilles Dufour

‎05-26-2010 10:18 AM

Thanks for your answer. Just to make sure, i only need to put alias on the server side vlan and the rest just identify IP and peer IP is that correct?

0 Helpful

ppun88
Level 1
Level 1
In response to ppun88

‎05-26-2010 10:53 AM

One more question, is it possible to put secondary IP on vlan interface?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents