Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ace config question?

Hello,

I'm changing our LB from CSS11500 to ACE 4710. I use the converting tool but I know it's not perfect. I got the config for actual server side but I'm still not clear with interface (alias, peer IP and FT interface). Can you take a look and let me know if i need to add alias or make changes to the following config:

ACE 1

peer hostname ACELB-2

hostname ACELB-1

interface gigabitEthernet 1/1

  channel-group 10

  no shutdown

interface gigabitEthernet 1/2

  channel-group 10

  no shutdown

interface gigabitEthernet 1/3

channel-group 10

  no shutdown

interface gigabitEthernet 1/4

channel-group 10

  no shutdown

interface port-channel 10

  switchport trunk native vlan 119

  switchport trunk allowed vlan 2,5-6,98,119,1111

  no shutdown

context Admin

  member RC1

access-list ALL line 8 extended permit ip any any

access-list PERMIT_ALL line 8 extended permit ip any any

interface vlan 2

  ip address 192.168.1.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 5

  ip address 192.168.2.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 6

  ip address 192.168.3.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 98

  ip address 192.168.4.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 119

  ip address 192.168.5.1 255.255.255.0

  peer ip address 192.168.5.2 255.255.255.0

  access-group input ALL

  service-policy input remote_mgmt_allow_policy

  no shutdown

ft interface vlan 1111

  ip address 10.1.1.1 255.255.255.252

  peer ip address 10.1.1.2 255.255.255.252

ft peer 1

  heartbeat interval 300

  heartbeat count 10

  ft-interface vlan 1111

ft group 1

  peer 1

  peer priority 200

  associate-context Admin

  inservice

ACE 2

hostname ACELB-2

interface gigabitEthernet 1/1

  channel-group 10

  no shutdown

interface gigabitEthernet 1/2

  channel-group 10

  no shutdown

interface gigabitEthernet 1/3

channel-group 10

  no shutdown

interface gigabitEthernet 1/4

channel-group 10

  no shutdown

interface port-channel 10

  switchport trunk native vlan 119

  switchport trunk allowed vlan 2,5-6,98,119,1111

  no shutdown

interface vlan 2

  peer ip address 192.168.1.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 5

  peer ip addres 192.168.2.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 6

  peer ip addres 192.168.3.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 98

  peer ip addres 192.168.4.1 255.255.255.0

  access-group input PERMIT_ALL

  no shutdown

interface vlan 119

  ip address 192.168.5.2 255.255.255.0

  peer ip address 192.168.5.1 255.255.255.0

  service-policy input remote_mgmt_allow_policy

  access-group input ALL

  no shutdown

ft interface vlan 1111

  ip address 10.1.1.2 255.255.255.252

  peer ip address 10.1.1.1 255.255.255.252

ft peer 1

  heartbeat interval 300

  heartbeat count 10

  ft-interface vlan 1111

ft group 1

  peer 1

  peer priority 200

  associate-context Admin

  inservice

I'm using VLAN 119 as management, do i need to use alias IP for management or for all vlan interface? Also is my FT config correct?

Thanks for your help in advance!

3 REPLIES
Cisco Employee

Re: Ace config question?

one mistake is the missing "peer ip address" for all interfaces on the active unit.

In the ACE world , you only configure the active which duplicates the config to the standby automatically.

So, for each interface you need an 'ip address' (for the primary) and a 'peer ip address' (for the secondary).

Then, everywhere you need to reach the Active unit, you will need an alias ip address.

For example on server vlans, where servers should set their default gateway to be the active ACE, you will need an alias ip address.


On client vlans however, the clients normally contacts the VIP ... and therefore they do not need an alias ip address.

Gilles.

New Member

Re: Ace config question?

Thanks for your answer. Just to make sure, i only need to put alias on the server side vlan and the rest just identify IP and peer IP is that correct?

New Member

Re: Ace config question?

One more question, is it possible to put secondary IP on vlan interface?

253
Views
0
Helpful
3
Replies
CreatePlease to create content