But this same config is applied and working on another ACE. I agree that it should not work but I have seen it working. I thought the "transparent" command in the serverfarm config allows this to happen?
I tried in A5 train here in my lab and it didn't allow me to add the VIP if rserver is there with same IP and vice-versa. Do you know in which version you saw that it was allowing the same rserver IP and VIP?
Thanks for trying this in your lab. I believe it is A2 train. I put a show ver in the first post so you could see the exact code I'm running. What error message are you getting when you apply this configuration? Thanks!!
Do you have the "transparent" command in your serverfarm section? I think that is what should allow this config to happen. That is what someone else told me is that the command was the reason you can have both the rserver and the vip the same ip address.
This is correct; you cannot have the VIP and real using the same IP in the config. This will be seen as a Dup IP from the ACE perspective since it owns the VIP IP. How you do this is to configure the server with a unique IP from the subnet configured on the ACE server vlan. This is what you use to define the real in the config. The server IP needs to be L2 adjacent to the ACE for this to work. The transparent keyword tells the ACE to just L2 forward the traffic to the Mac address the real resolves to, but keeps the vip IP as the destination. This is why the server needs to be L2 adjacent to the ACE so that it can see the REALs actual mac address. Without the transparent keyword we NAT the VIP address to the REAL that gets the connections.
You will also need to create a loopback IP using the same address as the vip on the server.
The reason you need to use a loopback IP is so that the server does not arp for this address. You do not want the server to advertise that it owns this address since it is already assigned to the ACE VIP.
The link below is for IOS server load balancing but the loopback samples are still relevant.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...