Is it possible having cat6k with CSM module to configure them with SVI vlan for some hosts and server vlan for vserwer and real servers behind it to assure one to one communication between them?
I need to connect from SVI vlan hosts to every host that is in server vlan in server farm and the other way round.
Any hint or urls? Is it possible at all?
Forget the link that was given to you.
It is for IOS slb - not CSM.
A sample config for what you want would look like this:
mod csm X
vlan x1 client
ip address x.x.x1.x /24
vlan x2 server
ip address x.x.x2.x /24
no nat server
vip x.x.x1.0 /24
This is a vserver to catch traffic coming from client and going to servers directly.
The traffic will simply be forwarded.
This is required because the CSM does not route from a client vlan to a server vlan by default.
Thank You for the hint, what I really want to achive is direct communication between real servers in different server farms (server vlans) - this is one problem.
And another question is, if it's possible to connect from real server in server vlan to a host which is in normal SVI vlan and in the other dircetion?
I'll take a look at "serverfarm route" command.
from real to real, in different vlans, there is nothing to do.
The CSM will simply route this traffic by default.
Same from real, to any host.
The config I gave you is for host to real.
Is it possible to disable default routing between real to real in different server vlans?
Or should I change the vlan type from server to client?
you can't prevent the routing from real to real.
You can try to rename the server vlan as client vlan. I think it may work. You will then need the config I gave you to permit the traffic that you want.
I did some testing:
I configure 1 transit vlan and 2 other client vlans + on each server vlan I connected a server:
vlan 150 = transit towards client networks
vlan 154 = server vlan #1
vlan 155 = server vlan #2
vlan 150 client
ip address 10.33.30.6 255.255.255.0 alt 10.33.30.5 255.255.255.0
route 0.0.0.0 0.0.0.0 gateway 10.33.30.1
alias 10.33.30.8 255.255.255.255
vlan 154 client
ip address 10.33.35.6 255.255.255.0 alt 10.33.35.5 255.255.255.0
alias 10.33.35.1 255.255.255.0
vlan 155 client
ip address 10.33.40.6 255.255.255.0 alt 10.33.40.5 255.255.255.0
alias 10.33.40.1 255.255.255.255
As you can see, I changed the vlan mode into CLIENT. But that didn't changed
anything about the routing between vlan 154 and vlan 155.
In above configuration server at vlan 154 is able to ping the csm-alias of
vlan 155, but not de server at vlan 155.
The moment I add the configs for real and serverfarm, then both servers
are able to ping eachother.
no nat client
real name T_154_SRV2 80
no nat client
real name T_155_SRV1 23
Is there any other option available to make sure no routing between 2 client vlan
I know it's a reply to an aged port but I have a question.
If we were to try to IOS SLB without a CSM, what would happen to client traffic (SVI originated, on the MSFC) trying to reach real servers via the virtual IP?
Our IOS SLB is working from the outside (the net), but not from clients on the MSFC.
An added complication is that the server farm vlan is behind a FWSM in same chassis.
ip slb serverfarm WEB
ip slb vserver WEB-WWW
virtual 192.168.16.250 tcp www
description Local Clients
ip address 192.168.26.6 255.255.255.0
ip route 192.168.30.0 255.255.255.224 192.168.1.1 !
Is there a way of achieving this?
I would say, sniffer trace and the SYN from the client and then the SYN/ACK from the server.
See if they follow the same route or if there is any asymetri.