Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

CSM Setup Review

cuhlendorf
Level 1
Level 1

‎04-30-2007 06:42 AM

Hi Folks-

I've recently "inherited" responsibility of our CSMs.

Unfortunately, the configs are a mess and I'm looking to clean them up a bit.

Honestly, I'm astounded they're working -albeit, not without issue.

And so, I believe I have a good approach in starting to configure these correctly .

However, I do have some immediate issues and I was hoping to solicit some feedback as to any interim workarounds.

I have one client vlan - 146 and two server vlans - 74 and 75.

Problem #1: servers in vlan 74 cannot get out to internet - network 206.212.105.0. i've done some sniffer traces and I see the connection attempts going out but return packets are getting lost. also, direct access from client network to these system are required - which works fine.

Problem #2: servers located in vlan 75 can get to the internet ok but direct access to these servers is not working.

again i ran some sniffer traces and I see the connection attempts going out but return packets are getting lost.

Observations:

1. client gateway on the MFSC is not properly defined. All traffic is traversing over vlan 1. i do not want to do this...

2. Server VLAN interfaces (74 & 75) are defined on MFSC. I believe this may be causing an issue as well.

I believe these issues are due to mis-configuration on the CSMs and the MFSC.

I was hoping to get some feedback to address the more immediate problems described above.

Thanks in advance! //C

Labels:
Preview file
41 KB
Preview file
45 KB
6451-csm infrastructure 2.zip
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-02-2007 05:27 AM

the problem of having the MSFC in the same vlan as the CSM [vlan 74 and 75] will cause asymetric routing.

The CSM does not tolerate asymetric routing.

So, you should find a way to remove those vlans.

Create a static route on the MSFC pointing to the CSM.

However, if there are devices in these vlans that generate a lot of traffic and are not of any use to the CSM, you may end up killing the CSM [which does not have the same bandwidth as the MSFC]. Just make sure what is there and if necessary, move some devices in a different vlan.

If the return packet is getting lost when accsing from vlan 74, it could be because the subnet associated with this vlan is not know by the remote end. It should be troubleshooted at the other end to be sure.

Another solution could be to enable client nat for server initiated traffic. You could nat the traffic from vlan 74 with an ip of vlan 75 since it seems to work for this one.

For that you would create a new serverfarm like this

serverfarm route_nat

no nat server

predictor forward

nat client SPEEDPOOL

and a new vserver

vserver SERV_ACCESS_105_VLAN74

virtual 206.212.105.0 255.255.255.0 any

serverfarm ROUTE_NAT

vlan 74

idle 26400

persistent rebalance

inservice

Gilles.

0 Helpful
Customers Also Viewed These Support Documents