cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2357
Views
0
Helpful
3
Replies

CSM to ACE migration /client vlan gateway and 0.0.0.0 route on ACE/

f.makarenko
Level 1
Level 1

Hello,

I have been tried to migrate from CSM to ACE module on 6513 box and convert a CSM

config to ACE config with csm2ace tool. And do not quite understand how to solve an

issue with vlan's default gateway. See an example below.

I.e. on CSM there are

- client vlan 36 (gateway 10.36.3.1)

- server vlan 436

ACE converted config there are

- interface vlan 36 and bridge group 36

- interface bvi 36

Also thare was added an 0.0.0.0 route to 10.36.3.1.

The problem is that in CSM config there are 7 such vlan and I can add 7 0.0.0.0 routes to ACE config.

I suppose that it can be fixed by splitting ACE configuration to different contexts, but in my case

there will be more that 5 allowed contexts.

Could anyone help me to solve this, please? How to avoid adding several 0.0.0.0 routes?

Is there something missed while csm2ace script processing?

Are ACE sections below correct?

Thank you in advance.

CSM configuration

==============

!

vlan 36 client

  ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0

  gateway 10.36.3.1

!

vlan 436 server

  ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0

!

vlan 149 client

  ip address 10.36.22.3 255.255.255.192 alt 10.36.22.4 255.255.255.0

  gateway 10.36.22.1

!

vlan 449 server

  ip address 10.36.22.3 255.255.255.192 alt 10.36.22.4 255.255.255.0

ACE configuration

=============

interface vlan 36

  bridge-group 36

  no shutdown

interface bvi 36

  ip address 10.36.3.3

  no shutdown

interface vlan 149

  bridge-group 149

  no shutdown

interface bvi 149

  ip address 10.36.22.3

  no shutdown

ip route 0.0.0.0 255.255.255.192 10.36.22.1

ip route 0.0.0.0 255.255.255.0 10.36.3.1

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

I'll try to make it sound clear.

First, the CSM actually uses only one default gateway for the entire box (even if you have a different one for each interface).

Then the CSM will by default respond to a client using the same interface the client came in.

Now with ACE there is no gateway per interface but you can have mutliple gateways.  They will all be used - unlink the CSM.  One common purpose of configuring multiple gateways is that it allows ACE/CSM to identify the mac-address of upstream neighbor.  This is very important.  So you should keep all your default routes on ACE.

Then ACE uses RPF to identify how to return the traffic to the client.

With multiple gateways you could indeed run into problems.

So you will need to change that behavior using the interface command 'mac-sticky enable'.  Configure it on all client vlans.

Gilles.

View solution in original post

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

I'll try to make it sound clear.

First, the CSM actually uses only one default gateway for the entire box (even if you have a different one for each interface).

Then the CSM will by default respond to a client using the same interface the client came in.

Now with ACE there is no gateway per interface but you can have mutliple gateways.  They will all be used - unlink the CSM.  One common purpose of configuring multiple gateways is that it allows ACE/CSM to identify the mac-address of upstream neighbor.  This is very important.  So you should keep all your default routes on ACE.

Then ACE uses RPF to identify how to return the traffic to the client.

With multiple gateways you could indeed run into problems.

So you will need to change that behavior using the interface command 'mac-sticky enable'.  Configure it on all client vlans.

Gilles.

Thank you, Gilles for a response.

Just to make sure that everything is clear for me, I do need

1) disable RPF using "no ip verify reverse-path"

3) use "mac-sticky enable" for every client vlans interface

2) set only one default gateway (0.0.0.0/0)  to the same ip address as for management inteface

I can just omit all the "ip route 0.0.0.0" lines from conversion tool to ACE config.

Correct?

-- fm

Hi Guys,

           I put only mac-sticky enable in interface vlan (Client) and works.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: