I have a single CSS 11800 with connections to 4 VLANs within a server farm. I have disabled layer 3 routing between the VLANs using the ip opportunistic disable command because all traffic between the VLANs must be routed by the firewall (security policy mandate). However, I cannot add static routes to the CSS to route traffic via the firewall for each of these VLANs as the local VLAN interface has a lower weight (0) than a static (1). Any advice greatly appreciated?
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Unfortunately the locally connected interfaces will always take priority over any routes that are configured. There is not way of changing this. The CSS will always route between vlans. There is no way of turning this off.
With the "ip opportunistic disable" you'll disable only "opportunistic" layer 3 routing, as defined in the "Basic Configuration Guide". If you refer the CSS VLAN ip address as the default router of an attached node, then the CSS will route traffic between VLAN. In order to avoid this, you should point another router on the same VLAN as defaul for your node (i.e. the PIX interface). It means that you should have 4 interfaces of the PIX, one for each VLAN, if you want that each flow between VLANs would pass through the PIX.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...