Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

vip & interface redundancy for css11506

When I configure redundancy on my two css11506s, I find when I put acl on, I can not see the vip if not working fine.

and also, if remove redundancy it works fine.

my access list is only bypass ssh and permit VIPs. do I need add more for redundancy?

Any comments will be appreciated

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: vip & interface redundancy for css11506

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].

Gilles.

Thanks for rating this answer.

4 REPLIES
Cisco Employee

Re: vip & interface redundancy for css11506

if you create acl, you need to permit the vrrp traffic [dst ip == 224.0.0.18].

Gilles.

Thanks for rating this answer.

Community Member

Re: vip & interface redundancy for css11506

what is the source ip ? I did:

master:

======

circuit VLAN295

ip address 10.2.95.2 255.255.255.0

ip virtual-router 2 110 preempt

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream

backup:

=======

circuit VLAN295

ip address 10.2.95.3 255.255.255.0

ip virtual-router 2

ip redundant-interface 2 10.2.95.1

ip critical-service 2 upstream-downstream

so the acl should be:

clause 1 permit ip 10.2.95.2 destination 224.0.0.18?

Should I use bypass?

Should I use src ip as any?

Please advance.

Community Member

Re: vip & interface redundancy for css11506

I think I found the solution myself. the src should be the interfaces of vrrp.

I will try today and thanks for help.

Cisco Employee

Re: vip & interface redundancy for css11506

the source is the ip address configured on the interface where you configured the virtual vip or virtual interface.

So in your example, your clause 1 is correct.

Gilles.

255
Views
5
Helpful
4
Replies
CreatePlease to create content