We have a Core layer in a Entr. DC where the core layer is 2Nos. Cat6509 with 1 No.CSM in each switch. This is the core layer hosting the server farms. Multiple tier application servers are in the farm. The client traffic will enter the Core Layer via Core layer firewalls directly connected to the core layer switches. No client vlans will be configured in the Core layer switches. I would like to know in this scenario what will be the best way the CSM can be configured Will it be the Secure Router or Bridge mode ? I personally feel that if I keep Clients traffic coming via the core firewall and entering the server farm via CSM ( both client VLANS and server in the CSM) via Secure router mode. Any ideas will be appreciated
Client and server connections through the CSM can use either Layer 2 or Layer 3 switching. Clients connect to the client side VLAN, and servers connect to the server side VLAN. Servers and clients can exist on different subnets. Servers can also be located more than one hop away and connect to the server side VLAN through routers. In this case, the servers' default gateway and the routing through the network from servers to the CSM server side VLAN must direct all load balanced traffic from the servers through the CSM, or serverfarm client NAT must be configured in the CSM for all traffic destined to servers in the server farm. A client sends a request to a VIP address, and the CSM forwards the request to a server that can satisfy the request. The server forwards the response to the CSM, and the CSM forwards the response to the client.
When the client side and server side VLANs are in different subnets, you can configure the CSM in secure (router) mode. This sample configuration focuses on secure (router) mode configuration. When the client side and server side VLANs are in the same subnet, you can configure the CSM to operate in single subnet (bridge) mode.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...