Avaya Phone in same VLAN as workstation
Ok so here is my dilema, Avaya Phone with Docking station plugged in to it, dot1q passes the workstation fine, but hangs the phone. With out creating a voice vlan is there any way I can have the phone authenticat with mab, and the workstation with dot1q? I know the best solution is a re-design of the vlans, but thought I would throw this out to the group.
Jeff
Hi all,
My problem is the oposite. I have a Siemens phone connected to a c2960. The phone will do MAC authentication.
Connected to the phone I have a PC which authenticates using dot1x.
The MAC authentication is successfull but the Siemens phone is placed on the DATA vlan instead of the VOICE vlan.
At this point, for testing purposes I tried eliminating the dot1x configuration of the port. My current interface config is:
interface GigabitEthernet0/13
switchport access vlan 124
switchport mode access
switchport voice vlan 310
authentication host-mode multi-domain
authentication order mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 300
mab
spanning-tree portfast
end
I'm using an ACS radius server which is returning the "device-traffic-class=voice" but still the phone will always end up on the Data vlan.
If no auth is configured the phone ends up in the voice vlan as expected.
Any help here will be appreciated since all the config guides I've read untill now just present the above as the necessary config.
Best Regards,
Pedro
Similar Messages
-
QOS deployment 3850 avaya phones
Hai
we are going to implement a campus network with 3850 switch stack and 4500x distribution and 6500 core.
the ip telephony system is avaya,i need to provide end to end qos support.
Anybody help .suggestions,i prefer service policy model .
video conferencing also there
Other than trusting dscp on specific phone port
i need to differentiate multimedia conferencing traffic and voip traffic with access list.
suggestions please
thank youHello
You can treat the Avaya Phones the same way you treat the Cisco Phones(Just no CDP, and sometimes no LLDP also).The Cisco SRND guide advises that you extend the trust boundary where you start trusting markings to the phones themselves(Cisco Collaboration System 9.x Solution Reference Network Designs (SRND).
You can set the Avaya Phone's QOS settings in their ip-network-region configuration(You can also set codecs on the ip-codec-set screen). I feel like doing this limits your configuration and management problems.And you can also do the same thing to your Video Endpoints.
Should this not be adequate for you can try using the VLAN or dst address, access-list and policy map remarking model:
Since you will assign a specific dhcp scope/vlan to voice you can write a class map statement to match traffic from that scope and remark them using an access list or you can write the class map statement to match a destination address(Which would be the destination address of the Avaya Call Server or in an older Avaya Environment the CLAN cards where the phones will register). This by definition means you will need to do this on every Access Layer Switch in your environment.
Kindly vote or mark question as answered.Thanks -
Avaya Phone connected to Cisco 3560
hi Guys,
i need help on configuration of a port which is connected to avaya phone. the data vlan is 10 and voice vlan is 20.
how the configuration will look like..
is the port needs to be configured as trunk ?
regards
amitHi Amit,
I have not worked with Avaya IP Phones, but here are 3 threads with good switchport configs;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Video%20over%20IP&CommCmd=MB?cmd=pass_through&location=outline@^1@@.1dd98f89/0#selected_message
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dde4d71
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddfa2e7/1#selected_message
Hope this helps!
Rob -
DHCP IP assignment avaya phone
We have this config set up on our switches
ip dhcp pool VOIP
network 10.51.203.0 255.255.255.0
default-router 10.51.203.254
option 242 ascii "MCIPADD=10.51.203.250,MCPORT=1719,HTTPSRVR=10.51.3.6"
lease 10
interface GigabitEthernet0/3
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
interface GigabitEthernet0/40
description phone station 8613 mac 001b.4f31.cae1
switchport access vlan 40
switchport mode access
speed 100
duplex full
So the data vlan is default 1 on a seperate port.
And the avaya phone is on another port set to vlan 40.
I would like to use one port for both worksta and phone but how do I tell phone where its dhcp scope is and where dhcp is for the workstation?
if I need helper address where do I set it?
This is a L3 switch
interface Vlan1
ip address 10.51.3.237 255.255.255.0
ip helper-address 10.51.203.254
no ip route-cache cef
no ip route-cache
interface Vlan40
ip address 10.51.203.254 255.255.255.0
ip default-gateway 10.51.3.254
ip classless
ip route 0.0.0.0 0.0.0.0 10.51.3.254
ip http serverHi John,
Modify your conffiguration as below.
First you need to define data vlan. There use option 176 to define voice vlan using option 179 and 242
ip dhcp pool DATA
network 10.51.3.0 255.255.255.0
default-router 10.51.3.257
option 179 ascii "MCIPADD=10.51.203.250,MCPORT=1719,HTTPSRVR=10.51.3.6,L2Q=1,L2QVLAN=40"
option 242 ascii "MCIPADD=10.51.203.250,MCPORT=1719,HTTPSRVR=10.51.3.6,L2Q=1,L2QVLAN=40"
lease 10
ip dhcp pool VOIP
network 10.51.203.0 255.255.255.0
default-router 10.51.203.254
option 242 ascii "MCIPADD=10.51.203.250,MCPORT=1719,HTTPSRVR=10.51.3.6"
option 179 ascii "MCIPADD=10.51.203.250,MCPORT=1719,HTTPSRVR=10.51.3.6"
lease 10
Configure the switch port as below to define data and voice vlan
interface GigabitEthernet0/40
description phone station 8613 mac 001b.4f31.cae1
switchport mode access
switchport access vlan 1
switchport voice vlan 40
speed 100
duplex full
Also exclude the address which you are using for gateway
ip dhcp excluded-address 10.51.203.254
ip dhcp excluded-address 10.51.3.257
You dont need the dhcp helper in your case since the dhcp client connected to the same switch. In normal case the DHCP helper would be on the L3 interface
Hope this helps.
Regards
Najaf
Please rate when applicable or helpful !!! -
Need to configure different SSIDs on same VLAN on 1142
We're having a problem with interference in the B/G range due to the large number of access points owned by other companies in a fairly small area. The various laptops keep deauthenticating, which is causing problems with applications. I'd like to configure two SSIDs on the same VLAN but have them broadcasted on different frequencies. The AP complained about the configuration when I added the Company5.8 SSID below stating another SSID can't be added to a VLAN, but it shows in the configuration. Does any one have a suggestion as to what I can try? Thanks
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 3 mode ciphers aes-ccm
ssid Moleculera Labs
ssid Moleculera Labs-guest
antenna gain 0
mbssid
channel least-congested 2412 2437 2462
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 3 mode ciphers aes-ccm
ssid Moleculera Labs
ssid Moleculera Labs-guest
antenna gain 0
dfs band 3 block
mbssid
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabledAmjad, if I delete "encryption mode ciphers aes-ccm" what kind of encryption will the AP use?
Mohanak, I'm using the same encryption settings with VLANs
Here is the more complete configuration:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname COMPANY-AP
no logging console
enable secret 5 *
no aaa new-model
no ip domain lookup
ip domain name COMPANY.local
dot11 syslog
dot11 ssid COMPANY-2.4
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 *
dot11 ssid COMPANY-5.8
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 *
dot11 ssid COMPANY-guest
vlan 3
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 *
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 3 mode ciphers aes-ccm
ssid COMPANY-2.4
ssid COMPANY-guest
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 3 mode ciphers aes-ccm
ssid COMPANY-2.4 (Want this to be COMPANY-5.8)
ssid COMPANY-guest
antenna gain 0
dfs band 3 block
mbssid
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
interface BVI1
ip address 192.168.67.3 255.255.255.0
no ip route-cache
ip default-gateway 192.168.67.1
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
exec-timeout 30 0
password 7 *
login local
end
COMPANY-AP# -
TS4006 can you have multiple phones on same user email
can you have multiple phones on same user email
If you mean can they share the same iCloud account, yes. Just be aware that when multiple devices share the same iCloud account, any data they sync with the account will be merged and the merged data will appear on all of the devices. Also, any action taken on one device (such as adding or deleting contacts) will also be taken on all other devices sharing the account. Finally, the iCloud backups of all the devices will share the same iCloud storage space.
-
.blocking host in same VLAN
Is it possible to block access from one host to another host (in one direction only), both in the same vlan.
I read about acl blocking using mac id and tried it too, but could not succed.
the switch used is 6509Rajesh
Take a look at this config guide:
<http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080403fec.html#wp1177176>
hth,
Ajaz Nawaz -
AP groups with same vlans , same ssid but different subnet.
Hi Members,
I have a Cisco Flex 7500 in my datacenter and I need to connect 100 sites , each site with 2-3 APs , each side has its own network and is independent of other sites , the site only need to comunity locally and do not need to access any centralized applications.
I am trying to achieve this by Creating 100 different AP groups and assiging 2-3 AP in each groups for each branch, I will achieve WAN failover resiliency by creating flexconnect groug , the issue I am facing are as below .
1.Since all the sites has same setup , the AP and clients on all sites are in vlan 2 , so when I try to create 2 or more AP group with same vlan, it restricts me of doing so , I cannot create diffrent AP groups mapped to same Vlan .
2.If I keep the APs and Clients in the same subnet , I dont think it should be a problem , but I need your second opinion.
to give you an even better picture , look at the topology enclosed , and my question is if both STAFF and STUDENT APs are in same vlan but in 2 different broadcast domain , how would I create the AP groups.
Thank youThanks for the reply Jenn , here is my situation.
I have 2 sites lets day , site A in virginia , site B in Maryland.
SiteA - 10.1.1.0/24 - vlan 2
10.1.2.0/24 - vlan 3
10.1.3.0/30 - WAN to central site where controller sits.
SiteB - 10.2.1.0/24 - vlan 2
10.2.2.0/24 - vlan 3
10.2.3.0/30 - WAN to central site where controller sits.
both the sites will have a single ssid "XYZ" and will switch locally only.
howin my understanding the way I will deploy this is as below
1.I will create WLAN with ssid "XYZ".
2.I will create 2 AP groups lets say "Site-A" and "Site-B"
3.I will map the APs in site A to AP group "Site-A" and APs in Site B to "Site-B"
4.I will create 2 dynamic interfaces one for each AP group , now this is where I am facing problem , when I am creating dynamin interfaces , I need to specify the subnet and vlans when creating dynamic interfaces , since the vlans used is same on both sites , its not letting me create 2 interfaces with same vlan id.
in my understanding HREAP is only majorly used for WAN failover and local authentication so I am not concerned about that right not , my prime work is to udnerstand the AP group and working.
if you still need print shot let me know I will have to go at site.
also validate if my thinking is right on the 4 steps I have mentioned above , I am new to wireless and whatever I have learned I have learned in last 10 days .
Appreciate your help.
Thank you -
I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
I Thought that the traffic directed to this "spare" server shouldn't be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
In rispect at the following configuration 10.10.10.168 isn't reacheable
access-list INBOUND line 8 extended permit ip any any
access-list INBOUND line 16 extended permit icmp any any
probe http HTTP_PROBE1
expect status 200 200
rserver host RS_WEB1
ip address 10.10.10.163
inservice
rserver host RS_WEB2
ip address 10.10.10.164
inservice
rserver host RS_WEB3
ip address 10.10.10.165
inservice
rserver host RS_WEB4
ip address 10.10.10.167
inservice
serverfarm host SF_FIREGROUP
rserver RS_WEB1
inservice
rserver RS_WEB2
inservice
rserver RS_WEB3
inservice
rserver RS_WEB4
inservice
sticky ip-netmask 255.255.255.255 address source sticky-ip
replicate sticky
serverfarm SF_FIREGROUP
sticky http-cookie myCookie sticky-cookie
cookie insert browser-expire
serverfarm SF_FIREGROUP
class-map match-any VS_FIREGROUP
2 match virtual-address 10.10.10.169 tcp eq www
4 match virtual-address 10.10.10.169 tcp eq 8081
5 match virtual-address 10.10.10.169 tcp eq 8082
6 match virtual-address 10.10.10.169 tcp eq 8083
7 match virtual-address 10.10.10.169 tcp eq 8084
8 match virtual-address 10.10.10.169 tcp eq 8085
9 match virtual-address 10.10.10.169 tcp eq 8097
class-map match-any VS_FIREGROUP_HTTPS
2 match virtual-address 10.10.10.169 tcp eq https
policy-map type loadbalance first-match HTTP
class class-default
sticky-serverfarm sticky-cookie
policy-map type loadbalance first-match HTTPS
class class-default
sticky-serverfarm sticky-ip
policy-map multi-match HTTP_HTTPS_MULTI_MATCH
class VS_FIREGROUP
loadbalance vip inservice
loadbalance policy HTTP
loadbalance vip advertise active
class VS_FIREGROUP_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip advertise active
interface vlan 4
bridge-group 1
access-group input INBOUND
service-policy input HTTP_HTTPS_MULTI_MATCH
no shutdown
interface vlan 700
bridge-group 1
access-group input INBOUND
no shutdown
interface bvi 1
ip address 10.10.10.150 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Thanks a lot
FrancescoHi Francesco,
Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
Regards,
Kanwal -
I phone 5c on the app store update part where it says updates , then purchased not on this device how do i clear it it wont let me delete the history of the apps i bouht on a different i phone but same log in details
You can't delete your purchase history, you can only hide it (in iTunes on your computer).
-
2 SSIDs on the same Vlan?
Hi all -
Newbie question. When I am setting up wireless, will I be able to use 2 different SSIDs on the same vlan?
Example:
dot11 ssid Example1
vlan 2
authentication open eap eap_methods
authentication network-eap eap_methods
dot11 ssid Example2
vlan 2
authentication open eap_methods
authentication network-eap eap_methodsHi James,
Hopefully the attached docs will answer your question:
Cisco Aironet 1100 Series
Using VLANs with Cisco Aironet Wireless Equipment
Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
Configuring Multiple SSIDs
vlan vlan-id
(Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
Hope this helps!
Rob
Please remember to rate helpful posts....... -
3750 bandwidth limitation between the same vlan over the trunk
Hi All,
I have 2 3750G series switches on the trunk link. some machines are part of vlan1 on the switch 1 and some machines are the part of the same vlan1 on the other switch2. I need to limit the bandwidth between the switches for the vlan1. picture is attached.
I tried to do through the modulare policy frame work (class-map/service-map and policy-map using the police command) but problems are
1) 3750 does not support output service policy, so i cannot apply the policy on the output of the trunk link.
2) I can apply the input policy but it will be only for one machine but not for the others on the same switch. if i apply the policy on per port basis then every port has separate bw limitation. I require to limit the bandwidth on per vlan basis on the trunk port. like vlan 1 takes 10 MB, VLAN2 takes 10 MB on the trunk link when communicating between the same vlans.
Is there any solution for that scenario? your help in this case will be higly appriciated. As its the layer 2 communication, its hard for me to find the solution. if it was layer 3 then i can do it easily by using the rate-limit commmand on the interface.
thanksOn the 4500 series we use vlan-range for this,
conf t
qos aggregate-policer 10MB 10 mbps 1250000 byte conform-action transmit exceed-action drop
policy-map 10MB
class class-default
police aggregate 10MB
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,12,15
switchport mode trunk
switchport nonegotiate
vlan-range 1
service-policy input 10MB
service-policy output 10MB
end
dunno if the 3750's have the same options -
Problem in 3750 with multiple IP segment in same VLAN
Hi,
I've problems in 3750 and would like to ask for help.
I've 3750 switch with standard image. Because of lacking IP addresses, I'm going to redesign the IP scheme. Before complete migrate to new IP range, I've to let new IP segment co-exist with old IP segment for a while (I've 3 VLANs that have same situation). For example, 10.10.13.0/24 (old) will co-exist with 10.10.32.0/21 (new) in same VLAN (let say VLAN 32).
Below is the partial configuration in 3750:
interface VLAN 32
ip address 10.10.13.2 255.255.255.0 secondary
ip address 10.10.32.2 255.255.248.0
standby 14 ip 10.10.13.3
standby 40 ip 10.10.32.3
I've two PCs. PC-A is 10.10.13.250 and PC-B is 10.10.33.250, both are using HSRP IP as default gateway (the subnet mask are correct).
My problem is:
Two PCs can not ping to each other. I can not ping to both PCs from 3750. But if I'm using physical IP as their gateway (such as 10.2.13.2 for PC-A and 10.2.32.2 for PC-B), then both PCs can be ping each others.
How can I solve the problems if I've to use HSRP IP as default gateway?I don't get it. What is the significance of standby 1 and 2 VS standby 14 and 40? The only difference I noticed is the lower number of standby group goes with primry and higher goes with secondary.
If possible, can you also try the same config you used before except swapping the group number?
e.g.
interface VLAN 32
ip address 10.10.13.2 255.255.255.0 secondary
ip address 10.10.32.2 255.255.248.0
standby 40 ip 10.10.13.3
standby 14 ip 10.10.32.3 -
Load balancing within the same ACE across two different contexts residing on the same vlan
I'm working on a design that requires traffic be sent to a different context in the same ACE. The question I have is can this be done when both reside on the same VLAN. Would the traffic in this case be handled at layer 2 instead of layer 7. Would I have to create a seperate subnet in order to provide loadbalancing?
|__________________|
| | vlan 5 | |
| |
| |
Context A |
|
|
Context B
Thanks, Jerilynby design, two contexts on the same box in the same vlan can't communicate. You have to use an external L3 device.
A workaround may be to use two diferent vlans and then bridge between them with a loopback cable. -
Hi -
We have a need to load-balance requests within the same VLAN, but need to make sure it only happens then. We have multiple web servers all members of the same subnet, these servers are grouped differently in 5 different VIPS whose IPs are also part of the same subnet.
Example: We need server A, who is a member of VIP Z, to talk to VIP Y and be load-balanced. These servers and VIPs are all part of the same subnet. however, when that same server A talks to host C somewhere else we don't want it to be translated.
We'll obviously need to use groups and ACLs, but would we be using 'add service XX' in the group command or the 'add destination service XX' command? Should we NAT these connections as a new IP address, or just fake out the dest VIP so that it thinks the sender's MAC is the CSS?
Anyone have a sample config from doing this before?
Thanks!
chadThanks for the info, Steve. I have looked at a couple of online references including that one, but they all seem to be just a percentage of what I'm looking to do. It's probably a combination of them all put together, but because these VIPs are production websites I want to make sure I don't have to try this a second time. To make it make more sense I'll paste in what I'm trying to do below.
First, I have these 2 content VIPs:
content www-LT-80
vip address 10.28.128.30
protocol tcp
port 80
url "/*"
advanced-balance arrowpoint-cookie
arrowpoint-cookie browser-expire
add service lt-bw02-80
add service lt-bw04-80
add service lt-bw06-80
add service lt-bw08-80
add service lt-bw10-80
add service lt-bw12-80
add service lt-bw14-80
add service lt-bw16-80
add service lt-bw18-80
add service lt-bw20-80
add service lt-bw22-80
add service lt-bw24-80
add service lt-bw26-80
add service lt-bw28-80
add service lt-bw30-80
add service lt-bw32-80
balance leastconn
active
content rc-LT-80
vip address 10.28.128.38
protocol tcp
port 80
url "/*"
advanced-balance arrowpoint-cookie
arrowpoint-cookie browser-expire
balance leastconn
add service rc-pub08-80
add service rc-pub06-80
add service rc-pub04-80
add service rc-pub02-80
active
Second, these are the services in each VIP respectively. I'll only paste 1 service from each VIP, all the others are the same just with incrementing IPs:
service lt-bw02-80
ip address 10.28.128.51
protocol tcp
port 80
string wwwltbw2
keepalive type script ap-kal-httptag "10.28.128.51 /keepalive.asp www.lendingtree.com"
keepalive frequency 15
active
service rc-pub02-80
ip address 10.28.128.171
protocol tcp
port 80
string rcpub02
keepalive type script ap-kal-httptag "10.28.128.171 /keepalive.asp rc.lendingtree.com"
keepalive frequency 15
active
Goal to achieve:
I need the lt-bwXX-80 services that are members of the first VIP to be able to talk to the second (RC) VIP and be load-balanced. The caveat is that when these lt-bwXX-80 services talk to other hosts through the CSS I do not want them being NATted at all, for reporting reasons their IPs need to stay the same. To touch on your earlier comment, all of these VIPs are also load-balanced to the Internet for web browsing. Basically, I need some form of address translation, whether it be IP or MAC, but only on specific to/from relationships.
Does that help make it more clear? Thanks in advance for any assistance.
Chad
Maybe you are looking for
-
Since upgrading to iOS8 iTunes no longer recognizes my iPhone5 when I connect to SYNC or BACKUP my iPhone5. Thus, these features are no longer available. When I click on the DEVICES tab, the window is dim, and will therefore not allow me to SYNC or
-
Monitor specific PI messages from SAP portal
Business users want to be made aware of problems in our F4F interface how would I display specific PI messages to the business. They don't want a complex solution. I don't think they would be able to page through SXMB_MON transaction.
-
Need Urgent Help in PM8M-V H problem - keyboard freeze
Hi everyone, I'm a newbie in this forum and I really need urgent help with my motherboard. My PC specification: Intel Pentium 4 2.4GHz MSI PM8M-V H W7104VMS v3.4 022206 14:32:17 1GB(512MB x 2) Kingston PC3200 400MHz Seagate SATA II 320GB ST3320620SV
-
Removing photos that have been deleted
I used to have photos on a hard drive that were linked in iPhoto. The hard drive crashed and now everytime I access on of those photos, I get an error message. Is there any way to quickly fix this? I have thousands of photos and would hate to go t
-
Updating changes to posted budget figures. Kp06
Hi gurus I am failing to update changes to planned (budget) figures in KP06.For example i have a cost element 430170 in costcenter 210320. For period 1 i had posted $450 and i now want to change the amount to $1500. There are no changes effected.Plea