Bridge mode CSM - Serverfarm with hosts in different vlans

Hi,
I'm trying to answer a question while doing design. I am planning on deploying a CSM in bridge mode with multiple vlans. I need to create a serverfarm which has real servers in two separate server side vlans.
I would then present the Vserver on the client side only of one of the vlans (I always like to specify where I want the vserver). Whe traffic comes in to this vserver, will the CSM appropriately switch traffic to both vservers? I think it will but don't have access to a csm right now to mock it up.
Thanks
Adam

You cannot have 3 vlans configured in bridge mode with all vlans using same address space.
You can use mixed mode to achieve your goal.
It is possible to have Vlan 10 and Vlan 11 in bridge mode and at the same time have VLAN 12 (for example) in the routed mode.
- Traffic from vlan 10 to vlan 20 is bridged
- Traffic from vlan 10 to vlan 12 is routed
where Vlan 10&20 belong to same subnet and Vlan 12 is in different subnet.
Syed

Similar Messages

  • TG797n in bridge mode works fine with Telstra Air

    Just fyi,I have the Telstra TG797n in bridge mode and works fine with Telstra Air. The Telstra Air and Fon Wifi SSID are still visible.That's great.... 

    Thanks for letting the Crowd Support community know about this 888. From what I've been seeing seems to work OK for some and not others, obviously how the setup is configured in the background and overall I'd say. 

  • Does Bridge Mode Work only with Apple Router?

    Can I use an Airport Extreme Router, in Bridge Mode, as a wireless bridge in a network that does not use an Apple Router?
    Situation:  Wifi Hotspot from Smartphone connects to Dlink Wireless Bridge in other room allowing Wifi access to printers having only Hard-Wired Ethernet connections.  Trying to do the same with an Airport Extreme, with same network name and password, in bridge mode, to provide a PC internet access through the Ethernet connection to Airport Extreme.  Cannot seem to get the Airport Extreme in Bridge Mode to function as a wireless bridge on this network.

    Are both of your AirPort Extreme models the "ac" version?
    So Base Station (2) would be set to bridge mode, hard wired to Station (1).  Base Station (2) - I believe in this configuration will broadcast the wireless signal from Station (1), the router, with all DHCP addressing handled by Station (1).
    No, Base Station 2 would not broadcast the wireless signal from Base Station 1. Base Station 2 would broadcast its own wireless signal, which it derives from the Ethernet connection coming from Base Station 1.
    You don't have to worry about "bridge mode" if you use Apple's "wizard" to set things up in AirPort Utility.
    If the wireless on Base 2 is configured to use the same wireless network name and password as Base 1, then Base 2 will act like an "extender", and it will seem as if you have one "big" network. This type of setup is called a Roaming Network.
    Base Station 2 would only broadcast the wireless signal from Base 1....IF....Base 2 was connecting using wireless. But, you changed the question to ask about Base 1 and Base 2 connecting using Ethernet.

  • ACE30-MOD-k9 in bridge mode. Individual server in the same vlan of Real Servers not reacheable.

    I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
    I Thought that the traffic directed to this "spare" server shouldn't  be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
    What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
    In rispect at the following configuration 10.10.10.168 isn't reacheable
    access-list INBOUND line 8 extended permit ip any any
    access-list INBOUND line 16 extended permit icmp any any
    probe http HTTP_PROBE1
      expect status 200 200
    rserver host RS_WEB1
      ip address 10.10.10.163
      inservice
    rserver host RS_WEB2
      ip address 10.10.10.164
      inservice
    rserver host RS_WEB3
      ip address 10.10.10.165
      inservice
    rserver host RS_WEB4
      ip address 10.10.10.167
      inservice
    serverfarm host SF_FIREGROUP
      rserver RS_WEB1
        inservice
      rserver RS_WEB2
        inservice
      rserver RS_WEB3
        inservice
      rserver RS_WEB4
        inservice
    sticky ip-netmask 255.255.255.255 address source sticky-ip
      replicate sticky
      serverfarm SF_FIREGROUP
    sticky http-cookie myCookie sticky-cookie
      cookie insert browser-expire
      serverfarm SF_FIREGROUP
    class-map match-any VS_FIREGROUP
      2 match virtual-address 10.10.10.169 tcp eq www
      4 match virtual-address 10.10.10.169 tcp eq 8081
      5 match virtual-address 10.10.10.169 tcp eq 8082
      6 match virtual-address 10.10.10.169 tcp eq 8083
      7 match virtual-address 10.10.10.169 tcp eq 8084
      8 match virtual-address 10.10.10.169 tcp eq 8085
      9 match virtual-address 10.10.10.169 tcp eq 8097
    class-map match-any VS_FIREGROUP_HTTPS
      2 match virtual-address 10.10.10.169 tcp eq https
    policy-map type loadbalance first-match HTTP
      class class-default
        sticky-serverfarm sticky-cookie
    policy-map type loadbalance first-match HTTPS
      class class-default
        sticky-serverfarm sticky-ip
    policy-map multi-match HTTP_HTTPS_MULTI_MATCH
      class VS_FIREGROUP
        loadbalance vip inservice
        loadbalance policy HTTP
        loadbalance vip advertise active
      class VS_FIREGROUP_HTTPS
        loadbalance vip inservice
        loadbalance policy HTTPS
        loadbalance vip advertise active
    interface vlan 4
      bridge-group 1
      access-group input INBOUND
      service-policy input HTTP_HTTPS_MULTI_MATCH
      no shutdown
    interface vlan 700
      bridge-group 1
      access-group input INBOUND
      no shutdown
    interface bvi 1
      ip address 10.10.10.150 255.255.255.0
      no shutdown
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    Thanks a lot
    Francesco

    Hi Francesco,
    Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
    But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
    Regards,
    Kanwal

  • ACE30_MOD-K9 in bridge mode. Individual servers in the same vlan of rserver not reach.

    I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
    I Thought that the traffic directed to this "spare" server shouldn't  be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
    What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
    In rispect at the following configuration 10.10.10.168 isn't reacheable
    access-list INBOUND line 8 extended permit ip any any
    access-list INBOUND line 16 extended permit icmp any any
    probe http HTTP_PROBE1
      expect status 200 200
    rserver host RS_WEB1
      ip address 10.10.10.163
      inservice
    rserver host RS_WEB2
      ip address 10.10.10.164
      inservice
    rserver host RS_WEB3
      ip address 10.10.10.165
      inservice
    rserver host RS_WEB4
      ip address 10.10.10.167
      inservice
    serverfarm host SF_FIREGROUP
      rserver RS_WEB1
        inservice
      rserver RS_WEB2
        inservice
      rserver RS_WEB3
        inservice
      rserver RS_WEB4
        inservice
    sticky ip-netmask 255.255.255.255 address source sticky-ip
      replicate sticky
      serverfarm SF_FIREGROUP
    sticky http-cookie myCookie sticky-cookie
      cookie insert browser-expire
      serverfarm SF_FIREGROUP
    class-map match-any VS_FIREGROUP
      2 match virtual-address 10.10.10.169 tcp eq www
      4 match virtual-address 10.10.10.169 tcp eq 8081
      5 match virtual-address 10.10.10.169 tcp eq 8082
      6 match virtual-address 10.10.10.169 tcp eq 8083
      7 match virtual-address 10.10.10.169 tcp eq 8084
      8 match virtual-address 10.10.10.169 tcp eq 8085
      9 match virtual-address 10.10.10.169 tcp eq 8097
    class-map match-any VS_FIREGROUP_HTTPS
      2 match virtual-address 10.10.10.169 tcp eq https
    policy-map type loadbalance first-match HTTP
      class class-default
        sticky-serverfarm sticky-cookie
    policy-map type loadbalance first-match HTTPS
      class class-default
        sticky-serverfarm sticky-ip
    policy-map multi-match HTTP_HTTPS_MULTI_MATCH
      class VS_FIREGROUP
        loadbalance vip inservice
        loadbalance policy HTTP
        loadbalance vip advertise active
      class VS_FIREGROUP_HTTPS
        loadbalance vip inservice
        loadbalance policy HTTPS
        loadbalance vip advertise active
    interface vlan 4
      bridge-group 1
      access-group input INBOUND
      service-policy input HTTP_HTTPS_MULTI_MATCH
      no shutdown
    interface vlan 700
      bridge-group 1
      access-group input INBOUND
      no shutdown
    interface bvi 1
      ip address 10.10.10.150 255.255.255.0
      no shutdown
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    Thanks a lot
    Francesco

    Hi Francesco,
    Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
    But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
    Regards,
    Kanwal

  • Can't get Target Disk Mode to work with host computer

    Here's the problem. My Powerbook G4 went down a week ago (it's 7 years old) and I suspect the problem is either the hard drive or the portion of the logic board controlling the drive. I also have a Power Mac G4 400 that's running OS 10.4 Tiger. I've been trying to extract some files (that I failed to back up) from the Powerbook via Target Disk Mode using the older Power Mac as the host, however the target disk doesn't show up on the host screen. When I boot up the Powerbook holding the T key, it chimes and the FireWire symbol shows up like it's suppose to, but that's as far as goes. I plan on upgrading to a newer Mac, which would probably work better as a host, but money is a bit tight right now. Any suggestions would be appreciated.

    If the trouble with the Powerbook is either a failed hard drive or a failed hard drive controller, FireWire Target Disk Mode isn't likely to work with any host computer. What you may want to try is installing data recovery software on the desktop G4 and seeing whether it can see the Powerbook's drive (connected in FWTDM) even though it won't mount. Data recovery software is often able to salvage data from drives that won't mount normally; it may be able to do the same thing via FWTDM.
    These three DR utilities are all available in free downloadable demo versions that will show you what the full version would be able to recover before you have to pay for anything:
    Data Rescue
    FileSalvage
    VirtualLab
    Good luck.

  • CSM-S in bridge mode with more than one vlan.

    I want to understand well how CSM works with more vlans in bridge mode?
    Can a host in a vlan contact another server in vlan if I change the IP address?
    Thanks for your help.
    Andrea.

    Hi,
    Yes it can
    Please look @ this documents:
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00800946e0.shtml
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
    If you find this post usefull
    please don't forget to rate this
    #Iwan Hoogendoorn

  • Deploying CSM in Bridge Mode into an existing server envronment

    We have installed two CSM's in a 6509's in a network that has servers already in an existing subnet and vlan.My question is.Can I use the same vlan that the servers are on at this time for the server slb vlan or do I have to create another server slb vlan in the subnet?

    the servers can stay in the same vlan.
    But if you want bridge mode, you will need to configure 2 vlans in the CSM using the same subnet.
    1 vlan will be the same as the servers.
    The 2nd vlan will be a new vlan using the same ip subnet.
    The MSFC should be setup with only the 2nd vlan.
    So at the end you get
    MSFC---VLAN-A----CSM-----VLAN-B----SERVERS
    <-------------- one subnet --------------->
    The servers can keep the same gateway ip address.
    This ip address should be moved from current msfc vlan to the newly created vlan.
    [I say MSFC, but it could be any other router being currently the default gateway]
    Gilles.

  • ACE in bridge mode with FWSM as gateway

    our design
    FWSM--vlan 7--ACE-vlan 8---servers with default gateway as FWSM
    originally there were no plans of servers looking to load balance traffic when they wanted to communicate each other. now there is a need this
    since ACE is in bridge mode, there are no ip address to VLAN configured on it and cant do source NAT
    what we want servers in serverfarm A can contact a single ip which can be load balanced and traffic to be sent to serverfarm B. both serverfarms reside in vlan 8 and ace is in bridge. with VLAN not having IP how can we get this working. we were looking to create a policy on ACE with an ip address in vlan 8 and then do a source NAT to send the traffic to serverfarm 7.
    with FWSM as the default gateway, by enabling permit intra traffic , it doesnt work because the command routes the traffic, dont think will send the traffic back to the same vlan
    e.g static (inside,outside) 10.7.0.1 10.7.8.13 and allow intra traffic.
    so when a machine 10.7.8.11 pings 10.7.0.1 it goes to the FWSM but fwsm doesnt look for 10.7.8.13
    with ACE in bridge and FWSM doing above how to get around. can something be done on ACE in bridge mode with source NAT
    Thanks

    First, why don't you have an ip in your ACE vlan ?
    Then, for traffic hitting a vip, we can do source nating even in bridge mode.
    But if the vip is not an ip in vlan 8, your server will anyway send the traffic to the FWSM and ACE will first bridge the request.
    The FWSM should then send the request back to ACE (not sure how this can be done).
    So the request from the server will actually hit the vip on vlan 7 (not vlan 8).
    So your policy-map with client nat must be on vlan 7.
    Another option would be to configure a static route on the server to point the vip to the ACE vlan 8 ip address (which you should have configured).
    In this case, the policy-map will have to be in vlan 8 with client-nat.
    Gilles.

  • How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    The Guest Network function of the Time Capsule and AirPort Extreme cannot be enabled when the device is in Bridge Mode. Unfortunately, with another router...the Telus...upstream on your network, Bridge Mode is indicated as the correct setting for all other routers on the network.
    If you can replace the Telus gateway with a simple modem (that performs no routing functions), you should be able to configure either the Time Capsule or the AirPort Extreme....whichever is connected to the modem....to provide a Guest Network.

  • E4200/E3200 in bridge mode...Guest access works, but does not roam between routers...any ideas?

    I have installed wireless in my church...main router is E4200 in the office set up as follows:
    IP: 192.168.0.1
    Subnet: 255.255.255.0
    DHCP enabled (Range = 192.168.0.4-192.168.0.103)
    Guest network enabled
    Static DNS (for content filtering)
    NAT: Enabled
    Second router E3200 (in bridge mode) - connected LAN to WAN
    IP: 192.168.0.2
    Subnet: 255.255.255.0
    Guest Network enabled
    DHCP (obviously disabled)
    Static DNS (for content filtering)
    NAT: Enabled
    Third router E3200 (in bridge mode) - Connected LAN to WAN
    IP 192.168.0.3
    Subnet: 255.255.255.0
    Guest network enabled
    DHCP (obviously disabled)
    Static DNS (for content filtering)
    NAT: Enabled
    The 2 routers in Bridge mode are connected to a 16-port unmanaged switch (with other PCs, etc.), which is then plugged into the main router in Port 1.
    SSIDs on all 3 routers are exactly the same for both main and Guest networks.
    The main network works flawlessly.  The router in the office hands out IPs in the 192.168.0.XX range and you can wander throughout the church and maintain a persistent Internet connection.  File and print access works fine too from anywhere in the building.
    For the Guest network, you can set up a laptop next to each router, obtain an IP address, reach the logon page and surf the Internet without issue.  So, the Guest Network works fine from each router.
    However, if you wander around the church while on the Guest network (such as with a smart phone), the following happens:
    -On either of the E3200 routers (in bridge mode) you get the login page as you wander into the range of each router.  I would have thought that if you logged in once, you would be good to go.
    -You get a different IP from each router.  On the E3200's in Bridge mode, you get a 192.168.33.XX address.  Additionally, the gateway is 192.168.33.1.  On the E4200 (main router) you get a 192.168.3.XX IP and a gateway of 192.168.3.1.  
    -As a result of getting different IPs, the smart phone becomes confused and generally won't connect to the Internet.
    So, it looks like each router maintains a separate list of who has entered the correct password to get onto the Guest network.  Additionally, it appears as if each of the 2 routers, supposedly in Bridge mode, is still handing out IP addresses on the Guest Network, rather than deferring to the router in the office like they do for the main network.
    I have seen a lot of postings about how to put routers into Bridge mode and problems with the Guest Network, but posts that I've seen point to the Guest network not working at all, as opposed to this issue where it works; the bridged routers, though, continue to like to hand out IP addresses on it, making wandering around the church while connected to the Internet not possible while connected to the Guest network.
    Anyone else experience as similar situation?  Any possible solutions out there?
    Thanks!
    -Gil
    Solved!
    Go to Solution.

    I do understand what you were trying to do here since you would like to have only 2 SSIDs (main & guest) for perhaps easy connectivity. The reason why you were not having problems getting online wirelessly when you were connected to the main network it’s because the computer was connected to only one DHCP server since the 2 bridge routers were just acting as a switch or a passthrough device. Now with guest network access it is a different scenario, a guest network is a virtual network meaning to say it’s like your having another router embedded on your router. Since it is a virtual network, then it does not follow the parameters of the main network, hence even if the router was set to bridge mode those routers will still have their own ip address of either 192.168.33.1 or 192.168.3.1.

  • Bridge mode - MAP /RAP - Client service

    Hi all.
    I'm very confused about the MAP and RAP mode as they are APs configured in Bridge mode.
    In the CCNA Wireless, we are clearly taught that Bridge mode APs  do NOT deliver client service...
    Apparently Mesh and Root APs are APs in bridge mode but do deliver client service!!!
    I've surelly missed something. Could someone help please?
    Thanks
    Alex

    Hi Alex,
    Bridge Mode AP
    Many Wi-Fi bridging mode products exist with varying levels of functionality. Some wireless bridges support only a single point-to-point connection to another AP. Others support point-to-multipoint connections to several other APs.
    Each AP in bridging mode connects to a wired LAN. Some AP models simultaneously support wireless clients while operating in bridging mode, but others work as "bridge-only" and disallow any clients from connecting.
    Root AP - Places the bridge in the access point mode. In this mode, the bridge emulates a Cisco Aironet Access Point(example: 1100 Series ) and accepts associations from client devices.
    Hope it helps
    Regards

  • How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

    hi.
    I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
    But,
    I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
    Please let me know sample configuration.
    thanks.

    Hi,
    I wrote the document you mentioned and I also wrote the one below.
    http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
    The one with the SSLM is a bridge mode config.
    If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
    Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
    Regards,
    Gilles.

  • Ace module in bridged mode with client nat

    Could someone confirm whatever a NAT is supported for ACE-20 module, please?
    Let me to explain technical details.
    I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure
    if the configuration below is correct. ACE module should be configured in bridge mode with two
    vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36.
    NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding
    "policy-map type loadbalance"
    Could you check two parts of configs and advise me if the ACE config is
    properly converted from CSM and will be working in the same way (especialy for NAT).
    Thank you in advance.
    CSM config
    =======
    vlan 36 client
      ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
      gateway 10.36.3.1
    vlan 436 server
      ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
    natpool WEB-MAIL 10.36.3.100 10.36.3.100 netmask 255.255.255.0
    sticky 30 netmask 255.255.255.255 address source timeout 60
    probe SHAREPOINT tcp
      interval 30
      failed 120
      open 3
      port 80
    probe WEBMAIL-443 tcp
      interval 5
      failed 60
      open 2
      port 443
    serverfarm WEBMAIL-443
      nat server
      nat client WEB-MAIL
      predictor leastconns
      real 10.36.3.101 443
       inservice
      real 10.36.3.102 443
       inservice
      probe WEBMAIL-443
    serverfarm WEBMAIL-80
      nat server
      nat client WEB-MAIL
      predictor leastconns
      real 10.36.3.101 80
       inservice
      real 10.36.3.102 80
       inservice
      probe SHAREPOINT
    vserver WEBMAIL-443
      virtual 10.36.3.100 tcp https
      serverfarm WEBMAIL-443
      sticky 60 group 30
      replicate csrp sticky
      replicate csrp connection
      persistent rebalance
      inservice
    vserver WEBMAIL-80
      virtual 10.36.3.100 tcp www
      serverfarm WEBMAIL-80
      replicate csrp connection
      persistent rebalance
      inservice
    ACE config
    =======
    probe tcp WEBMAIL-443
      interval 5
      open 2
      passdetect interval 60
      port 443
    probe tcp SHAREPOINT
      interval 30
      open 3
      passdetect interval 120
      port 80
    serverfarm host WEBMAIL-443
      predictor leastconns
      probe WEBMAIL-443
      rserver 10-36-3-101 443
        inservice
      rserver 10-36-3-102 443
        inservice
    serverfarm host WEBMAIL-80
      predictor leastconns
      probe SHAREPOINT
      rserver 10-36-3-101 80
        inservice
      rserver 10-36-3-102 80
        inservice
    class-map match-all WEBMAIL-80
      match virtual-address 10.36.3.100 tcp eq www
    class-map match-all WEBMAIL-443
      match virtual-address 10.36.3.100 tcp eq https
    sticky ip-netmask 255.255.255.255 address source 30
      serverfarm WEBMAIL-443
      replicate sticky
      timeout 60
    policy-map type loadbalance first-match WEBMAIL-80
      class class-default
        serverfarm WEBMAIL-80
        nat dynamic 1025 vlan 436 serverfarm primary
    policy-map type loadbalance first-match WEBMAIL-443
      class class-default
        sticky-serverfarm 30
        nat dynamic 1025 vlan 436 serverfarm primary
    parameter-map type http HTTP_ADV_OPT
      persistence-rebalance
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
      class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    interface vlan 36
      bridge-group 36
      service-policy input IFVLAN36-POLICY
      mac-sticky enable
      no shutdown
    interface vlan 436
      bridge-group 36
      nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0
      no shutdown
    interface bvi 36
      ip address 10.36.3.3 255.255.255.0
      peer ip address 10.36.3.4 255.255.255.0
      no shutdown

    Hello F.Makarenko-
      You will want to use PAT while you do nat, so change the natpool configuration to this:
       nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0 pat
      You also need to apply the nat like this:
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        nat dynamic 1025 vlan 436
      class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
        nat dynamic 1025 vlan 436
    If you are going to build out a lot of classes, you can instead do source nat like this:
    policy-map multi-match IFVLAN36-POLICY
    class WEBMAIL-80
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-80
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    class WEBMAIL-443
        appl-parameter http advanced-options HTTP_ADV_OPT
        loadbalance policy WEBMAIL-443
        loadbalance vip inservice
        loadbalance vip icmp-reply active
    class class-default
        nat dynamic 1025 vlan 436
    Regards,
    Chris Higgins

  • Multiple "vserver" for different apps in a single VLAN (Bridge Mode)

    Hi,
    I'm deploying Cat6500 with CSM-S & FWSM modules. Doing bridge mode for the CSM (and FWSM will do the inter-VLAN routing upfront).
    There are 3 (three) different applications (Vidiator, BEA & XIAM) placed in the Internet VLAN. Each application consist of multiple servers. Two applications (BEA & XIAM) need to be load-balanced, and the other one (Encoder) in the same VLAN does NOT need to be load-balanced.
    The questions are:
    - Is it possible to create multiple virtual servers (vserver) for different applications (BEA & XIAM) on the same VLAN client/server ?
    - Is it also possible to do Load Balancing only for some Servers (BEA & XIAM) on one VLAN, while other servers (Encoder) on the same VLAN do NOT need load-balance? If, so what is the method? If not, what should be done?
    Below is the script for CSM-S that I'm planning to deploy, please kindly provide your comments and advices.
    Thanks a lot in advance.
    Johan KC
    MY SCRIPT:
    module ContentSwitchingModule 9
    vlan 96 client
    ip address 10.67.96.9 255.255.252.0
    alias 10.67.96.8 255.255.252.0
    vlan 296 server
    ip address 10.67.96.9 255.255.252.0
    vserver BEA-PROXY-WEB
    virtual 10.67.96.1 tcp www
    vlan 96
    server farm BEA-PROXY-SERVERS
    replicate csrp connection
    persistent rebalance
    inservice
    server farm BEA-PROXY-SERVERS
    nat server
    no nat client
    real 10.67.96.2
    inservice
    real 10.67.96.5
    inservice
    probe ICMP
    server farm XIAM-WEB-SERVERS
    nat server
    no nat client
    real 10.67.96.26
    inservice
    real 10.67.96.29
    inservice
    probe ICMP
    vserver XIAM-WEB
    virtual 10.67.96.25 tcp www
    vlan 96
    server farm XIAM-WEB-SERVERS
    replicate csrp connection
    persistent rebalance
    inservice

    Hi Gilles,
    Thanks a lot for your respond.
    1. For the multiple vservers.
    Both applications provide HTTP service but think that I could run them on different port number: 80 and 8080. Will this work?
    2. About the non-loadbalancing apps (encoder).
    There are two servers and future adding is possible. They can work independently of each other. Both servers just provide FTP access, for content provider to upload files.
    Since both servers will run the same service (FTP) and port number, I don't think we can create two vservers for them, right?
    You also said that I could have the server in the internet vlan and client accessing it directly. Is this mean that no vserver config needed? So, from FWSM the client traffic will go straight to the servers (without passing the CSM)?
    If this is possible, sound like good option to me.
    Please kindly provide your advice/comments.
    Thanks again.
    Best Regards,
    Johan KC

Maybe you are looking for