CSM bridge vs router mode

Similar Messages

• CSM concurrent bridge and router mode

  Hi,
  Is it possible on the CSM to use bridge and router mode at the same time ? Or is it only router mode or only bridge mode ?
  E.g. in the example below, when using HTTPS entering the vlan 3 , it will be bridged to vlan 3....But when using HTTP entering vlan 3...it will be routed to vlan 4... Will that work ?
  Thanks
  vlan 3 client
  ip address 3.3.3.1 255.255.255.0
  vlan 3 server
  ip address 3.3.3.1 255.255.255.0
  vlan 4 server
  ip address 4.4.4.1 255.255.255.0
  vserver HTTPS
  vlan 3
  virtual 3.3.3.10 tcp https
  serverfarm HTTPS
  serverfarm HTTPS
  no nat server
  no nat client
  real 3.3.3.11
  inservice
  real 3.3.3.12
  inservice
  vserver HTTP
  vlan 3
  virtual 3.3.3.11 tcp http
  serverfarm HTTP
  serverfarm HTTP
  nat server
  no nat client
  real 4.4.4.10
  inservice
  real 4.4.4.11
  inservice

  HI Michel,
  first of all you can run bridged and routed mode at the same time but you can not define the same vlan as client and server. If you would change the above config from vlan 3 server to vlan 30 server and place the reals in vlan 30 it will work. A proper layer 2 configuration is for sure the prerequisit.
  Kind regards,
  Joerg

• ISE iPEP + 3rd party device VPN bridge or route mode

  Dear All,
  I would like to get some advice from the community regarding my idea.
  We would like to integrate ISE iPEP with a 3rd party VPN device using bridge mode.
  However i can only find documents describing the following scenarios,
  - routed mode with VPN device
  - bridge mode with Wireless Controller
  So the questions is that is bridge mode supported if i would like to integrate ISE iPEP with a 3rd party VPN device or is it even possible to achive this kind of deployment?
  Thank you in advance.
  Best Regards,
  Erik Molnar

  Thanks for the reply Marcin.  Both of your suggestions are good ones, however in this scenario both DC firewalls are alive at the same time, so there needs to be some kind of logic on the device at the remote site to say that it should only use tunnel B if tunnel A is down.
  Thinking on this, is it possible to run an 'interface' or 'routed' mode IPSEC VPN with the ASA?  I know this is possible with the Fortigates and think it's the default mode for Junipers.  If that were possible we might be able to have both tunnels up and have OSPF run over them which would be another way to solve this problem.

• Bridge or Router Mode?

  I have adsl modem asus dsl13 (mode adsl2+ ). Provider has a PPoE.
  What a proper option for TC - bridge or router?

  You can do either bridge on the modem and router on the TC.. or router on the asus modem and bridge on the TC.
  There is hardly any difference in overall performance.. since adsl is the limiting factor here.
  But a few things to consider.
  Pro router in the TC
  1. The TC is a much faster router than the asus, if you need speed. (For normal setup makes no difference)
  2. The TC often behaves better when it is the router to clients running time machine. (TC should be main router in the network if you keep having issues and losing connection with it).
  Pro router in the Asus.
  1. The TC is peculiarly apple, and misses out some things important. eg QoS, very important if you are running voip phones, upnp, very important if you run gaming consoles.
  2. If you run the Asus as the main router you have direct access to the modem stats. This is difficult behind a bridged modem.
  3. You can run PPPoA, which is slightly more efficient encapsulation method if your ISP supports it. For many people the ISP does not support pppoe so they have little choice. Sometimes PPPoA is the preferred method by the ISP and is just more reliable.
  For the vast majority of people there is no right answer. Pick what works for you.

• CSM in routing mode

  Hi,
  I've a CSM configured in routed mode.
  I've also vserver with direct access in order to permit the management of the real servers.
  The question is: "Is there a way to block the communications between servers in different serverfarms?".
  Thank you.
  Best regards.
  Massimiliano.

  Assuming you have 2 vlans x and y.
  Subnet of vlan x is x.x.x.0/24 and subnet of vlan y is y.y.y.0/24
  If you want to block traffic from vlan y to vlan x, implement the following vserver.
  serverfarm NULL
  real x.x.x.252
  inservice
  vserver Block1
  virtual x.x.x.0 /24 any
  serverfarm NULL
  vlan y
  inservice
  You have to make sure x.x.x.252 does not exist !!! This whill blackhole the traffic.
  Gilles.

• CSM route mode and bridge mode can exist at the same time?

  I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

  you can use bridge mode and route mode at the same time.
  Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
  Gilles.

• Cuestion about CSM on bridge&router mode

  Hello!!
  Plese help me with this cuestion about CSM connection modes:
  We have 2 Cat6500 with a CSM inside of each (CSM1 on Cat6500_1 and CSM2 on Cat6500-2)
  The CSM1 is on bridge mode with Vlan31 for Client side and Vlan131 for Server side.
  The CSM2 is on router mode with Vlan30 for Client side an Vlan2 for Server side.
  We want to join both switches for redundancy purposes (switches and CSMs).
  We want to merge the two Client Vlans (include the logical IP segments) on a /23 mask.
  But the cuestions here are:
  Can we keep the original config (bridge mode and router mode) on the CSM1 (for example)
  considering this Module as active and CSM2 as standby?
  Is there any consideration to take in count in order to configure this? (Some examples...)
  Thanks in advance
  Pedro

  yes, you can mix bridge more and router mode and so merge the 2 configs.
  Gilles.

• Can I configure csm as one arm and routing mode at the same time?

  My csm currently is configured as the routing mode and bridge mode, resently I have a service requirement which I think the one arm mode should be the best resolution. Can anybody let me know if there will be any affect if I add the one arm mode to the currently production environment?
  Thanks in advance.
  Jason

  Gille,
  Thanks for your quick response. I notice you have same opinion about the one arm mode in your other post, but I think in the multi-tire data center design with fw in bridge mode and csm in one arm mode with RHI, do give us a lot of flexibilty. If I use policy routing instead of source nat, can I overcome these limit you metioned?
  Do you know who csm could handle the TFTP traffic? I may have too much question, I am realy looking for your suggestion.
  Thanks
  Jason

• How to Configure Transparent caching on Cat 6500 with CSM in routed mode

  I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
  The scenario is like
  Access Switches - Cat6500 with MSFC & CSM - Internet Router
  |
  Cache Engines and Real servers
  The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
  I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
  Thanks
  kumar

  Hello Joerg,
  Thanks for the reply.
  I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
  Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
  So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
  Pls let me know , how I can implement this solution.
  Thanks again
  Sudhir

• How to set WRT54G v7 router so signal is forwardet- using bridge or repeater mode?

  What i need to set in WRT54G so its signal is beeing repeated?
  I want to use WRT54G v7 as to who internet comes in and it works like that right now and it has passw admin changed and WPA2 personal set up
  I have another router tenda w311r+ and there i have options in WDS- Lazy, Bridge and Repeater modes..
  Lazy mode is without asking BSID but others ask so i asume Lazy repeats every routers around signals..
  But what then is difference in Bridge and Repeater mode?
  I wasnt able to set all up corectly..
  Read tutorials about w311r+ and doing similar couldnt get it work..

  1
  In tenda i have
  Wifi settings
  BSSID NameTenda123 Passw123 <---- This is not same as WRT54G settings, do i need to make it like that also? Even channel the same?
  WDS settings
  Repeater ESSID Mac of WRT54G and WifipasswofWRT54G <--- this is the same as set inWRT54G
  2
  And do i connect from computer to NameTenda123 to get repeated signal from WRT54G ?
  Or the same name as reapted signal router i need to connect? BSSID of WRT54G? And do i need to set in tenda wifi settings witch now are different then WRT54G wifi settings but in Tenda WDS repeater settings are set..
  Maybe i need to set Tenda wifi off and only set WDS to be on?
  3
  Also to WRT54G i log in to 192.168.0.1 and maybe i need to set Tenda to 192.168.0.2 ? and something else?

• ACE bridge mode , FWSM routed mode

  i have the following senario:
  MSFC ---vlan 777----FWSM----vlan160---ACE----VLAN180
  FWSM is working in routed mode and vlan 777 is shared between the MSFC and FWSM
  ACE is working in bridged mode and vlan 160 is shared between the FWSM and ACE
  vlan 180 is the server side vlan
  i want he FWSM ip address to be the Server gateway while ACE module in
  bridge mode
  i create bvi interface but i can't ping from ACE to FWSM or from FWSM to
  ACE
  if i change ACE to routed mode , i can ping to FWSM
  any body can help me in this issue?

  The config looks good.
  I would look at the arp table on FWSM and ACE when the ping fails and also capture a sniffer trace of ACE tengig interface and see if the ping request goes out - on which vlan - and if we get a response.
  Is evertyhing else working ?
  Like ping through the ACE module ?
  Your config does not show a 'no shutdown' on the vlan interface, but I assume you fixed that already.
  Gilles.

• Bridge mode and router mode

  hello,
  I want to understand the basic operation, difference and advantages of both Bridge Mode and Router mode?
  i also want to know in which case i should go for Bridge mode and Router mode?
  regards
  Devang

  It realy depends on your requirements.
  Mainly bridge mode is used for multicast support, Multiple DMZs + FWSM, server initiated connections or for seemless migration from previously installed "bridged load balancing environment".
  Some of the differences are
  In bridge mode you do not need additional config for "Direct server access" / "Server Initiated connections"
  Broadcasts are dropped in routed mode whereas they are bridged in bridge mode.
  LB functionality is same in both modes.
  Syed Iftekhar Ahmed

• CSS: Bridge Mode + Router mode

  Hi,
  I have a CSS with many interfaces, all of them bridging.
  I need to include one routed interface. however, front end vlan is defined bridging, the new bac kend interface is to be routed with front end.
  mix og bridge mod and route mode, will it work
  mix of front end defined bridged, back end defined routed, will this work
  Please advice
  Regards
  SS

  This forum is dedicated for Cisco MARS (Security product) dicussion.
  Please ask your CSS-related queries here:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee7814f
  Regards
  Farrukh

• CSM bridge mode urgent issue.

  Hi,
  I have a pair of CSM running 4.2.6 (tried 4.2.7 too) on cat 6500 sup 720 chassis.
  config is following :
  vlan 902 server
  ip address 192.168.1.36 255.255.255.224 alt 192.168.1.37 255.255.255.224
  vlan 100 client
  ip address 192.168.1.36 255.255.255.224 alt 192.168.1.37 255.255.255.224
  vserver VS_MWINA_WWW
  virtual 192.168.1.59 tcp www
  serverfarm SF_MWINA_W
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
  real R_PARKINSON
  address 192.168.1.42
  inservice
  real R_GUEDEL
  address 192.168.1.39
  inservice
  serverfarm SF_MWINA_W
  nat server
  no nat client
  real name R_SRV1 8098
  inservice
  real name R_SRV2 8098
  inservice
  I am sniffing on the PO to the CSM module and what I see is the SYN goin from the chassis to the blade, nothing else. then sometimes it goes well and I have SYN/ACK and ACKs following.
  Any help would be greatly appreciated.

  If it was transmitted, ok I didn't see it but I don't see where it would have gone.
  The csm is a fine blade but sometimes not easy to trouleshoot I find.
  With our config I don't see what could cause it to stop working.
  Tech Proc 1 give me this
  scsm1 tech proc 1
  Software version: 4.2(7)
  --------------------- SESSION Statistics ---------------------
  Current time 438570 324085 1
  Aborted rx 152564848 2673378996 10183
  Total Packets rx 163666741 101777820 387
  Packets Dropped 80262 59218 0
  Packets Drop Stale Connection 22473 16390 0
  Packets Drop No More Sessions 0 0 0
  Packets Drop No VLAN 233026 172035 0
  Packets Drop Bad Checksum 0 0 0
  Packets Drop IP Fragments 0 0 0
  Packets Drop SI with no SMAC 0 0 0
  Packets Drop: SI, Route Mode, no DMAC 116827 115609 0
  Packets Drop: Not IP, SNAP 0 0 0
  Packets Drop: Zero L3 offset 0 0 0
  Packets Drop: vlan/vs Force Drop 204 0 0
  Packets Drop: Slowpath limit exceeded 0 0 0
  Packets Drop: LP non-ip, non-arp 0 0 0
  Packets Drop: TCP/UDP with zero port 1 0 0
  Packets Drop: CDP 0 0 0
  Packets Spanning Tree DMAC 0 0 0
  Packets Repeat: Slowpath limit exceeded 0 0 0
  Packets Rx on secondary vlan 0 0 0
  Packets Slowpath 5056349 3584950 13
  Packets Shakira 0 0 0
  Packets High Priority 467142 346215 1
  Packets Session Hit 43583067 12829485 48
  Packets New Sessions 333858 142719 0
  New Session- source route checks 79701 22473 0
  New Session- source ecmp route 0 0 0
  Packets Repeat 114240674 84857415 323
  Packets Repeat Reverse Frag 0 0 0
  Packets Repeat and Slowpath 0 0 0
  Packets Force Repeat 0 0 0
  Packets One Shot 0 0 0
  Packets bad parse 0 0 0
  Packets Session Hit TCP+NAT 0 0 0
  Packets Session Hit TCP 1364769 591465 2
  Packets Session Hit NAT 42218298 12238019 46
  Packets Session Hit Slw 0 0 0
  Packets Session FIN 664593 283296 1
  Packets Dropped- SYN+ACKs 0 0 0
  Packet, Transmit retries 0 0 0
  SYN Packets routed (w/o conn) 115956 115143 0
  Packets routed (w/o conn) 0 0 0
  Packets routed (w/o conn), bad enc 0 0 0
  Packets routed (w/o conn), FT 0 0 0
  Packets with no SMAC, sent to slowpath 539 0 0
  there are quite a lot of drops here.

• Difference between bridge mode and routed mode on CSS

  Hi,
  Could some one tell me the difference between routed mode and bridge mode.
  Regards
  Neha

  Hi,
  routed mode:
  The CSS acts as a router, it routes packets from the client to the server. The server has the ACE configured as default-gateway.
  There is a client-side VLAN and a server-side VLAN. These VLANs have different subnets.
  Bridged mode:
  The CSS acts as a bridge, it switches frames from the client to the server. The server has the upstream router configured as default-gateway.
  There is a client-side VLAN and a server-side VLAN. These VLANs have the same subnet, but different VLAN IDs. The ACE bridges the client traffic from the client-side VLAN to the server-side VLAN.
  Bridged mode would be most used in case one cannot change the servers IP addresses, or if address space is an issue.
  Hope this helps.
  Kind regards,
  Dario