CSM redundant bridged mode - alias IP required?

Hi! I am a little bit confused about the configuration guides concerning csm + fwsm
+ csm bridged mode. in my opinion when using bridged mode with the csm i do not really need any alias ip configuration - neither in the client vlan nor the server vlan. in bridged mode the csm does not route - thus i won't have any routes pointing to the csm. why are there always alias ip configurations in redundant bridged mode config guides? can somebody please clear that up for me? is there any other function of the alias IPs that I need them for?
Thanks,
Daniel

Daniel,
In general, if no router is present on a server-side VLAN, then each server's default route points to the aliased IP address. In the case of bridge mode, like you have, there is no need for the alias ip.
Regards
Pete..

Similar Messages

  • How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

    hi.
    I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
    But,
    I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
    Please let me know sample configuration.
    thanks.

    Hi,
    I wrote the document you mentioned and I also wrote the one below.
    http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
    The one with the SSLM is a bridge mode config.
    If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
    Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
    Regards,
    Gilles.

  • CSM in Bridge mode and Server initiated connections

    I know one can use Source NAT for server initiated connections back to VIP using CSM in routed mode. How do I achieve the same for bridge mode?
    Thanks in advance,
    Shahid

    Shahid,
    that's a well-known problem for all loadbalancer in the world.
    With a sniffer trace, or just thinking about TCP/IP rules you can figure out why client nat is required.
    If you go from a server to a vip, the CSM will forward the traffic to a random server.
    The CSM forwards the traffic with the source ip unchanged by default.
    The server receiving the traffic will forward the response back to the source that initiated the request.
    If the source is also a server in the same subnet, the response does not need to be sent through a gateway. Since both source and destination are in the same subnet, the traffic is sent based on mac address and it bypasses the CSM which can't perform the nating.
    The source receiving the response from the server directly will just ignore it.
    Using client nat forces the response to go back to the CSM which can perform the nating before sending it to the client.
    This has been discussed tons of times in this forum.
    It's a classic question :-)
    Gilles.

  • Adding direct server access to CSM in bridge mode

    I have a CSM that I have set up in bridge mode and want to allow direct management access to the real servers.
    It looks like this. MSFC 10.1.100.1
    CSM 10.1.100.3
    Reals 10.1.100.10
    10.1.100.20
    10.1.100.25
    Virtual 10.1.100.130
    10.1.100.140
    I tried to use the same method that I found for routed mode on CCO.
    Serverfarm SERVER-SUBNET
    No nat server
    Predictor forward
    Vserver DIRECT-ACCESS
    Virtual 10.1.100.0 255.255.255.0 tcp any
    Serverfarm SERVER-SUBNET
    Inservice
    The next step in the documentation says to add a static route to the CSM
    Ip route 10.1.100.0 255.255.255.0 10.1.100.3
    But this does not make since since the MSFC 10.1.100.1 address is already the default gateway.
    So is there another way to configure bridge mode and enable direct management access?

    After I thought about bridge mode again and took out the direct-access and server-subnet commands. I tested again and I can now directly access the servers.

  • Deploying CSM in Bridge Mode into an existing server envronment

    We have installed two CSM's in a 6509's in a network that has servers already in an existing subnet and vlan.My question is.Can I use the same vlan that the servers are on at this time for the server slb vlan or do I have to create another server slb vlan in the subnet?

    the servers can stay in the same vlan.
    But if you want bridge mode, you will need to configure 2 vlans in the CSM using the same subnet.
    1 vlan will be the same as the servers.
    The 2nd vlan will be a new vlan using the same ip subnet.
    The MSFC should be setup with only the 2nd vlan.
    So at the end you get
    MSFC---VLAN-A----CSM-----VLAN-B----SERVERS
    <-------------- one subnet --------------->
    The servers can keep the same gateway ip address.
    This ip address should be moved from current msfc vlan to the newly created vlan.
    [I say MSFC, but it could be any other router being currently the default gateway]
    Gilles.

  • CSM in Bridge mode and STP

    How CSM deals with the situation when both modules become active? How can I configure CSM to passthrough STP BPDUs to break loops? I know how can I do it on FWSMs but wondering if there is a way to do it on CSM or there is no way to avoid loops when FT vlan is dead.

    There is no way to let BPDU go through and there is no way to avoid loop if the FT vlan goes down.
    You have to make sure it never goes down by using etherchannel and any other possible solution.
    Gilles.

  • Introduction of SSLM into a MSFC-FWSM-CSM Bridge Mode Configuration

    Hi,
    Need serious help here..
    I'm facing a challenging situation here.
    Customer just purchased a pair of SSLM module for their web server HTTPS termination.
    Here's the situation.
    Currently customer already have a pair of Catalyst 6509 running with MSFC->FWSM<->CSM Bridge Configuration (i.e. client and server vlan on the same subnet).
    I've been assigned the task to deploy SSLSM module seaminglessly onto this existing setup without any other major configuration changes required on their systems by this week.
    My question is currently they doing bridge configuration between FWSM - CSM. How do I transparently deploy SSLM in this situation ? without changing any i.p. addresses which will break their server-to-server communications.
    I read and understand CSM-SSLM bridge configuration but that requires changing their i.p. addressing scheme? hopefully somebody shed some light on this...

    I've attached a logical diagram of the existing setup as well as the SSLM placement (where i think it fits in).
    I've also came up with a draft configuration below, i don't really understand NAT client and NAT server applications:
    module ContentSwitchingModule 7
    ft group 1 vlan 201
    priority 110 alt 100
    heartbeat-time 1
    failover 3
    preempt
    vlan 6 client
    ip address 192.168.20.4 255.255.255.0 alt 192.168.20.5 255.255.255.0
    gateway 192.168.20.1
    alias 192.168.20.6 255.255.255.0
    vlan 60 server
    ip address 192.168.20.4 255.255.255.0 alt 192.168.20.5 255.255.255.0
    vlan 7 client
    ip address 192.168.10.4 255.255.255.0 alt 192.168.10.5 255.255.255.0
    alias 192.168.10.6 255.255.255.0
    vlan 70 server
    ip address 192.168.10.4 255.255.255.0 alt 192.168.10.5 255.255.255.0
    vlan 40 server
    ip address 192.168.60.4 255.255.255.0 alt 192.168.60.5 255.255.255.0
    alias 192.168.60.6 255.255.255.0
    probe ICMP icmp
    interval 3
    failed 5
    probe HTTPWEB http
    interval 3
    failed 5
    probe HTTPSWEB tcp
    interval 3
    failed 5
    port 445
    probe TCP tcp
    interval 2
    failed 3
    serverfarm MOCINT-VIP1
    nat server
    no nat client
    predictor leastconns
    real 192.168.20.71
    inservice
    real 192.168.20.72
    inservice
    probe ICMP
    probe HTTPWEB
    serverfarm MOCWEB-VIP1
    nat server
    no nat client
    predictor leastconns
    real 192.168.10.65
    inservice
    real 192.168.10.66
    inservice
    probe ICMP
    probe HTTPWEB
    serverfarm SSL-MOCINT
    nat server
    no nat client
    real 192.168.60.11 445
    inservice
    real 192.168.60.12 445
    inservice
    probe TCP
    serverfarm SSL-MOCWEB
    nat server
    no nat client
    real 192.168.60.21 445
    inservice
    real 192.168.60.22 445
    inservice
    probe TCP
    sticky 10 netmask 255.255.255.255 timeout 20
    sticky 20 cookie cookie-server timeout 30
    vserver DECRYPT-MOCINT
    virtual 192.168.60.10 tcp 445
    vlan 40
    serverfarm MOCINT-VIP1
    replicate csrp sticky
    persistent rebalance
    parse-length 4000
    inservice
    vserver DECRYPT-MOCWEB
    virtual 192.168.60.20 tcp 445
    vlan 40
    serverfarm MOCWEB-VIP1
    replicate csrp sticky
    persistent rebalance
    parse-length 4000
    inservice
    vserver HTTP-MOCINT
    virtual 192.168.20.70 tcp www
    vlan 6
    serverfarm MOCINT-VIP1
    advertise active
    sticky 20 group 10
    replicate csrp sticky
    persistent rebalance
    parse-length 4000
    inservice
    vserver HTTP-MOCWEB
    virtual 192.168.10.60 tcp www
    vlan 7
    serverfarm MOCWEB-VIP1
    advertise active
    sticky 30 group 20
    replicate csrp sticky
    persistent rebalance
    parse-length 4000
    inservice
    vserver HTTPS-MOCINT
    virtual 192.168.20.70 tcp https
    vlan 6
    serverfarm SSL-MOCINT
    persistent rebalance
    inservice
    vserver HTTPS-MOCWEB
    virtual 192.168.10.60 tcp https
    vlan 7
    serverfarm SSL-MOCWEB
    persistent rebalance
    inservice

  • CSM Bridge Mode Vserver Redirect

    I have a CSM in bridge mode, the MSFC in on the client side.
    vlan 28 client
    ip address 192.168.29.253 255.255.254.0
    gateway 192.168.28.253
    vlan 173 server
    ip address 172.17.3.8 255.255.255.0
    alias 172.17.3.5 255.255.255.0
    vlan 163 client
    ip address 172.17.3.8 255.255.255.0
    gateway 172.17.3.1
    I want to have a VIP on the 28 vlan and redirect to a VIP on the 163 vlan. I'm not sure how to do that. Plus this is all netbios, so could I do it with a virtual x.x.x.x any
    or do I have to specify tcp 137,138,139,445...
    any ideas would be great...thanks

    how can you redirect netbios traffic ???
    We can use HTTP redirect but I don't think this works for Netbios - correct me if I'm wrong.
    Therefore, I don't see how you can do a redirect.
    Moreover, why would you want to redirect to another vip ?
    As long as the traffic is coming to the CSM why don't you simply loadbalance to the end server ????
    Thanks,
    Gilles.

  • Bridge mode CSM - Serverfarm with hosts in different vlans

    Hi,
    I'm trying to answer a question while doing design. I am planning on deploying a CSM in bridge mode with multiple vlans. I need to create a serverfarm which has real servers in two separate server side vlans.
    I would then present the Vserver on the client side only of one of the vlans (I always like to specify where I want the vserver). Whe traffic comes in to this vserver, will the CSM appropriately switch traffic to both vservers? I think it will but don't have access to a csm right now to mock it up.
    Thanks
    Adam

    You cannot have 3 vlans configured in bridge mode with all vlans using same address space.
    You can use mixed mode to achieve your goal.
    It is possible to have Vlan 10 and Vlan 11 in bridge mode and at the same time have VLAN 12 (for example) in the routed mode.
    - Traffic from vlan 10 to vlan 20 is bridged
    - Traffic from vlan 10 to vlan 12 is routed
    where Vlan 10&20 belong to same subnet and Vlan 12 is in different subnet.
    Syed

  • How to Configure Transparent caching on Cat 6500 with CSM in routed mode

    I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
    The scenario is like
    Access Switches - Cat6500 with MSFC & CSM - Internet Router
    |
    Cache Engines and Real servers
    The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
    I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
    Thanks
    kumar

    Hello Joerg,
    Thanks for the reply.
    I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
    Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
    So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
    Pls let me know , how I can implement this solution.
    Thanks again
    Sudhir

  • Alternative AEBS setup to Bridged mode? Qwest DSL, ActionTec GT701

    I just upgraded to the new dual mode AEBS and it's a different setup than my old Airport Extreme that died. Things are working OK at the moment with the AEBS in bridge mode (which is required to avoid the double NAT error), letting the GT701 handle PPPoE, NAT and DHCP.  But as I've learned from these forums, this disables the Guest Network feature on the AEBS, and also requires me to e.g. setup port forwarding via the GT701 web interface. I've read I can put the GT701 in bridge mode and have everything including PPPoE authentication handled by the AEBS, but if possible, I think I'd prefer to have the GT701 handle only the PPPoE authentication with the Qwest server, but manage all LAN settings and functions via the AEBS. Is this kind of configuration possible?  If so, what are the correct GT701 and AEBS settings?
    Please don't let my throwing around of these acronyms fool you - I'm know little about this stuff.  I tried to get help from Qwest ("we only support the basic configuration, for advanced configuration talk to ActionTec...") and ActionTec ("Qwest provides all DSL support for their modems, you need to call them..."), to no avail.  I've downloaded the manual for the GT701, but I'm in over my head already.  Suggestions welcome, thanks.

    Option 1: Set up the WRT as access point. Follow these instructions. (I think the actiontec uses 192.168.0.1/255.255.255.0 by default thus 192.168.0.2 should be a good LAN IP address for the WRT).
    Option 2: Put the Actiontec into bridge mode which basically turns of the router. Then configure the WRT for your internet connection and connect it with the internet port to the modem. However, in case you have to use PPPoA (i.e. you have PPPoA configure in the modem at the moment) then you cannot do it. The WRT54GS does not support PPPoA only PPPoE.
    Please make sure that there is no USB connection to the modem! The USB connection will interfere with the connection through the ethernet port!

  • Http secure-server on 887VA in bridge mode

                      I'm setting up an 887VA to bridge between vlan1 and the atm0 interface. For remote management and to access the https for web management on this device, can I pop one of the 4 fe interfaces into a different vlan to assign it an IP address?
    Not critical, but since you can't assign individual fe interfaces to the bridge group, it would be nice.
    TIA
    Jason

    HI Gilles,
    this is quite confusing as I learnt in a workshop with some Cisco SEs that the CSM is bridging all traffic which is not destined to a VIP if you do bridged mode. I agree with you that you realy need the predictor if you are running secure/routed mode.
    However Chi Wang (I hope that's your forename):
    In regards of your first question:
    I think nothing has to be done to get the reals directly the only thing which has to be ensured it that they are plugged in the correct vlan and reside in that vlan.
    In regards of your second question:
    Have you checked if the routing from the servers to the GW is done correctly (towards a gateway in the Layer3 subnett?)
    Btw are the servers connected in the server vlan?
    Have you done a ping from the MSFC towards the servers?
    have you done a traceroute from the servers to the destination you want to reach? Where does the traceroute stop?
    Some additional questions from my side:
    You set up the CSM in bridged-mode however the reals could be on a different LAyer3 hop? What's your topologiy maybe you can give us a hint of how you config looks like and what's the topology.
    Kind Regards,
    Joerg

  • CSM issue when using bridge mode

    I have 2 CSM installed on 2 6509 each,and configured as bridge mode.One is acting active,another is standby.I know that client and server vlan have to use same IP,but I'm confused that the IP on standby CSM,does it need to differ from active CSM vlan IP or not?

    Hello,
    yes the ip adresses of the vlans on both CSM have to be different as you would have dupplicate IP-Adresses in any other case (not talking of the same IP-Adress in vlan1 and vlan2 configured in bridged mode). You should use the alias command to make the gateway redundant (only if this is needed in your scenario). In regards of the VIP-Adresses they have to be the same for failover purpose. I guess you know that you need the failover vlan too.
    Kind Regards,
    Joerg

  • Combination bridged mode routed mode CSM

    We run an active/standby pair of
    CSM with SSL WS-X6066-SLB-S-K9
    currently we have our real servers in 2 vlans: 116 and 117. our VIPS are mostly in the client vlan 119. load balancing works fine.
    We now want to load balance between real servers in the 116 vlan. So far we have been unsuccessfull to get it owrking. I suspect because we essentially require a configuration that combines routed with bridged mode.
    has any one been able to configure such a setup? Is it possible at all?

    This type of topology is not 'bridged mode'.
    When you has source and destination of load-balancing process in the same subnet (in your topology vlan116) you need use source NAT (client nat in CSM terminology).
    Let me explain it:
    1. client (srcIP-vlan116) sedn request to VIP (VIP-vlan116).
    2. CSM process (modified) request and send it to dstIP-vlan116 (src IP is srcIP-vlan116) (*)
    3. server receive request. It will resopnse to srcIP-vlan116 and response is not delivered through CSM, but direct. TCP communication is not possible, because client's request is modified on the CSM.
    * when CSM modify source IP for example to one of IP addresses of CSM, response from server is send always to CSM and not direct.
    Martin

  • Cuestion about CSM on bridge&router mode

    Hello!!
    Plese help me with this cuestion about CSM connection modes:
    We have 2 Cat6500 with a CSM inside of each (CSM1 on Cat6500_1 and CSM2 on Cat6500-2)
    The CSM1 is on bridge mode with Vlan31 for Client side and Vlan131 for Server side.
    The CSM2 is on router mode with Vlan30 for Client side an Vlan2 for Server side.
    We want to join both switches for redundancy purposes (switches and CSMs).
    We want to merge the two Client Vlans (include the logical IP segments) on a /23 mask.
    But the cuestions here are:
    Can we keep the original config (bridge mode and router mode) on the CSM1 (for example)
    considering this Module as active and CSM2 as standby?
    Is there any consideration to take in count in order to configure this? (Some examples...)
    Thanks in advance
    Pedro

    yes, you can mix bridge more and router mode and so merge the 2 configs.
    Gilles.

Maybe you are looking for

  • Can I use the time capsule as backup and hard disk at the same time?

    Hi. I want to buy a time capsule. I wondered, if I can use the time capsule as backup (over time machine) and as a hard disk at the same time? If I buy the 2TB time capsule, I wanted to use 1TB for the backup and 1TB for hard disk. Is this possible?

  • Can't install CS3 on Windows 7

    I know there's a similar discussion in this section, but I'm having slightly different issues with my version. I'm not sure if this makes a difference, but I bought my copy of CS3 (Design Premium) used via Amazon. There are a couple different things

  • Adding one more participant to approve the task in workflows

    Hi All, I'm having a requirement of adding the adding one more workflow user for approving the task. How to add one more workflow user in the human and allow him to approve the task which has been already approved by another workflow user, means it i

  • Interface virtual-template limitations

    I am using 7204 as access concentrator for PPPOA sessions using interface virtual-templates. I want to know the maximum number of supported virtual interfaces. for 12.0, it's stated in cco documents that the maximum number of virtual interfaces is 30

  • Maintaining 2 fiscal years

    n legacy, customer is currently maintaining 2 fiscal years (April-March & October). Sept). They need period end closing for both the fiscals. Is this possible in SAP?