Re: ACE Sample Configs

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Sun Nov 09 2008 - 21:57:48 ARST

• Next message: Edouard Zorrilla: "Re: ACE Sample Configs"
• Previous message: Felix Nkansah: "Re: ZBF same interface traffic ?"
• Maybe in reply to: Edouard Zorrilla: "ACE Sample Configs"
• Next in thread: Edouard Zorrilla: "Re: ACE Sample Configs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Sir,

Let me lab it up and see how it goes,

Regards

----- Original Message -----
From: "amernas" <taloust@gmail.com>
To: "'Edouard Zorrilla'" <ezorrilla@tsf.com.pe>; <ccielab@groupstudy.com>
Cc: <security@groupstudy.com>
Sent: Sunday, November 09, 2008 9:52 AM
Subject: RE: ACE Sample Configs

Edouard,

You need to configure the secondary ACE with the mininum for the failover to
work.
I think you need at least the following on the secondary

> ft interface vlan 52
> description FAILOVER AND SYNC INTERFACE
> ip address X.X.X.2 255.255.255.0
> peer ip address X.X.X.1 255.255.255.0
> no shutdown

- ensure that you have same version and licences on both modules
- ensure same vlans are allocated from the switchs

And if you need to do ssl offloading you need to ensure the same
certificates keys are present on boths ACEs otherwise some context will not
sync the configs.

-----Original Message-----
From: Edouard Zorrilla [mailto:ezorrilla@tsf.com.pe]
Sent: Sunday, November 09, 2008 1:29 PM
To: Edouard Zorrilla; amernas; ccielab@groupstudy.com
Cc: security@groupstudy.com
Subject: Re: ACE Sample Configs

Just to add, my company have bought two ace's along two chassis 6506 to
perform a load balancing and I need to set them up, the issue is that I have

never set up this before.

Regards

----- Original Message -----
From: "Edouard Zorrilla" <ezorrilla@tsf.com.pe>
To: "amernas" <taloust@gmail.com>; <ccielab@groupstudy.com>
Cc: <security@groupstudy.com>
Sent: Sunday, November 09, 2008 7:17 AM
Subject: Re: ACE Sample Configs

>I am a kind of confusing regarding this, for instance the command : "
>peer
>ip address X.X.X.14 255.255.255.0"
>
> It means I do not need to enter any command on the peer context which
> is
> working as a standby ? If so what do I need to enter on the peer context
> ?. Would you please unicast me with the config on both contexts ?
>
> Thanks a lot for your patience,
>
> Regards
>
> ----- Original Message -----
> From: "amernas" <taloust@gmail.com>
> To: "'Edouard Zorrilla'" <ezorrilla@tsf.com.pe>; <ccielab@groupstudy.com>
> Cc: <security@groupstudy.com>
> Sent: Sunday, November 09, 2008 7:02 AM
> Subject: RE: ACE Sample Configs
>
>
> Here is an example of the configuration of the primay ACE with 2
> contexts RED-1 and BLUE-1
>
> ###################################
> .
> .
> hostname ACE-PRIMARY
> .
> .
> resource-class RED
> limit-resource all minimum 45.00 maximum equal-to-min resource-class
> BLUE limit-resource all minimum 45.00 maximum equal-to-min
> ..
> ..
> interface vlan 2
> description MANAGEMENT INTERFACE
> ip address X.X.X.13 255.255.255.0
> peer ip address X.X.X.14 255.255.255.0
> service-policy input ACE-MGMT-TRAFFIC
> no shutdown
>
> ft interface vlan 52
> description FAILOVER AND SYNC INTERFACE
> ip address X.X.X.1 255.255.255.0
> peer ip address X.X.X.2 255.255.255.0
> no shutdown
> .
> .
> context RED-1
> description RED-1 CONTEXT
> allocate-interface vlan 9
> allocate-interface vlan 30-31
> allocate-interface vlan 55
> member RED
>
> context BLUE-1
> description BLUE-1 CONTEXT
> allocate-interface vlan 7
> allocate-interface vlan 40-41
> allocate-interface vlan 50
> member BLUE
> .
> .
> ft peer 1
> heartbeat interval 1000
> heartbeat count 10
> ft-interface vlan 52
>
> ft group 1
> peer 1
> peer priority 90
> associate-context ADMIN-CONTEXT
> inservice
>
> ft group 2
> peer 1
> peer priority 90
> associate-context RED-1
> inservice
>
> ft group 3
> peer 1
> peer priority 90
> associate-context BLUE-1
> inservice
>
> ############################################
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Edouard Zorrilla
> Sent: Saturday, November 08, 2008 11:54 PM
> To: ccielab@groupstudy.com
> Cc: security@groupstudy.com
> Subject: ACE Sample Configs
>
>
> Anyone who has more real examples how to set up a ACE (Application
> Control
> Engine) module ? I found this :
>
> http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_
> home.h
> t
> ml
>
> But I gues this is not enough since the examples do not show how to
> set up the standby module,
>
> Regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Edouard Zorrilla: "Re: ACE Sample Configs"
• Previous message: Felix Nkansah: "Re: ZBF same interface traffic ?"
• Maybe in reply to: Edouard Zorrilla: "ACE Sample Configs"
• Next in thread: Edouard Zorrilla: "Re: ACE Sample Configs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:30 ARST