I guess no one can answer this?
On Fri, Aug 10, 2012 at 11:41 AM, Sirhan Khan <khan.sirhan_at_gmail.com> wrote:
> Guys
>
> I would like to accomplish the following packet flow, [ 6509 >FWSM > Cisce
> ACE Module > Server ]. What should my configuration be in order to have
> VLAN 410 shared between module 4 (ACE LB) and module 1 (FWSM)? This is a
> live environment and I have never done a configuration of this sort with
> this many vlans. I am concerned on the impact to other clients (vlans) on
> this 6509.
> *
> I require Vlan 410 to reside on both the FWSM and CISCO ACE LB, my current
> configuration is as follows: *
>
> ndcbbnpendc0101#show run | i svc
>
> svclc multiple-vlan-interfaces
>
> svclc module 4 vlan-group 110
>
> svclc vlan-group 110
> 9,14,72,110,115,185,189,210,211,221,223-225,281,305,356
>
> svclc vlan-group 110 385,387
>
> ndcbbnpendc0101#show run | i firewall
>
> firewall multiple-vlan-interfaces
>
> firewall module 1 vlan-group 1
>
> firewall vlan-group 1
> 3,10-13,15,17,20-22,30,34,79-81,84,90-94,98-103,105-108
>
> firewall vlan-group 1
> 122,123,150,186-188,192,200-203,205,207,209,226,229,238
>
> firewall vlan-group 1
> 239,250-256,282-288,298-304,306-312,314,316-321,323,328
>
> firewall vlan-group 1
> 330,331,350,400,401,408,410,415,417-421,423-426,428-435
>
> firewall vlan-group 1
> 441,450-452,499-502,505,506,510-517,519,523,524,532,537
>
> firewall vlan-group 1 540,599-620,631,633,725,909,1192,1209,2077,2079
>
> firewall vlan-group 1 2100-2102
>
>
>
> *Cisco documentation states the following:*
>
> *Figure 5.* VLANs Shared Between Cisco Catalyst 6500 Series MSFC, Cisco
> Firewall Services Module, and Cisco ACE Module
>
> [image:
> http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/images/White_Paper_Cisco_Application_Control_Engine_A_Technical_Overview_of_Virtual_Partitioning-05.jpg]
>
> *VLAN Names*
>
> *Common names for Data Center VLANs*
>
> *VLAN ID*
>
> Internet Facing VLAN
>
> FWSM outside
>
> VLAN 10
>
> DMZ VLAN
>
> FWSM inside
>
> VLAN 20
>
> DMZ VLAN
>
> Cisco ACE client VLAN
>
> VLAN 20
>
> Private VLAN
>
> Cisco ACE server VLAN
>
> VLAN 30
>
> In this example intuitively VLANs 10 and 20 need to be allocated to the
> FSWM and VLANs 20 and 30 allocated to the Cisco ACE module. Due to the VLAN
> group constraint, an additional VLAN group must be allocated for the shared
> VLAN between the FWSM and Cisco ACE modules.
>
> svclc multiple-vlan-interfaces
>
> firewall module 1 vlan-group 3
>
> firewall module 1 vlan-group 5
>
> svclc module 2 vlan-group 5
>
> svclc module 2 vlan-group 7
>
> firewall vlan-group 3 10
>
> firewall vlan-group 5 20
>
> svclc vlan-group 7 30
>
> Notice either firewall or svclc commands can be used to define a VLAN
> group. However, the firewall command must be used to allocate VLAN groups
> to a FWSM, and the svclc command must be used to allocate VLAN groups to a
> Cisco ACE module. Once VLANs have been allocated to the module, the process
> of virtualization and resource allocation can begin.
>
> Each Cisco ACE module has a single virtual partition, created by default,
> which is known as the Admin virtual partition. This partition is a member
> of the default resource class. The default resource class has no defined
> minimal resources, and is permitted to use any available resources. All
> VLANs allocated to the module are accessible in the Admin virtual
> partition. These default settings allow the Admin virtual partition to be
> used when operating the Cisco ACE module in a traditional single-use and
> single-purpose design.
>
> In a virtualized configuration the Admin virtual partition is used to
> create new virtual partitions and dedicate client and server VLAN traffic
> to the appropriate virtual partitions (Figure 6). This way you can deploy
> the Cisco ACE module in a single-use design and then add new virtual
> partitions as needed.
Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 12 2012 - 17:08:13 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART
