Solved

URGENT config issue on Cisco CSS

Posted on 2008-09-29
1
1,401 Views
Last Modified: 2012-05-05
Anyone see an issue with this config?

!Active version: sg0740103

configure


!*************************** GLOBAL ***************************
  bridge spanning-tree disabled
  idle timeout 15
  restrict ftp
  no restrict web-mgmt
  flow permanent port1 3389
  persistence reset remap
  ip redundancy

  snmp trap-type enterprise

  app
  app session 192.168.0.1

  logging host 167.210.245.188 facility 0
  logging subsystem syssoft level info-6
  logging subsystem buffer level info-6
  logging subsystem flowmgr level info-6
  logging subsystem wcc level info-6
  logging subsystem ipv4 level info-6
  logging subsystem radius level info-6
  logging subsystem chassis level info-6
  logging subsystem vlanmgr level info-6
  logging subsystem netman level info-6
  logging subsystem app level info-6
  logging subsystem rip level info-6
  logging subsystem ospf level info-6
  logging subsystem sntp level info-6
  logging subsystem dhcp level info-6
  logging subsystem vrrp level info-6
  logging subsystem redundancy level info-6
  logging subsystem csdpeer level info-6
  logging subsystem portmapper level info-6
  logging subsystem circuit level info-6
  logging subsystem security level info-6
  logging subsystem fac level info-6
  logging subsystem vpm level info-6
  logging subsystem publish level info-6
  logging subsystem acl level info-6
  logging subsystem keepalive level info-6
  logging subsystem urql level info-6
  logging subsystem nql level info-6
  logging subsystem dql level info-6
  logging subsystem pcm level info-6
  logging subsystem proximity level info-6
  logging subsystem hfg level info-6
  logging subsystem replicate level info-6
  logging subsystem boomerang level info-6
  logging subsystem fp-driver level info-6
  logging subsystem flowagent level info-6
  logging subsystem cdp level info-6
  logging subsystem asr level info-6
  logging subsystem natmgr level info-6
  logging subsystem ssl-accel level info-6
  logging subsystem perform level info-6
  logging subsystem sshd level info-6
  logging subsystem reporter level info-6

!************************* INTERFACE *************************
interface e1
  phy 100Mbits-FD
  description "KTCPXMB1 & MB2 (167.210.154.106 & 167.210.154.107)"
  bridge vlan 2

interface e2
  description "KTCPXDS1 & DS2 (167.210.154.116 & 167.210.154.117)"
  phy 100Mbits-FD
  bridge vlan 2

interface e3
  description "KTCPXINTWEB1 & WEB2 (167.210.154.120 & 167.210.154.121)"

interface e4
  description "LDAP Resides on KTCPXDB1 & DB2 (167.210.154.103 & 167.210.154.105
)"

interface e5
  description "KTCSXMB1 & MB2 (167.210.154.34 & 167.210.154.35)"

interface e6
  description "KTCSXDS1 & DS2 (167.210.154.145 & 167.210.154.146)"

interface e7
  description "KTCSXINTWEB1 & WEB2 (167.210.154.139 & 167.210.154.40)"

interface e8
  description "LDAP Resides on KTCSXDB1 & DB2 (167.210.154.36 & 167.210.154.37)"


!************************** CIRCUIT **************************
circuit VLAN1

  ip address 167.210.154.124 255.255.255.192

circuit VLAN2

  ip address 167.210.154.170 255.255.255.252
    redundancy-protocol

!************************** SERVICE **************************
service KTCPXDS1_80
  ip address 167.210.154.116
  protocol tcp
  port 80
  keepalive type tcp
  active

service KTCPXDS2_80
  ip address 167.210.154.117
  protocol tcp
  port 80
  keepalive type tcp
  active

service KTCPXINTWEB1_80
  ip address 167.210.154.120
  protocol tcp
  port 80
  keepalive type tcp
  active

service KTCPXINTWEB2_80
  ip address 167.210.154.121
  protocol tcp
  port 80
  keepalive type tcp
  active

service KTCPXMB1_7080
  protocol tcp
  port 7080
  ip address 167.210.154.106
  keepalive type tcp
  active

service KTCPXMB2_7080
  protocol tcp
  port 7080
  ip address 167.210.154.107
  keepalive type tcp
  active

service KTCSXDS1_80
  protocol tcp
  port 80
  ip address 167.210.154.145
  keepalive type tcp
  active

service KTCSXDS2_80
  protocol tcp
  port 80
  ip address 167.210.154.146
  keepalive type tcp
  active

service KTCSXINTWEB1_80
  protocol tcp
  port 80
  ip address 167.210.154.139
  keepalive type tcp
  active

service KTCSXINTWEB2_80
  protocol tcp
  port 80
  ip address 167.210.154.140
  keepalive type tcp
  active

service KTCSXMB1_7080
  protocol tcp
  port 7080
  ip address 167.210.154.34
  keepalive port 7080
  keepalive type tcp
  active

service KTCSXMB2_7080
  protocol tcp
  port 7080
  ip address 167.210.154.35
  keepalive type tcp
  active

service LDAP_Resides_on_KTCPXDB1_391
  protocol tcp
  port 391
  ip address 167.210.154.103
  keepalive type tcp
  active

service LDAP_Resides_on_KTCPXDB2_391
  protocol tcp
  port 391
  ip address 167.210.154.105
  keepalive type tcp
  active

service LDAP_Resides_on_KTCSXDB1_391
  protocol tcp
  port 391
  ip address 167.210.154.36
  keepalive type tcp
  active

service LDAP_Resides_on_KTCSXDB2_391
  protocol tcp
  port 391
  ip address 167.210.154.37
  keepalive type tcp
  active

service physical
  ip address 3.3.3.1
  keepalive frequency 2
  keepalive type script ap-kal-phy-check "e1 e2 e3 e4" use-output
  active

service uplink
  type redundancy-up
  ip address 10.15.102.17
  keepalive frequency 2
  active

!*************************** OWNER ***************************
owner Kubota

  content KTCPXDSVIP
    vip address 167.210.154.152
    add service KTCPXDS1_80
    add service KTCPXDS2_80
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 80
    active

  content KTCPXINTWEBVIP
    vip address 167.210.154.153
    add service KTCPXINTWEB1_80
    add service KTCPXINTWEB2_80
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 80
    active

  content KTCPXLDAPVIP
    vip address 167.210.154.154
    add service LDAP_Resides_on_KTCPXDB1_391
    add service LDAP_Resides_on_KTCPXDB2_391
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 391
    active

  content KTCPXMBVIP
    vip address 167.210.154.151
    add service KTCPXMB1_7080
    add service KTCPXMB2_7080
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 7080
    active

  content KTCSXDSVIP
    vip address 167.210.154.156
    add service KTCSXDS1_80
    add service KTCSXDS2_80
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 80
    active

  content KTCSXINTWEBVIP
    add service KTCSXINTWEB1_80
    add service KTCSXINTWEB2_80
    vip address 167.210.154.157
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 80
    active

  content KTCSXLDAPVIP
    add service LDAP_Resides_on_KTCSXDB1_391
    vip address 167.210.154.158
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 391
    add service LDAP_Resides_on_KTCSXDB2_391
    active

  content KTCSXMBVIP
    vip address 167.210.154.155
    add service KTCSXMB1_7080
    add service KTCSXMB2_7080
    balance leastconn
    advanced-balance sticky-srcip
    protocol tcp
    port 80
    active

!*************************** GROUP ***************************
group DB2_and_TDS_(LDAP)
  add destination service LDAP_Resides_on_KTCPXDB1_391
  add destination service LDAP_Resides_on_KTCPXDB2_391
  add destination service LDAP_Resides_on_KTCSXDB1_391
  add destination service LDAP_Resides_on_KTCSXDB2_391
  vip address 167.210.154.151

group Domino
  add destination service KTCPXDS1_80
  add destination service KTCPXDS2_80
  add destination service KTCSXDS1_80
  add destination service KTCSXDS2_80
  vip address 167.210.154.152

group Message_Broker
  add destination service KTCPXMB1_7080
  add destination service KTCPXMB2_7080
  add destination service KTCSXMB1_7080
  add destination service KTCSXMB2_7080
  vip address 167.210.154.151

group Web_HTTP
  add destination service KTCPXINTWEB1_80
  add destination service KTCPXINTWEB2_80
  add destination service KTCSXINTWEB1_80
  add destination service KTCSXINTWEB2_80
  vip address 167.210.154.153

I am unable to ping the VIPs.
0
Comment
Question by:csierra
1 Comment
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22603830

The VIPs reside in a different network than the circuit for vlan 1, are you routing the other IP blocks that you use for the VIPs to the CSS?

167.210.154.124/26 valid IPs are 64-127 (127 is the broadcast)

harbor235 ;}
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
In this tutorial viewers will learn how to embed custom externally-hosted Google Fonts using the Google Font API in CSS Go to the Google Fonts website at google.com/fonts: Browse or search based on font properties or name to find a suitable font for…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now