一个ACE的配置案例

网络拓扑如下：

用户两台服务器S1、S2作负载均衡，对外提供服务的地址是192.168.10.200

-------------------------------------------------------------------------------

ACE1：

-------------------------------------------------------------------------------

1、管理流量配置

class-map type management match-any MGMT_CLASS

  description remote-access-traffic-match

  2 match protocol telnet any

  3 match protocol ssh any

  4 match protocol icmp any

  5 match protocol snmp any

  6 match protocol http any

  7 match protocol https any

  8 match protocol xml-https any

policy-map type management first-match MGMT_POLICY

  class MGMT_CLASS

    permit

interface vlan 9

  description Client_Vlan

  ip address 192.168.9.11 255.255.255.0

  service-policy input MGMT_POLICY

  no shutdown

interface vlan 10

  description Server_Vlan

  ip address 192.168.10.11 255.255.255.0

  service-policy input MGMT_POLICY

  no shutdown

interface gigabitEthernet 1/1

  speed 1000M

  duplex FULL

  switchport access vlan 9

  no shutdown

interface gigabitEthernet 1/3

  speed 1000M

  duplex FULL

  switchport access vlan 10

  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.9.254

2、负载均衡配置

access-list PERMIT_ALL line 10 extended permit ip any any 

access-list PERMIT_ALL line 11 extended permit icmp any any

access-list PERMIT_ALL line 12 extended permit tcp any any 

probe icmp ICMP_PROBE

  interval 5

  passdetect interval 2

  passdetect count 1

probe http HTTP_PROBE

  interval 5

  passdetect interval 2

  passdetect count 1

  expect status 200 200

rserver host SVR1

  ip address 192.168.10.1

  inservice

rserver host SVR2

  ip address 192.168.10.2

  inservice

serverfarm host SVRFARM

  probe ICMP_PROBE

  rserver SVR1

    inservice

  rserver SVR2

    inservice

class-map match-all CLIENT_VIP

  2 match virtual-address 192.168.9.200 any

policy-map type loadbalance first-match LB_POLICY

  class class-default

    serverfarm SVRFARM

policy-map multi-match CLIENT_VIP

  class CLIENT_VIP

    loadbalance vip inservice

    loadbalance policy LB_POLICY

    loadbalance vip icmp-reply

interface vlan 9

  access-group input PERMIT_ALL

  service-policy input CLIENT_VIP

interface vlan 10

  access-group input PERMIT_ALL

3、HA配置

interface gigabitEthernet 1/2

  speed 1000M

  duplex FULL

  ft-port vlan 99

  no shutdown

interface vlan 9

  peer ip address 192.168.9.12 255.255.255.0

  alias 192.168.9.10 255.255.255.0

interface vlan 10

  peer ip address 192.168.10.12 255.255.255.0

  alias 192.168.10.10 255.255.255.0

ft interface vlan 99

  ip address 192.168.99.1 255.255.255.0

  peer ip address 192.168.99.2 255.255.255.0

ft peer 1

  ft-interface vlan 99

  heartbeat interval 300

  heartbeat count 10

ft group 1

  peer 1

  priority 110

  peer priority 105

  no preempt

  associate-context Admin

  inservice

-------------------------------------------------------------------------------

ACE2：

-------------------------------------------------------------------------------

在ACE2上只需将HA配好，其它的配置会从ACE1上同步过来。

1、HA配置

interface gigabitEthernet 1/2

  speed 1000M

  duplex FULL

  ft-port vlan 99

  no shutdown

interface vlan 9

  peer ip address 192.168.9.11 255.255.255.0

  alias 192.168.9.10 255.255.255.0

  no shutdown

interface vlan 10

  peer ip address 192.168.10.11 255.255.255.0

  alias 192.168.10.10 255.255.255.0

  no shutdown

ft interface vlan 99

  ip address 192.168.99.2 255.255.255.0

  peer ip address 192.168.99.1 255.255.255.0

  no shutdown

ft peer 1

  ft-interface vlan 99

  heartbeat interval 300

  heartbeat count 10

ft group 1

  peer 1

  priority 105

  peer priority 110

  no preempt

  associate-context Admin

  inservice

-------------------------------------------------------------------------------

TroubleShooting：

-------------------------------------------------------------------------------

show conn

show ft group status