promiscuous vip settings physical vs VE
![[Deleted User]](https://w2.vanillicon.com/v2/2bb29d357b97c8440eefe2439893b4f2.svg)
in System
Posted by jmaddox
What is the difference in setting promiscuous vip on a physical interface and a VE? are both required in the case that you have a VE? what are the ramifications of only setting it on VE? on physical and not VE?
What is the difference in setting promiscuous vip on a physical interface and a VE? are both required in the case that you have a VE? what are the ramifications of only setting it on VE? on physical and not VE?
0
Comments
On AX you can configure your IP@ on:
. "interface"
. "ve"
If you configure your IP@:
. Case1: on "interface"
Configure "ip allow-promiscuous-vip" on the "interface" to have the interface listening for wildcard VIP
. Case2: on "ve"
Configure "ip allow-promiscuous-vip" on the "ve" to have the interfaces in the "ve" listening for wildcard VIP
Note: You don't have to do "ip allow-promiscuous-vip" on the interfaces too. Now if you do it, that won't harm.
Important Side Note:
Before 2.6.1, it is STRONGLY recommended to configure AX data IP@ on "ve" if you have multiple interfaces connected to avoid loop.
Indeed before 2.6.1 all interfaces are part of the default VLAN 1. Even if you assign IP@ on the "interfaces" they are still part of VLAN 1 => layer2 packets such as spanning tree packets will be forwarded between AX "interfaces". Assigning "interfaces" in "ve" removes the interfaces from the default VLAN 1 => removes the forwarding between interfaces.
From 2.6.1, when you configure an IP@ on an "interface", that "interface" is removed from the default VLAN 1.