Q: Why clients are unable to access controller CLI or Webui using vrrp IP address?
A: Clients are able to access controller Webui and CLI using controller physical address but not using vrrp ip address.
We identified that controller uplink acl is been configured to block the controller access using vrrp ip address due to which clients are unable to access the controller.
show netdestination controller vrrp_ip
Name: vrrp_ip
Position Type IP addr Mask-Len/Range
-------- ---- ------- --------------
1 host 10.61.47.204 32
ip access-list session Management_Access_Policy
any alias controller vrrp_ip svc-ssh deny
any alias controller vrrp_ip tcp 4343 deny
any any any permit
interface gigabitethernet 2/10
description "controller uplink"
trusted
trusted vlan 1-4094
ip access-group " Management_Access_Policy " session
switchport mode trunk
switchport trunk native vlan 3
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags --------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- ---------------
172.16.0.248 10.61.47.204 1 60 2048 0/0 0 0 0 0/0/2 2 0 0 FDYC
172.16.0.248 10.61.47.204 1 59 2048 0/0 0 0 0 0/0/2 7 0 0 FDYC
By modifying the controller uplink acls, clients could access the controller using vrrp ip address.
ip access-list session Management_Access_Policy
any alias controller vrrp_ip svc-ssh permit
any alias controller vrrp_ip tcp 4343 permit
any any any permit