I have a Cisco ACE 20, and I´m trying to set up a serverfarm for my radius server to load balance ldap udp accounting packets. The ACE has an LDAP authentication probe but I see no native way of setting up an LDAP accounting probe, without resorting to probe scripting.
View 2 RepliesI've done a lot of ACE work over the years but this is the first time this has ever come up.
I have a request from an application group where I have 3 rserver in the server farm but they want all traffic to only go to the first server unless that server fails. If the first server fails, only then do they want traffic to go to the 2nd server instead and if that fails, then traffic goes to the 3rd.
I've read through the documentation but haven't figured out a way to do this. What to do this type of failover configuration?
We are using a sticky serverfarm with 2 real servers, one server was down for maintenance for an extended period of time. When it came inservice again it was not getting any connections. is it because all the connections had stuck to the other server ? we want sessions to be sticky but we also want to LB?I got it working by bouncing the server that had been online all the time. things started to LB then.BTW the ACE 4710 is running 4.2.1
View 1 Replies View RelatedEnabling IP Accounting or capture packets in Cisco ASA 5510 ( 8.2 ).
View 2 Replies View Relatedis command accounting for Radius supported on ACS 5.2 ? provided vendor's radius implementation supports this capability.
View 1 Replies View Relatedi changed from ACS 4 to ACS 5.2. Everything works fine but i have authentication failed in the Radius accouting reports every time when users connect through ASA or Juniper into our network. Juniper amd ASA only send accounting informations to ACS. The users are not configured on the ACS, authentication is done via external LDAP. So my question is why do o see authentication error on ACS because Juniper and ASA only send accounting packets ?
View 2 Replies View RelatedI have a WLAN configured with 802.1x PEAP pointing to an external RADIUS server. It works fine for the most part, but I'm having problem closing accounting sessions in RADIUS. I've found this is related to the client table in the WLC. The user session does not end in RADIUS unless the WLC officially removes the client from the db, which takes 5-6 minutes from what I can see (probably due to the default idle timeout of 300 seconds).
For example:
1. I connect my tablet to the test WLAN. It associates and authenticates successfully and the WLC sends the accounting info to my RADIUS server, opening up a user session. If I turn off the wifi in the tablet, the client entry stays in the WLC client table until it times out. The WLC removes my tablet from the client table after 5-6 minutes, and then the session closes in the accounting table. I can force the session to close much earlier by manually removing the client from the WLC.
2. Same as #1, but this time instead of turning of the wifi in the tablet, I choose to connect to a different WLAN in the WLC. The user session in the accounting DB never closes. If I reconnect back to the original test WLAN with 802.1x, it opens up yet another user session in RADIUS accounting. Now I have a "dead" user session in accounting that is going to be open forever unless I delete it from SQL.
Is this an issue with the end user client not sending the disassociation frame properly, or a config problem with the WLC? How can I make it so that every time a client drops from an AP or moves to a different WLAN, the WLC would immediately send accounting updates to my RADIUS server and close the user session properly?
I have an error when i try to generate radius accounting.
View 4 Replies View Relatedon the dashboard of the "Monitoring & Report Viewer" I see a lot of system alarms related to the database.The explanation of the alarm says to look at the Collector logs for the details.
View 3 Replies View RelatedI am using the CISCO SG300-28 with firmware version 1.0.0.27. I enabled RADIUS authentication and accounting. Authentication is working but there are no accounting requests/replys (Accounting on, accounting off, accoun ting start, accounting stop) when running RADIUS in debug mode. I also did a packetcapture and there are no accounting packets.
So i updated the firmware image up to version 1.1.2.0. When I now want to configure accounting in RADIUS settings then there isn't any option to set an accounting port.
Ich checked the data sheet of the switch and it says that accounting is supported:
===============================================
802.1X: RADIUS authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions [URL]
===============================================
I did a second packet capture with the new firmware image and there are still no accounting packets.
The RADIUS server is configured correct for accounting because when using another NAS like a WLAN-AP with DD-WRT accounting is workings. It is working with pfsense Captive Portal (an open source firewall and routing solution with a hotspot portal).
Need deployed accounting method to log Anyconnect session details ? Do you do it via a radius server or via logging messages to a syslog server ?
Any appropriate configuration ? I am looking to log successful and unsuccessful authentications as well as session length, log on and log off times.
I've been playing around with Anyconnect authenticating to AD via ACS 5.1 but can't seem to get the accounting details I require. Similarly I have tried to catch appropriate syslog messages but again without much success.
I do not see any start records in Radius Accounting reports but do see only Stop records ?
btw I am running ACS 5.2
What is the best way to load balance traffic between an FWSM and ASA 5520? Both are attached to a 6509-E (in seperate VLANs). The problem is the FWSM doesn't support any dynamic routing protocols (in multi context mode). So with my limited knowledge I don't see a way to do this.
View 8 Replies View RelatedIs it possible configuring load balance with three intefaces, in my router with the following features?I have three ISP, and would like balance the traffic ... Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1) Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FTX1613AH8D
3 Gigabit Ethernet interfaces
1 terminal line
2 Channelized (E1 or T1)/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
[code]....
I am using 192.168.1.1 as database server in head office. my branch user are more than 500. all user hit at 192.168.1.1 for database. Now i want to NAT with application server 192.168.1.50 and 192.168.1.51 with load balance As some user hit 192.168.1.1 form branch but traffic go to 192.168.1.50 and some users traffic go to 192.168.1.51.
I want to do it in My core router (Cisco 3845) in Head office. How i do these two things ?
So I can fail over my NAT and IPSEC VPN (DPD). I am curious can I load balance my WAN links too?
I have a route map that is used for fail over, I just can't quite think how I would load balance the links
ip nat inside source route-map 10mb interface GigabitEthernet0/1 overload
ip nat inside source route-map efm interface Vlan3 overload
ip route 0.0.0.0 0.0.0.0 213.38.xx.xx
ip route 0.0.0.0 0.0.0.0 46.226.xx.xx 10
access-list 175 deny ip 172.16.20.0 0.0.0.255 172.31.114.0 0.0.0.255
[code]....
i am using two internet connection if one fails the other want to connect automatically is there any hardware.
View 2 Replies View RelatedWe configured sa520 load balance with 2 isp 2mb+2mb how to check the status of the load balance on sa 520 .
View 1 Replies View RelatedI have problem with VPN and Load Balance at the same time.VPN (Gateway to Gateway) between two RV042 routers is working fine with only one WAN or two WAN's with Smart Link Backup. If i switch to Load Balance communication through VPN is almost impossible.
I have postgres server (port 5432) in first location and clients in another. Clients cannot connect to server or lose connection after while. This is example, but every communicaton except ICMP over VPN with Load Balance enabled is faulty (file sharing, RDP...). Everything works fine using public IP and port forwarding or VPN with only one WAN.
If i understand it correctly Protocol Binding should affect only "normal" communication (outside of VPN), but it looks like VPN communication is also divided between WAN1 and WAN2. Of course this cannot work this way because VPN works only with one WAN.
Another question - is it possible to bind communication TO selected target port with RV042 Load Balancing to selected WAN?
I would like know, what license is necessary to employ a load-balance in a 2911 router. I have these licenses bellow, can i configure an load balance?In this cenario we have two links with an ISP.
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)
Cisco CISCO2911/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FTX1613AH8D
1 FastEthernet interface
3 Gigabit Ethernet interfaces
1 terminal line
2 Channelized (E1 or T1)/PRI ports(code)
We have a Dlink Lb 604 router. We have two wan connections. Connection 1 has a speed up to 8 Mbps.Connection 2 has a speed of 1Mbps.We set the load balance to 50-50. When we tested the speed with two lines it is showing 1 Mbps only.When working with connection 1 we are getting speed upto 6 Mbps.
View 1 Replies View RelatedI have a D-Link DSL 2640B on the way which I plan on using to replace my 2Wire modem. The 2640B is a combination of a modem/wireless device. Does it dynamically load balances the internet connection? Sometimes while I'm playing online games on my PC and a few others are using the internet for browsing or Youtube, I lag A LOT. Latency shoots up from 10 to 200. QoS goes to ****. And I only need 0.50-1Mbps to keep a steady online play. This was the problem with my 2Wire. So does the 2640B load balance the bandwidth?our max speed is 3.5Mbps according to the ATT Rep.
View 10 Replies View Relatedi need to know how many links i can using with load-balance on the same router ? i have router cisco 2901 , 3 providers , every provider having 4 links can i load balance between 12 links ? i am using static route
View 11 Replies View RelatedWhat is the load balance method of 3750 port channel ( by source ip , or by source mac ) to diver traffic to paths? I have tried to use 10.242.104.101 and 10.242.104.102 as source ip, it will travel to the same link (G0/1) within one port channel (G0/1+G0/2). Howerver, if I later use 10.242.104.109, then this time it will traffic to G0/2 link. What's the concept behind.
View 1 Replies View RelatedI want to split my traffic between two ISP's. I want all traffic to pass over one connection EXCEPT my VPN tunnels, which I want to use the second ISP. How should I set up (protocol binding?) to accomplish this? (I have run into various problems trying to load balance all traffic. So I am trying to "partition" traffic.)
View 1 Replies View RelatedI have set up an RV042 v1 and v3 both in Load Balancing mode. Set in Router mode.I want one of the WAN ports to be preferred so I added a static route to 0.0.0.0 metric 5 to that WAN.Sometimes the route shows in the routing table and sometimes it goes away!!
View 2 Replies View RelatedI have two ISP circuits and the following devices in hand:
1. Cisco ASA 5510
2. Cisco 2800 router
3. Cisco 3750 switch
I've finished a part of the configs on above equipments, please refer to the attached diagram.And I'm making a test in order to achieve the below features:
1. By default, packets from PC1 go out through ISP 1. Packets from PC2 go out through ISP 2
2. When ISP 1 is down, packets from PC1 changed its way to ISP 2 through the 2800 router. And when ISP 2 is down, Packets from PC2 changed its way to ISP 1 through ASA 5510.
I have several RV16 with two internet connections each one, but different speed each wan connection, it takes the slowest wan connection allways, I use the round robin option, any clue in configuring?
View 1 Replies View Related--- I have 2 WLC's 5500 that I have to set up on my network with the same configuration except I am not sure that they can be load balanced.
-- My only thought is to take a full class C and on each WLC set up a /25, thus each device can provision 120 IP's
--- This seems a bit archaeic, but is there anything else smarter to do? Can they be load balanced?
We want to us an ISA570 and load balance between two isp connections, two of our switches will be standalones and not connected to one another. One switch will be for data and another VOIP/Data. The ISA will also do NAT and we need to make sure that the VOIP network can get out to the first isp. I assume we will need a static route for that to make sure it goes out the right isp. I just don't know if routing mode needs to be enabled in order to specify a static route, because I heard you can't have NAT and do routing mode at the same time.
View 2 Replies View RelatedHow to load balance two/three ISPs using ACE.
What might be the default gateway?Can i create a serverfarm with two rserver with different subnets?
I configured a RV042 to load balance 2 WANs. It appears to working well but I would like a 2nd opinion as to whether or not I chose the proper settings to accomplish the task.
1. WAN1(ISP1) is the existing internet connection(1.5mb T1). I have a block of static IPs with ISP1.
2. I added ISP2 to the RV042's WAN2 connection to increase bandwith (10mb). I only have one static IP on ISP2.
3. I want everyone on this router to use WAN2... well... almost everyone... for the most part.
4. I want to keep WAN1 active on this router because there will be periodic inbound connections using static IPs (from ISP1) that are setup with one-to-one NAT. I also have a voicemail system that needs to continue to use ISP1's email relay (SMTP,25).
Anyway, I was able get the outgoing traffic that had to remain on WAN1 working with protocol binding. In order to get the router to use WAN2 for pretty much everything else, I set it for load balancing and set "Max. Bandwidth provided by ISP" for WAN1 up & down kbits/sec both to 32 (very low). I left the WAN2 up & down settings to the actual speed of WAN2.
The result is very low traffic on WAN1 and lots of traffic on WAN2 which is what I wanted. Did I do this right? Is there another preferred method to accomplish this.
I have 3 877 ADSL routers for internet connectivity. I recently installed a FW behind them and would like to use the Ciscos as load balance in order to get better utilization from my 3 internet links.
1) the 3 routers are on DHCP from the ISP on the WAN side.
2) the 3 ciscos are on the same class C subnet on the LAN side: 10.201.1.252, 10.201.1.253 and 10.201.1.254