ACE 4710 software A3(2.7) [code] Why is the fail-on-all option missing from the serverfarm that is of type redirect? This option is something that I would actually need in a certain situation.
View 1 RepliesIs there a way to rename a server farm, health probe, real server or virtual service without having to completely rebuild it? I'm running 3.0(A3).
View 2 Replies View RelatedI have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
I want to configure my ACE so that if a probe fails, it fails over to the backup rserver, BUT it won't failback to the primary rserver until manual intervention is complete. The problem is we don't want an rserver to fail and failover to secondary, then failback to primary, repeat... (flip-flopping). I want to be able to have time to get on the server and find out what may have caused the probes to fail before it fails back.
View 4 Replies View RelatedI have a requirement to select a farm based on source IP address. I tried creating a match all class-map that matches on the virtual-address and source address but I get this message.LB01/Admin(config-cmap)# match source-address x.x.x.75 255.255.255.255 Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type To me this is the only place where it makes sense to set the source match criteria.
View 2 Replies View RelatedI am getting sync fail on device manger A3(2.2) to ACE 4710 appliance when I am changing certificate in one of proxy service.
View 1 Replies View RelatedI put multiple rservers in multiple server farms?
So for example rserver1 and rserver2 are put in serverfarm production1 and are in use with particular sticky and load balancing settings.
Can I then create serverfarm test_production and put both rserver1 and rserver2 in it? Then play around with the sticky and load balancing settings as a test without affecting the production serverfarm.
If we use an ACE4710 to load balance two real servers, obviously it will use health checks to determine if a server is down.When it detects a server is down, it will not send it any more traffic.But can we also have it take any other action? For example maybe email an admin, or send an SNMP trap? Or better yet, can we use a custom TCL script to do other things, like launch some custom activities?
View 2 Replies View RelatedI have a Cisco ACE 4710 A5(1.2). Scenario: Inbound call from PSTN to SIP Phone. Call comes into the VIP and then load balances to sip server, the server then routes the call out via WAN to the SIP phone as below:
PSTN SIP Providor >(router)> ACE4710 > sip_server(s) > ACE4710 > (router) >SIP Phone
Note: Router is Cisco 3925 with "ip nat service sip udp port 5060" and Port 5060 mapped to the VIP of the ACE.If I put the sip server directly behind the router it works fine. From behind the ACE:
If I turn on sip inspect on the VIP the call setup (INVITE) and termination (BYE) work fine but the audio loops on the PSTN side from the mic to the speaker.If I turn OFF sip inspect then the audio is fine and mapped correctly but the call terminaton (SIP BYE) hits the VIP from the PSTN but never reaches the sip server.For ease and dianostics, I have turned off all sip servers except one meaning the load-balancer has only one server to choose from.SIP Call_id sticky is setup and seems to work, though irrelevent with one server only on test.How do I get the ACE to accept 'server initiated traffic' with sip inspect so it knows about the pending BYE when it comes back from the IP phone via the VIP?Config below, image attached. Bridged mode (also get the same result in routed mode)
access-list everyone line 8 extended permit ip any anyaccess-list everyone line 16 extended permit icmp any any
probe sip udp 1 description SIP Health Monitor interval 30 expect status 200 200
rserver host server1 description Production SIP Server ip address 10.44.56.172 conn-limit max 980 min 980 probe 1 inservice
serverfarm host sip failaction purge probe 1 rserver server1 inservice
[code].....
configure Cisco Ace 4710 ?Note :- Just a testing face I need to access my one server(192.168.1.11 : 80) through VIP :- 10.13.77.10 , I have only one Cisco Router 2800 and One L2 Cisco Switch 2960 and Cisco Ace 4710 . So I already configured 2 Different VLANS in Switch (Vlan 10 & Vlan 100) and by router I given the ip address of that Vlans with Inter Routing Vlan. My Connectivity is like this :-- Router Ethernet 0/0 --- 10.13.77.1/24 with vlan 10) & Router Ethernet 0/1 ---- 192.168.1.1/24 with vlan 100 ) connected with switch after that I configured ACE LB and connect the ACE interface with switch Like that ---- Connect to ACE Interface 2/3 vlan10 with switch vlan10(Ethernet port 2-12) and Connect to ACE Interface 3/3 vlan100 with switch vlan100(Ethernet port 13-24) .Testing to access server from Switch Vlan10 to Vlan 100 where my server is there.
Configuration :---
ACE> client side Vlan10 (10.13.77.4/24) , VIP :- 10.13.77.10, SM-- 255.255.255.255
ACE> server side Vlan100 (192.168.1.5/24), Web server -- 192.168.1.11 with 80 port
ACE> Managment Vlan 1000 (172.16.6.5/24) ,
ip route 0.0.0.0 0.0.0.0 10.13.77.1
I already Configured in Routed mode but From Vlan10 ip subnet example like 10.13.77.12(Client or User PC) tried to access server 192.168.1.11 with VIP http://10.13.77.10 but not responding , if i access server with real IP then accessible (why boz there is inter vlan routing)?
Access Server through VIP (ACE 4710) but very slow
Accessing the server very slow.., check my real configuration... this configuration is for application server and after this i have to configure more serverfarm for different server like webmail etc. in this ACE 4710. I have only one ACE 4710 .
ACE Version A4(2.0) = is there supports Probe with this version? without probe server will work but very slow.
VIP :-- 172.16.15.8
LB/Admin# sh run
Generating configuration....
[Code].....
We have two Cisco ACE 4710 and we want to install both of the devices in HA with load balancing mode.While i have done HA mode configuration between ACE 4710.But unable to configure load balancing configuration between them.i want to tell you connectivity between server,client & loadbalancer.Our Web servers are connected to VLAN 152 on the L3 (3750) switch.Which are alreday working in redundancy between other L3.And ACE 4710 it is also connected to vlan 150 which are connected to same L3 (3750) switches and users are also connected to vlan 6 on the same L3 itself.
View 2 Replies View RelatedHad setup my ACE ,to send traps to SNMP server .but dont see any logs on the SNMP server from ACE.
SNMP configuration on ACE
logging enable
logging buffered 6
logging host 10.12.40.12 udp/514
[code].....
I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?
View 5 Replies View RelatedWe are using a sticky serverfarm with 2 real servers, one server was down for maintenance for an extended period of time. When it came inservice again it was not getting any connections. is it because all the connections had stuck to the other server ? we want sessions to be sticky but we also want to LB?I got it working by bouncing the server that had been online all the time. things started to LB then.BTW the ACE 4710 is running 4.2.1
View 1 Replies View RelatedI ma having issues trying to import a .PEM file into an ACE 4710. The original file was a PCKS12 file that was converted to a set of .PEM files as I have no access to any server to do a file transfer. This has worked in the past. the error I get is "Error: File not of recognized types - PEM, DER or PKCS12, import failed". I am not sure what is exactly failing. The cert was converted to a .PEM and the ACE imported that fine.
View 4 Replies View Related My customer has SSL certificate already installed on microsoft exchnage 2010 servers and now wanted to import that certificate to cisco ACE4710.
How to trace the exact procedure to import the SSL Cert to ACE from microsoft exchange server and how about the KEY, from where I should get the KEY to cross verify for SSL Cert?
my ACE 4710-K9
I cannot reach a web page when accessing my VIP on ACE, here is i paste my configuration
VIP at 10.49.30.223
RS1 at 10.49.30.221
RS2 at 10.49.30.221
[Code].....
Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru to backend web servers. This all works fine.
My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should a web server crash or become unavailable I need to redirect that backend connection to another web server.
Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point have all the connections forwarded to 2nd server.Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
I cannot add any new service (http or ftp) to the server. Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?
I've done a lot of ACE work over the years but this is the first time this has ever come up.
I have a request from an application group where I have 3 rserver in the server farm but they want all traffic to only go to the first server unless that server fails. If the first server fails, only then do they want traffic to go to the 2nd server instead and if that fails, then traffic goes to the 3rd.
I've read through the documentation but haven't figured out a way to do this. What to do this type of failover configuration?
I´m Trying to synchronize the clock with NTP server external, these ntp server only support NTP version 3.Can I change the NTP version in the ACE4710 Appliance to support the ntp server external?If is possible, How I can change it ?
This is the version:
Cisco Application Control Software (ACSW)
TAC support: [URL]
Copyright (c) 1985-2011 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
[code]....
I want to use one arm infrastructure of ACE4710. But I remember it was problem for back end server can not get logging for which client/ip address access the web server.
View 3 Replies View RelatedI am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario: We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up. However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
Action 1 - Customers access [URL] is redirected to "Server_A" only
Action 2 - Customers access [URL] is redirected to "Server_B" only
Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
The Standard Class Maps and Policy would be something like:
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
serverfarm SF_WEBSITE
Where I thought I would need something like:
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2
[code]...
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.
I have faced a problem with configuring Cisco 3750G series switches as Sever farm switches with redudance.
servers have 2NIC (1GBps) and both are bridged for redundant connections.In both switches all ports get green coluor except one port on Secondary SW. I saw some Spanning tree block port status on that switch.when i type Show cdp neghbor command on switch i can see other switch through a server connected port. Also Spannig tree root bridge election is occured through that port . Simply i need to configure both switches to pass traffic through there uplinks them selves.. but it seems like Secondry switch pass its traffic through primary switch ( i think according to STP ) usinginterconnection of bridge port of a server. [code]
I recently came home from work to find the safety switch on our house had activated causing half of our house to be without power...including our modem. It wiped all my settings...no big deal...I've entered them all back in again. But now I am no longer able to establish a connection to my laptops... The Wireless WPS light will not come back on the router no matter how many times I turn it off/on or reset it... When I go into the page to establish properties etc for the modem...the WLAN option doesn't even appear anymore. but they were at a complete loss also as to why the option wasn't there..
View 1 Replies View RelatedA couple hours ago, I set up a temporary AdHoc to share or "tether" the internet connection from a laptop (which got its internet from a router), to my iPod Touch. It worked fine and everything, in fact I was pleasantly surprised by the speed of it. Since it was a temporary AdHoc, I disconnected, and the network was deleted as expected. After a while I wanted to do it again, but when I tried to make the AdHoc, the option to "Share Internet Connection" has disappeared. I'm really puzzled as it worked just a while back, and now even the option is gone. Did some research on it and found out that it's some weird bug that had never been addressed. It had to do with the LAN and Wireless network adapters apparently and one of them had to have the ICS option checked and the other one didn't (something like that). Here are the screenshots of those settings on both my network adapters. Both adapters are enabled, except the LAN isn't "connected" since my primary way of getting internet is through a router connected to another computer.
View 2 Replies View RelatedRecently I bought RV220W router and found out that PPPoE connection option or profile do no have service name field at all. Unfortunately, my ISP requires this to be able to connect. I had done some research before buying this router by going through online device manager demos on cisco website. RV220's interface is not available, but RV215 is and I checked out some of the common features between both routers. Surprisingly RV215's PPPoE connection settings has service name option.
I suppose, unless there is new firmware update (my current router is already running the latest available firmware), this option cannot be added in the interface. What I want to know is, is there any way to configure the router to use the service name in PPPoE option or in PPPoE profiles? I don't think RV220W can be accessed via terminal/SSH or maybe even terminal.
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies View RelatedReport run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies View RelatedI Echolife 520b, can not enable wireless network in the menu Basic Wireless LAN option is missing
View 1 Replies View Related I am attempting to register QPM 4.1.5 into LMS 3.2.1 Portal, under Home Page Admin - Application Registration but It fails.It seems to be a bug where it puts the details in the wrong place when submitting the info.
This is the output that it tries to submit obviously - Description, host name, port number and protocol are mixed up.You have selected the following application to be imported from the remote server. [code]
I'm not sure where to find the Tomcat logs or how much use they would be.
I have four rservers. I have found that if the first listed server in my serverfarm is off line, the entire farm quits working. How did I come to this conclusion? You see as part of "serverfarm host PORTAL-FARM" rservers "SISPOAS1 through 4". I can shut down any server except SISPOAS1 and all is well. The load balancer sees the probes have failed to that given server and continuses to load balance to the others. However, If I shut down SISPOAS1, nothing works. I confirmed this by eliminating SISPOAS1 from the configuration completely. After doing so, I could reproduce the exact same problem using SISPOAS2 since it is now the first rserver in the list after I removed SISPOAS1. I'm stumped! Looking at the configuration below, what am I missing???
access-list TRAFFIC line 8 extended permit ip any anyaccess-list TRAFFIC line 16 extended permit icmp any any
probe tcp 389 port 389 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 636 port 636 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7777 port 7777 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7778 port 7778 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp 7780 port 7780 interval 2 passdetect interval 2 passdetect count 1 open 1probe tcp [Code]...