Cisco Application :: CSS11506 Good Show Commands To Validate Failover
Sep 27, 2012
I am planning to perform a failover drill between active and standy CSS loadbalancers which are configured in a cluster pair. I am looking for help to know what show commands I can run to validate that the failover occurred successfully from primary to secondary load balancer and that the VIP's have failed over successfuly as well.
can I limited the VIP? I really do not think the system is heavily used. could any configuration wrong cause problem could be possible the module has problem? if so, how can I confirm? could I add another SAM module?
I have installed anm 4.3 and is trying to setup monitoring my css11506. I have added the device and on the monitoring-setting-polling status, said the polling configuration is enabled, but the polling status time out.
The css11506 snmp configure as: snmp trap-type enterprise snmp cmmunity xxxxx read-only snmp name "anm v4.3" [code]...
Currently using a CSS1506 for our reverse proxy SSL.I have a couple of questions
1 - Does the 11506 use an internal disk as well as the one in slot 0 ? 2 - I have a spare mem card in slot1, how can I copy all of the required boot files etc to slot 1 in case of a card failure in slot 0?
Currently have an ASA 5545. What I want to do is allow our support team to perform ALL show commands (up to and including show run) but not enable them to perform ANY configuration changes on the devices (not get into config t). This is to allow them to check ARP tables, routing protocol status, etc
i don't have access to the ASA at the moment and haven't been able to figure it out in IOS, i'm assuming its not too hard.
I have a tcp socket server application. Some of my clients are asking if I can provide server redundancy for my tcp service for HA purpose. I know it can be done using Windows NLB but the cost of the Enterprise edition is beyond the budget of most of my clients. DNS failover is also out since it will involve fiddling with the DNS server. I'm would prefer to setup a simple solution in which I check the status of the primary server and then if the primary is down, change the ip address of the secondary to the primary so that the service remains available. This sounds simplistic, and besides different clients use different networks, e.g. AD, but I'm not a networking guy so I am at my wits' end.
We have 2 ACEs configured as Active/Standby. FT vlan is configured directly using a crossover cable , not using a switch for the FT vlan.ACE is setup in routed mode ,vlan 29 is client vlan and 28 is server vlan ,both are being trunked on ACE-- trunk 3750 switch.
When I shutdown the port on 3750 for the primary ACE , data connectivity wise ,primary ACE is down ,but the secondary is not taking over ,and also when I do sh ft group status on the secondary ACE,I see the status of STANDBY_HOT and the peer state: ACTIVE.
I have HA configuration for two ACE4710. FT between Ace's is configured as L2 (V LAN). Active ACE is sending heartbeats, but switch shows lot of 'input errors' on ingress and this is a major problem. FT is logically not working (there is no connection between these two Ace's over V LAN). There is only L2 configuration, with speed and duplex auto, no other special configuration. When I connect Ace's directly, FT is working without problem.
I can see lot of errors on input direction (from ACE) to switch port, that means, L1, or L2 problem, but direct connection (using the same Ethernet cable) is working. I tried 'shut/no shut' on both sides, set duplex/speed,... without success.
I have 2 CSS, 1 as primary and 2nd as standby. I configured the standby CSS as my old standby CSS box and now wanted to test the faliover. I am not aware of how to test it in. ny how i have cr for that.
I have a very unusual issue with my installation of ISE on my VMWare ESXi 5.0 environment. but whenever I issue the command "show application statuse ise" I get the following output:
ISE Database listener is running, PID: 13675 ISE Database is running, number of processes: 27 ISE Application Server is running, PID: 15163 ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory ISE M&T Session Database is not running. ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory ISE M&T Log Collector is running, PID: 15379 ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory ISE M&T Log Processor is running, PID: 15457 ls: /opt/TimesTen/tt1121/lib/*.jar: No such file or directory ISE M&T Alert Process is running, PID: 15296
I would like to add a vlan to a second context on a pair of redundant ACE modules. As soon as I open up that shared vlan box we will expose ourselves to mac conflicts until the shared-vlan-hostid commands can be implemented and the module reloaded. Adding the commands is not a big deal but I may not be able to schedule a reload until next week. What I would like to do is confirm the mac pools in use by each module right now. My hope is that they grabbed unique pools when they last booted and a conflict will not be a concern now.
We have an ACE 4710 that has two web servers in an active/passive scenario. The issue is that if node 1 fails and node 2 takes over connections to node 2 stay active even if node 1 becomes available again. Is there are way to ensure that node one is not placed back into service if it becomes available again.
how active/passive failover shoudl be configured, so I can make sure I have it set up correctly;
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
I received a message stating: Info-error attempting to validate the winsock base providers:2 Error- Not all base service provider entries could be found in winsock catalog. A reset is needed. Info- Redirecting user to support call I did the reset in command prompt as I read you told other people with this problem to do. But I still keep getting these messages.This is my sister's Dell Latitude 620.I used AVG and I think pc is clean. When I try to connect to a website page states that Internet Explorer cannot display the webpage.
I've configured in an UC520 a SSL VPN.I can access properly and I can see the labels, but I only can access urls which are http, not https:I can access the default ip of the uc520 (192.168.1.10) but When I try to get access to a secure url I get the msg: Failed to validate server certificate I'm trying to access a Cisco Digital Media Manager, whose url is URL Does the certificate of both hardware has to be the same?
I have some iPhone in my company and they connect to VPN through an ASA (version 8.0.4). The vpn connection use a certificate to validate that the device can connect. All my devices used the ASA IP address to connect, I decide to change that and use a name to connect ( DNS resolution made by the ISP), a generate a new certificate and made a new vpn connection profile. My PC, mac book pro can connect using the new connection, but my iPhone display the message : "Could not validate certificate". I've checked all the configuration and can't find where the difference between my two connection profile.
I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
*Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
i have windows 2008 R2 as CA server. and i also have 2911 router as remote vpn server. Everything works fine for desktops computers and leptops. Users automatically enroll certificates on Microsoft CA server and get connected to vpn. But problem is with ipads. When i try to connect from ipad error massage deslpays "Could not validate the server certificate" and i also get chis error massage from router "CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed"
With ipads built in vpn client i can see the installed certificate and use it but with anyconnect client no certificates are displayed.
I have numerous phones and laptops that connect to the router just fine and fastThis ASUS laptop (windows 7) with Centrino N6150 is very slow to validate. At least it appears that's the issue. The icon in the tray starts with a ! in the connection, then in about 45 seconds goes to a blue chase circle, then in about 45 seconds connects.istory. I was getting disconnects from the WIFI router on a continual basis. I decided to put the router back to factory settings, did the pin reset etc, did a full setup and now we have this slow connect issue ALTHOUGH I never get a disconnect if I once get connected. Just seems to take forever to get it to connect.I've looked at conflicting IP's, no avail, seems fine. As mentioned, like the iphones connect almost instantly. The HP laptop connects fast (windows 7) but the asus now isn't happy.
I have been hacking at this problem for two days and can not figure it out.I built a new computer ASUS M3A78-T and installed windows 7 64bit everything was working fine. I did not validate the version of windows because I was waiting to replace the 500g hard drive with a 120 ssd. By the time I recieved the ssd windows validation time had expired, I tried to validate the version of windows and I could not because the network adapter was now gone! This is strange because when I first built it it as fine and I was all over the internet via broadband ethernet cable.Now the internet box has a red x and will not recognize the cable and no lights are flashing on the back as well. It seems I ned to reinstall the driver so I used another computer and downloaded the only LAN file from ASUS website and nothing.
I've had occasional issues with 5505 upgrades going south when the boot hangs on the image load due to a corrupt image. I need a way to validate the checksum of the new image after it is copied to flash. Remote upgrades become a real pain when you have to go onside just to delete an image, copy it into flash again, and boot.
I have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
Facing issue with 2960G switch , where its do not display "logging trap informational " in show running and show startup .where its showing all other levels from 0 to 5 and 7 after configuration and save commands. [code] after config getting saved , it do not shows in show runn or in show startup while for all other levels it do show the config lines .I tried the same on 12.55.SE release also but its same results . Is this a limitaion of this platform, is there any doc explaining the same for reference. [code]
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
MY voice conversation on magic jack breaks up when I download a movie to my direct TV. I have a Belkin F9K1103V1, N750Db. I'm not using WiFi, Im wired to ports on back of Belkin.