Cisco Application :: Clear Stickies On CSS 11501 By VIP?
Jan 30, 2012it's possible to clear stickies per VIP? The firmware is 08.20
View 2 Repliesit's possible to clear stickies per VIP? The firmware is 08.20
View 2 RepliesI have 2 CSS 11501 providing load-balancing rules and SSL termination. When CSS is used for downloading through the rules of SSL, the rates I get are quite lower than those obtained when the download is done either directly on the machine or by using the rules of HTTP. Is it normal? Is there anything that canspeed up this process?
View 2 Replies View Relatedi need to enable snmp on Cisco CSS 11501.
View 1 Replies View RelatedI am load balancing Terminal Server Windows 2008 sessions with an CSS 11501. The code version is sg0750004 (07.50.0.04). I am trying to establish a Terminal Server session with Single Sign-On (SSO), but without success. Normal login with Username and Password on the TS are functionning, but never SSO session. The environment is: 10 Windows 2008 Terminal Servers (NTS1, NTS2,NTS3...). In DNS I have a host A named TS with IP for balanced CSS. The problem I see is that the client PC opens a TS session to "TS". then dont work SSO, but if client PC open a TS session to NTS1, NTS2...is working fine the SSO I am not sur if we can do something on the CSS.
View 3 Replies View RelatedI have 2 CSS, 1 as primary and 2nd as standby. I configured the standby CSS as my old standby CSS box and now wanted to test the faliover. I am not aware of how to test it in. ny how i have cr for that.
View 1 Replies View Relatedsome misconfiguration (?) may be the reason for an undesired behaviour we are experiencing with our Cisco CSS 11501s. Balancing mechanisms work fine, however if a service transitions to the "down" state, the corresponding flows remain "alive" leading to a temporary outage of our service. Subsequent client requests are still being sent to the "down" frontend which is unresponsive.
View 4 Replies View RelatedWe have a pair of CSS 11501,Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E based on its source IP ( REAL CLIENT IP) .This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).This way we are able to also send it back to the same server when it uses SSL.I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP.
implementation of the cisco CSS 11501 boxes available as spare on our site into production for an application evry thing worked as expected. i was able to telnet the active/master box and was able to console both master and backup box from the console port.however a week post the activity im faced with this weird problem where im not able to take console or the telnet access of my primary/active box.The boxes are working in BOX-to-BOX redundancy and now im not able to telnet or console my active/master box. The telnet and console window prompts me for username and password and after entering the credentials nothing happens. no prompt or no error message is displayed.
The telnet primary authentication is via tacacs and secondary is via local. however for console im not using any method for primay authentication and local for secondary authentication. however i can successfully console my backup box. below are my obsrvations 1. the left and right status LED on the active CSS box is OFF.- it means my CSS 11501 failed and has no power. 2. upon firing the rcmd command with show line command on backup box i see that the telnet sessions and console session is established with the master box3. the redundancy state of the active box says it is master and has not changed state since my last activity, no application issue reported, all the services are active on the active box and also i can ping the active box ip address from my backup box over which box to box redundancy is established. This confirms the active box is functioning well 4. i initially thought the telnet sessions are not getting cleared, however the show line cmd with the rcmd cmd on the backup box confirms this is not happening. now im stuck as the active box cannot be accessed at all via console or telnet. i was thinking of below steps to be carried out.1. to failover the boxes and make the backup as master2. then try to take the faulty box off the network and troubleshoot (are there any other commands that i should use to troubleshoot)3. if nothing works try rebooting the box and check
NOTE: the software running is version 7.20.30.3 with standard feature set. we are not using cvdm or the CSS GUI. we could access the css initially on CSS gui and that is also not working now.
we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client..
# sh ver
Version: sg0820501 (08.20.5.01)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.20.5.01
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
[code]....
I generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies View RelatedI've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is 08.10.2.05. I'm unable to search the TAC archive or I would've gone there first.
View 2 Replies View RelatedI have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.
View 3 Replies View RelatedI am trying to get a sample command output of "show chassis inventory" for:
CSS 11501
CSS 11503
CSS 11506
Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc. We would also like to allow this user to clear the interface error counters as well, but nothing else.
View 2 Replies View RelatedWe are about to upgrade Cisco Load Balancer CSS 11501 firmware from current ver, 8.10.4.01 to 8.10.6.02,this is a production line device (a running 24x7 network), upgrading will create unpredictable results even worst the network will go down.
View 1 Replies View RelatedWe have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
View 1 Replies View RelatedI have an issue with the device in subject. I need that some server, listed as service on CSS, can contact a content VIP on the same subnet. To allow that traffic I configured grouping on CSS (group 1) with vip address and an ACL that allow traffic from subnet 10.1.1.0/24 toward same subnet 10.1.1.0/24 and I have bound this ACL with sourcegroup 1. The nat and portmap works but never at first attempt, instead since second attempts it works. Seem like a CSS require to much time to create nat entry.
View 4 Replies View RelatedMy environment have two device ,a cisco css11501 and a cisco 2960 ,when I reboot CSS11501 then 2960 shutdown fa0/41
I command "sh logging | in 0/41" just up down two time,not five times in 10 seconds
.May 17 11:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to down
.May 17 11:13:19: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to down
.May 17 11:14:53: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/41, putting Fa0/41 in err-disable state
.May 17 13:44:35: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to up
.May 17 13:44:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to up
I would like configure a CSS content, that uses the sorry service principal in an advanced way.
I am familiar with the primary Sorry Server command and see that the CSS would send all connections to the named service that is configured as the primary Sorry Server.
What I would like to do is to configure the CSS, so that once it’s decided it’s in a “sorry” state (all the services that are configured with “add service” are down) that it load balances to a different set of services.
To explain what I’ve been trying to do in the form of configuration on the CSS, I’ve pasted some pretend config below.
Connections come into IP address 1.1.1.1, which normally get load balanced between 9.1.1.1, 9.1.1.2 and 9.1.1.3.
If 9.1.1.1, 9.1.1.2 and 9.1.1.3 are all down, the sorry service is used and the CSS starts passing traffic to 1.1.2.1, which I want it to load balance between 9.1.2.1, 9.1.2.2 and 9.1.2.3.
The order that I have applied the config, is different to the below, as I set out to configure in this order: secondary services, secondary content, sorry service, primary services, primary content.
The order of the config below is different, because I wanted it in the order that the traffic flows and the CSS won’t take the config in that order!
The wall I have ran into, is that when I try to create the service I have named “Sorry Service”, I get the following error:
%% Service IP Address conflicts with a local I/F, VIP, mg mt route.
[Code] .....
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
I want clear explanation of NAT.
View 1 Replies View RelatedI develop websites, and we moved a site from one server to another, and now I get the message the site has moved. I ran the cmd to clear the dns cache, but that didn't solve the issue. I tried stopping and restarting the client, that didn't work. It was already set to automatic. I am logged in to my laptop as an administrator. I tried to be the user Administrator, but it doesn't appear as a choice, but when I try to change my name, I get the message it is already in use. I am using XP Pro, SP3?
View 3 Replies View RelatedI ran across this today on a 7200 that when all the vty lines are filled, and dont release, you enter clear line vty x and it is supposed to release the line. Well in some versions it doesn't work.
Here is the work around I found. clear tcp line vty x
Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies View Relatedclear ARP cache from server side?
View 12 Replies View RelatedHow to clear history of cisco ASA 5520 ?
View 1 Replies View Relatedi would like to use ASA 5515-k9 with Antivirus and antispam but i don't know the part number that support this and how it process .
View 3 Replies View RelatedWhat is the procedure to delete the full startup-configuration of Cisco ASR 9010 with IOS-XR version 3.9.Tried the following but unable to do it:erase nvram, Commit Replce.
View 2 Replies View RelatedAfter command clear route, all timers just continue, there is not actually clearing the routing table... This is happening on two different boxes: pair of ASA 5520 and one 5505 ASA... I presume it is happening on all others too, but I don't have this release installed anywhere else...
Codes:
C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route(code)
Is possible clean inactive IDBs?I have a Cisco 3825 that support up to 1200 IDB and now is using 1102, but 614 is inactive.
[code]....
cisco 2651XM router
IOS: c2600-adventerprisek9-mz.124-15.T8.bin
if I do #sh arp in the terminal with this router I see a rogue entry thus:
Internet 192.168.0.4 0 Incomplete ARPA
My whole LAN operates on 172.16.x.x/16, there are no 192.168.x.x devices connected. In the past I've had 192.x.x.x devices running but for a long time and the router has been restarted since then. I've tried several clear commands in the terminal but this entry is stuck there and I've also seen it in a wireshark scroll on a pc when monitoring the routers' adsl traffic - it shows up an an SNMP entry and I do use SNMP on my router, but that data goes to a 172.16.x.x. machine. How can I clean this entry out?
I am trying to change a static nat entry from this:
ip nat inside source list 1 interface Dialer0 overloadip nat inside source static tcp 192.168.0.246 25 interface Dialer0 25ip nat inside source static tcp 192.168.0.246 80 interface Dialer0 80ip nat inside source static tcp 192.168.0.246 443 interface Dialer0 443
to
ip nat inside source list 1 interface Dialer0 overloadip nat inside source static tcp 192.168.0.247 25 interface Dialer0 25ip nat inside source static tcp 192.168.0.247 80 interface Dialer0 80ip nat inside source static tcp 192.168.0.247 443 interface Dialer0 443
I have tried various methods from exec mode clear ip nat translation *
no ip nat inside source static tcp 192.168.0.246 443 interface dialer0 443 But I am getting cisco2800(config)#%Static entry in use, cannot remove.
I cannot eliminate the lines vty in my Cisco 7609 router when I write show users, I obtain the following thing: [code]
View 2 Replies View Related