Cisco Application :: Discovery Protocol On ACE 4710 Appliance

May 26, 2011

My TCOM guys say they do not see the ACE as a CDP neighbor on their switches. Is CDP enabled by default? I cannot find any documentation that suggests this is configuration (like on the Cisco CSS - where it can be enabled, but cannot see its' CDP neighbors).
 
BTW - The ACE 4710 Appliance documentation uses CDP as acronym for Certificate Revocation List Discovery Point (for SSL CRL's).

View 2 Replies


ADVERTISEMENT

Cisco Application :: ACE 20 (ACE 30) Versus 4710 Appliance Reliability

Jun 21, 2012

In 2008-2010 timeframe, I used the ace 4710 appliances at one customer and kind of liked them. The deployment was not too SSL intensive and B/W requirements were low, but I configured a few HA pairs and that worked well. The configuration was pretty comparable to other Cisco devices; so easy to learn/pick-up.Fast forward to 2011: stepped into an environment, where customer purchased 3 - ACE 20 modules (before I got here), and had multiple issues with them. I found 4 documented TAC cases, and 1 was still open. I started working from December 2011 on getting Cisco to own-up WRT modules but customer by that time had had enough.
 
The most serious issue was a random reboot, hang or lockup. I wasn’t here to work with them to verify, but that’s eventually what the deal breaker was. Around the February 2012 timeframe, talking to Cisco SE, he revealed Cisco had an independent lab in Switzerland verify that some hardware component on the device had a terminal defect, in which a bit would flip, and force the device to lock or reboot - subject ot radioactive decay or interference.Cisco and the lab attributed this to improper shielding, coupled with defective material in the electronic component; hence the device was highly susceptible to radiation-type errors. This is the kind of stuff you read in doomsday reports! As a result, Cisco was EOL-ing the ACE-20 module. I am trying to get Cisco to replace the ACE-20 modules with something else, but they haven’t been too cooperative. They have also limited their SE/Salseperson presence where I work (Pacific Northwest); and are not too responsive.
 
I have gotten a verbal agreement to get a credit on prior purchases for the amount this customer spent on the ACE-20 modules. However, the credit is only a few points off their normal discounting model. And Cisco will not go into loss on new product sales. Using example, $100 product would cost me $55 with standard Cisco discounting. Cisco’s cost might be $45 so I will only get another $10 credit on this new purchase.The 3 Cisco ACE-20’s originally cost customer about $100K, so to dwindle this credit down, we would need to purchase about $1-$2 million of new hardware - that's a lot of new gear! And I don’t have any real way of knowing that Cisco is applying the credit honestly, and they won’t put anything in writing. This entire issue has really dampened customer’s impression of Cisco. They had smartnet on the ACE-20’s for 2+ years, but then dumped that after losing faith in the product. Now I am trying to resurrect smartnet to see if Cisco will give us an alternate product.
 
And to cap it all off, the original Cisco salesperson (who sold customer the ACE’s), has left and went to work for F5! And yes, he has been calling on customer to try to sell some big-IP's! At least there is some humor in all of this. So... Has anyone else had bad experience with ACE-20 module? How about ACE 4710? How to get a reliable working ACE module from Cisco?

View 6 Replies View Related

Cisco Application :: ACE 4710 Redundant Appliance Telnet

Jan 21, 2013

I have a pair of ACE 4710's that I am deploying within a datacenter.  The primary and secondary ACE appliances have identical configurations except for the IP addressing and priorities for FT.  The FT peer is going into a TL error state. 
 
On the primary ACE appliance, I am able to ping and telnet from/to it without any issues.  All of the routing works as it should and everything is seen in the ARP table as it should.  The secondary appliance is able to ping everywhere, but telnet out of or into that appliance does not work.   
 
I am able to see the IP addresses in the arp table and can successfully ping end to end from the secondary device, just unable to telnet into or out of it.  When I try to telnet out of the secondary device, it reports that there is no route, even though the IP's I am trying to telnet to are directly connected and those interfaces are up and working (otherwise ping would fail).  The exact same filters (access-lists, service-policies) are configured in the exact same format and applied to the exact same interfaces. 
 
I tried removing all of the fault tolerance configurations and just created a Layer 3 vlan interface for management and I am still unable to telnet into or out of the appliance.  This is not a complicated setup and I have to think there is something obvious that I'm missing, but I'm hung up on the fact that the config's are almost identical while one works exactly as intended and the other reports no route to host for a directly connected interface.

View 2 Replies View Related

Cisco Application :: ACE-4710-0.5F-K9 / Redundancy Not Supported Between ACE Module And Appliance

Mar 19, 2012

what is that mean-"Redundancy is not supported between an ACE module and an ACE appliance operating as peers" I'm designing network in which I plan to use  ACE-4710-0.5F-K9 appliances.

View 1 Replies View Related

Cisco Application Networking :: 4710 Appliance / HTTP To HTTPS Redirection URL

Sep 25, 2011

i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:

[URL]
 
i am using the

rserver redirect REDIRECT-TO-HTTPS[URL] 
 
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?

View 4 Replies View Related

Cisco Application :: Double-check Point With Forum On Licensing On 4710 Appliance

Jan 9, 2013

I would just like to double-check a point with the forum on licensing on 4710 Appliance.If with version 4.2 and above 2Gbps Bandwidth licence is required, the output of the sho license status should be?

View 1 Replies View Related

Cisco Application :: ACE4710 Appliance To ANM Virtual Appliance NATed

Oct 12, 2011

We have an ACE Appliance in a DMZ and the ACE Appliance's Admin Context IP is translated between ACE and ANM. The ANM Server does not get translated. It is just the opposite then in another Community discussion.
 
Our Problem: When adding the ACE4710 Appliance to the ANM imported Device List, we use the ACE's NATed Admin Context IP. Import works well, but ANM reflects the Admin Context IP with it's real configured IP. Polling the ACE Appliance does not work therefore.
 
Is there a possibility of telling the ANM, that the ACE has to be polled through a NATed IP? I could not find a field to set a NATed Mgmt IP.
 
Configured IP on ACE Admin Context: 192.168.0.10
NATed ACE Admin  Context IP:           172.16.0.10
 
Imported ACE with IP 172.16.0.10 into ANM, but ANM polls for Rserver, Vserver, Probes, etc. via 192.168.0.10 - which is not reachable from the ANM.

View 2 Replies View Related

Cisco WAN :: ASR1002 Limit Of 32 Interfaces For NBAR Protocol-discovery

Feb 15, 2011

How to hit the 32 interface nbar limit on an ASR? Our ASR1002 ESP5 is now grumbling: %NBAR-4-STILE_MAX_PD_INTF: NBAR protocol-discovery is enabled on maximum number of interfaces (32) supported by this platform..Is this expected to increase in future software revisions? (or is it a h/w limitation?)Is it the same limit regardless of ESP or will I get more (how many more?) if it is an e.g. ESP20?

View 1 Replies View Related

AAA/Identity/Nac :: ACS 4.2 Authenticating 4710 ACE Appliance Failed

May 5, 2011

I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
 
ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
 
Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
 
I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1).
 
tacacs-server key 7 "xxxxxxxxxxxxx"aaa group server tacacs+ tac_admin  server xx.xx.xx.xx
 
aaa authentication login default group tac_admin local aaa authentication login console group tac_admin local aaa accounting default group tac_admin

View 2 Replies View Related

Cisco Application :: Application Slowness Through ACE 4710

Mar 27, 2013

Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.

View 6 Replies View Related

Cisco Application Networking :: Possible In ACE4710 Appliance To Configure A SIP TLS

Feb 11, 2013

Do you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.

View 1 Replies View Related

Cisco Application :: ANM 5.2 Virtual Appliance Internal Filesystems?

Jun 15, 2012

We have an ANM Virtual Appliance, version 5.2, were we login and can go no further. This was working for fine for approximately two and half weeks. We created a backup and re-loaded the system via CLI with the same result. We logged in again via SSH and we have noted the following:
 
cscoanmsa/admin# sh disk
 temp. space 4% used (141244 of 4951688)
disk: 7% used (353916 of 5935604)
 Internal filesystems:
  warning - /var is 100% used (89219000 of 89258112)
 cscoanmsa/admin# sh application status ANM

[code]....
 
Is there any way to access and clean out the /var directory from the CLI. is this achieved simply via the "delete" command with the full path ?

View 5 Replies View Related

Cisco Application :: Root Password For ANM 4.2 Virtual Appliance

Sep 18, 2011

The upgrade process for ANM virtual appliance 4.2 involves doing a backup and restore as root user. I have looked through the documentation and have even reinstalled the virtual appliance to see if the install script gives away the root password for the OS but without luck.

How to set/find the root password?

View 2 Replies View Related

Cisco Application :: 474 / 594 - Remotely Start WAAS Appliance?

Mar 10, 2013

We have several 474 and 594 class WAAS appliances in the field. When power is lost to a given location, almost all of the other devices we have at these sites will start themsleves back up upon the restoration of power. Since the 474 and 594 WAAS appliances are basically PC based devices they do not seem to have the ability to start themselves back up when power is restored. What we would like is to have a solution wherein the WAAS device powers up on its own once power is restored much like the routers, switches, servers and PBX devices at the same location.

View 1 Replies View Related

Cisco Application :: ACE30 Accessing Appliance Device Manager

Sep 6, 2011

I've got basic connectivty to our ACE30 module and when I try connecting to the management IP address (attached to the Admin context), I see a very basic GUI which only lists the CSM to ACE config conversion tool.  I don't see a GUI as detailed in the document: url...How do I get the ACE Applicance Device Manager GUI working so that I can then configure real servers, serverfarms etc rather than via the GUI?Having read through copious amount of documentation I can't seem to find a refrence that would ne useful here.  This should be a fairly straight forward exercise - do I need to install some other software to get the full fledged GUI working?

View 2 Replies View Related

Cisco Application :: Disable Telnet For ACS 1120 Appliance Version 5.0

Feb 5, 2012

disable telnet for ACS 1120 Appliance version 5.0.0.21 .is there anway to do it , not able to login via telnet and ssh it says wrong credentials but webgui is working fine with same user and password.

View 1 Replies View Related

Cisco Application :: 3500 - Enable XML-HTTPS Protocol In ACE

Mar 9, 2011

I'm configuring ACE to enable the XML-HTTPS interface so I can import it into ANM, when I try to do a "match protocol xml-https any", I get a invalid command detected. When I tab at the match protocol command, I don't see xml-https listed (http, https, icmp, etc. is listed).

View 2 Replies View Related

Cisco Application :: How To Install New 4710 Ace

Feb 2, 2013

i'm looking for a recommendation for a setup guide including ft i've had a quick look a wiki and i can get basics but i'm not sure about if i need to setup additional contexts etc when i'm the only one using the appliance?

View 2 Replies View Related

Cisco Application :: DNS Rewrite On ACE 4710?

Aug 26, 2012

I have an issue with a customer that wants to update a server behind the ACE. The problem is that when the application wants to update the server it does it with the name.Doing some research I found that you can rewrite the record DNS based on the static NAT you set up on the ACE. The feature is called DNS inspection. Is the same feature as the ASA (DNS doctoring).I apply it to the outside interface and it did not work.

View 1 Replies View Related

Cisco Application :: ACE 4710 / What Are These Ports Used For

May 7, 2013

What are these ports used for? What can I do with them?

View 2 Replies View Related

Cisco Application :: ACE 4710 - What Does The Ip-netmask Mean

Feb 12, 2013

I am trying to configure sticky on an ACE 4710 and don't understand what the netmask part of the sticky ip-netmask netmask address {source | destination | both } name command.
 
Some examples use 255.255.255.255 and others use 255.255.255.0 but I don't know what the significance is or what it does?
 
I am going to configure for both source IP and destination IP (both).

View 2 Replies View Related

Cisco Application :: ACE 4710 Lic Performance

Mar 19, 2012

With the current (A5) ACE 4710 lic setup, does the "X gigabit per second appliance throughput" that is licensed affect: -
 
A)  Only "appliance" i.e. load balancing traffic, any other normal routed traffic is not included in the limit
 
 or
 
B) Is it an overall throughput limit on the interfaces i.e. includes all traffic not only load balancing traffic but also normal routed traffic crossing the appliance
 
Looking at a scenario where the lic size I need for HTTP load balanacing would be one size if  A) but would need to be much larger is B) to accomodate out of hours routed backup traffic crossing the ACE 4710

View 1 Replies View Related

Cisco Application :: ACE 4710 Not Booting?

Aug 27, 2012

I've just run the ACE 4710 and it seems that is booting up well but it stops when 'Setting up dynamic memory size' message appears.
 
INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.

[Code]....

View 2 Replies View Related

Cisco Application :: ACE 4710 - SSL Over Port 80

Aug 11, 2012

I've got a web app that the owners want to run over port 80, but also using SSL to secure private data in transit.  The architecture is an ACE 4710 in SSL termination mode->Apache (port 2000)->Back-End app server.
 
I've got two VIPs set up already - one on port 443 and one on 2000 - both of which do the SSL termination quite nicely, but using the 3rd VIP set up on port 80, the connection steadfastly refuses to be HTTPS (i.e. doesn't show the padlock).
 
I've done all the set-up through the web interface so far, can this be done? If so, how?

View 1 Replies View Related

Cisco Application :: ACE 4710 Upgrade To A4 (2.1)?

Jul 19, 2011

I am currently running A3(2.6) and evaluate the possibility of upgrading to A4(2.1). The Instal & Upgrade Guide A4(2.0) mentions that A4(2.0) does not include all features of A4(1.1). Does this apply to A4(2.1)? The Release Notes mentions a list of features merged from A4(1.1) to A4(2.1) but does not clarify if there any features not merged.

[URL]

View 1 Replies View Related

Cisco Application :: ACE 4710 With A5(1.1) With SSL Termination

Nov 13, 2012

we  configued An ACE 4710  with SSL termination on Oracle Aplication Server  10g  (10.1.2.0.2) ,so that SSL termination is done on the ACE and HTTP reaches the Oracle Aplication Server  10g  (10.1.2.0.2) then we configure the ACE to enabled client authentication with Pkcs#11 smart card token certificate and this don succfully my problem need do this client certificate authentication  for only the [URL] not for all SSL proxy service how can do that.

View 3 Replies View Related

Cisco Application :: ACE 4710 - MSS Mismatch

Dec 5, 2011

I'm receiving a lot of these messages in a ACE4710 cluster. 192.168.100.1:80 is the VIP, 193.126.127.28:56380 is the client. Already tried to set the mss with this:
 
parameter-map type connection my map set tcp mss min 0 max 1380
 
policy-map multi-match L4_policymap
class vip_PRDWEB_http
loadbalance vip inservice
[code].....
 
But it doesn't work.

View 4 Replies View Related

Cisco Application :: ACE 4710 A3 (5) Logging New Connections?

Jul 31, 2011

We have recently transitioned one of our Ecommerce products to a new data center, at which we now use a one-armed load balancing approach rather then the routed load balancing approach we used previously. This is casuing us some issues as we generally log the source IP address a user comes in on when he fills out an application. Now the logs only show the natted ip address recieved by the load balancer, which does us no good. Any way to log the source IP address when a new connection is created to a particular vip?

View 3 Replies View Related

Cisco Application :: ACE 4710 Take An Action When A Server Goes Down

Jun 2, 2011

If we use an ACE4710 to load balance two real servers, obviously it will use health checks to determine if a server is down.When it detects a server is down, it will not send it any more traffic.But can we also have it take any other action?  For example maybe email an admin, or send an SNMP trap?  Or better yet, can we use a custom TCL script to do other things, like launch some custom activities?

View 2 Replies View Related

Cisco Application :: ACE 4710 To Manage The Ports

Jan 24, 2012

I am new to the 4710 appliance.Apart from the 4 GE 'data' ports, there are 2 Ethernet 'management' ("console") ports.  I find the description in the "quick start guide"somewhat confusing. URL, Is a first-time serial connection (at least to run the initial config. script) mandatory?  Or can you obtain the same result via one of the 2 Ethernet management ports and using a default ip address (192.168.1.10 ? When running the initial config. script (only possible from the serially connected console i suppose), you have to select your management port. Why does the system in step 5 proposes  you 4 ports, and not just 2? I suppose the intended port for management is one of the 2 management ports, not one of the 4 data ports?

View 1 Replies View Related

Cisco Application :: Cannot Telnet To ACE 4710 After Upgrade To A4(2.3)

Jun 29, 2012

I have a pair of ACE 4710s with 12 contexts sharing the load, running A4(2.1). esterday I upgraded one of them to A4(2.3) now I cannot telnet to the Admin context.Pings ok. I can telnet to other contexts on the box and everything seems to be working ok   when i do a " sh telnet" comes back with
 
No Session Information is available
sh telnet maxsessions
telnet maxsessions 16

View 1 Replies View Related

Cisco Application :: ACE-4710-K9 API Is Invalid Or Non-existent

Dec 14, 2011

ACE# sh script code NORDICID_PROBE.Error: Called API is invalid or non-existant.Hardware is ACE-4710-K9 and software A3(2.7)The probe itself is functioning ok according to show probe detail.However show script script_name probe_name -counters all remain at zero for some reason. This wasn't the case on the previously use ACE software.To my recollection the command show script code has worked successfully before on the same ACE software. Not 100% sure though, but it definitely worked on the previous software we ran on the ACE.

View 2 Replies View Related

Cisco Application :: ACE 4710 To Reset The Settings

Jan 30, 2012

the ACE 4710 is running 3.2.5 and I need to put it in another environment.Is there a way to reset its settings?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved