We currently have ACE20's, which only support multicast in bridge mode.Was wondering if it's the same on ACE30's, or if Cisco finally implemented support for mcast in routed mode.
View 3 Replies
Current topology in network is such: web servers with content needing to be load balanced are in vlan 35 and these servers are directly connected to Core switch (two 6509 VSS) via 20 Gb EtherChannel. Vlan 35 also spans some other switches with other servers residing in this vlan. Additionally, there are dozens of another vlans (including external users) that need to communicate with web servers. IP addresses of these two web servers are: 192.168.35.1/24 and 192.168.35.2/24 accordingly with default gateway 192.168.35.254/24 (SVI on Core switch). Currently these ip addresses are used by management and other purposes and need to be reachable for same purposes after configuring load balancing with ACEs - it is needed to have direct access to servers behind ACE. How I can do that using ACE in routed mode?
View 3 Replies View RelatedWe are in the situation we have a active configuration with ACE30 doing normal load balancing in routed mode, we have tons of rservers going out on a VIP.we now had to add a new private network to a provider that strangely enough does not want to see our public or private addresses. we need to loadbalance towards him on a priovided subnet (still rfc1918) (IOS VRF bug? is that correct?)I have two options, add the network (new interface) to the active loadbalancers (contexts) and then tie in new policies to the active serverfarms or make a new context just to load balance towards this provider.(preferred)Now - If I do this, the rservers see the client source addresses from this new provider. as the loadbalancer does not "hide" the client IP's. I would then have to add static routers toward the new context - I would want to skip that.
is there a way, to make the loadbalancer hide the client addresses towards the rservers ? perhaps I'm just needing the correct search term to find the config example.
I understand routed vs bridged mode configuration fairly well, however, I do not understand the pros/cons between using them.
View 6 Replies View RelatedI am trying to get documentation on how to integrate an ACE30 module in a service chassis design integrated with the Nexus 7000 in routed mode. Only documentation I could find shows this design with the ACE30 module in a one arm mode. Any documentation that shows this implementation of this design?
View 2 Replies View RelatedCan an ACE 4710 have , in the same context - servers which are
a. just being routed to
b. a set of load-shared servers
I have been told you may not be able to do this on this version?
have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
[Code]....
But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?
Is it possible to have context in transperant mode and routed mode. Means if i need three context then 2 of them is in routed mode and one of them is in transperant mode. If yes then how, i can 't find this info in cisco website.?I am havin 5585-x and asa version 8.4?
View 8 Replies View RelatedI have 2 modules of FWSM in 6500 switch (failover). I need 5 context. When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context) In transparent mode, it is not happening.
View 1 Replies View RelatedWhat should the duplex mode to be set on a routed port gi0/21 that are running HSRP ? I try setting the gi0/21 to full, but it caused the port to be down. The only way for the port to be up is setting it to half duplex.
Cisco 3750 Switch
==============
interface GigabitEthernet0/21
no switchport
ip address 10.200.104.34 255.255.255.248
[Code].....
Does L2TPV3 will support multicast?
View 3 Replies View RelatedIs DMVPN supported on Cisco 7200 XVR NPE-400, and would the NPE-400 module support QoS, multicast etc. I found an old doc mentioning DMVPN and this specific module.
View 1 Replies View RelatedWe have a client wanting us to support multicast across our network(They have multiple tails in single vrf, connected to our P/PE's(All 7200's)
(Customer is running there own RP)
As we are only providing multicast support to a single customer, On our P/PE routers is it still necessary to enable multicast routing globally, MP-BGP Loop Interfaces and tag-switching/mpls interfaces? (I'm guessing it would be as the client has tails terminating on multiple P/PE's?)
i.e.
Loop0 is MP-BGP loop
Router-PE1(config)#ip multicast-routingRouter-PE1(config)#interface Loopback0Router-PE1(config-if)#ip address 10.0.0.2 255.255.255.255Router-PE1(config-if)# [ code].....
Or, is it sufficient to enable it only within the vrf, and all Interfaces in that vrf?
Router-PE1(config)#ip multicast-routing vrf NetworkARouter-PE1(config)#ip vrf NetworkARouter-PE1(config-vrf)#rd 100:1Router-PE1(config-vrf)#route- [ code]...
Also, is the MDT default IP an address that we (client+provider) agree on?
Is it true, that the new ASA Platform 5585 does not support Multicast. Here on Page 7:[URL] because the old ASAs support Multicast.
View 2 Replies View RelatedI think I have a good handle on PIM dense mode, but some of the output.I think Im actually just overthinking this but I want to validate. When I look at the output of a 'show ip mroute' what does the bolded line. [code] From what I understand, packets that arrive at the RPF interface are flooded through all other interfaces. But what does it mean when it says 'Prune' in that bolded line? Does that mean that the router is sending a prune out of that interface?
View 2 Replies View Related i have an issue with a 2106 WLC. We have a 44xx series WLC and had an issue with Apple devices: they could not print from wireless. The workaround in the 44xx series WLC was that we have enabled Unicast in the Access Point Multicast mode (configued under Controller/General).
The issue now is that the 2106 wlc does not have unicast in AP multicast mode.
does 6500 with SUP-720 support nat on multicast traffic?
i know it support Multicast service reflection based on SXI4 which can facilitate me on destination address nat.
but if i need only source nat, does the defualt NAT feature supported on multicast traffic ?
I am using WLC 5508 version 7.0 facing issue while enabling global multicast mode .
client machine stops DNS resolution after some time once we enable global multicast mode on WLC .websites are opening with IPs but not with DNS names .
DNS resolution starts working immediately after disabling multicast mode on wlc .
AP radio resets when the AP Multicast Mode IP is set 0.0.0.0 under the General Tab?
I rebuilt my lab controller and moved the management interface to a new subnet. Somehow, the AP Multicase Mode IP under the General Settings was removed. Afterwards, my AP's radios would reset every 2-3 minutes. After comparing my lab config to production, I noticed the IP was missing from that field. Setting the Multicast IP to 239.232.78.1 fixed the issue.
WLC 2504
AP 3502i
Code Version: 7.3.101.0
A multisite network is currently supporting muticast using PIM dense mode, which is enabled on router/switch LAN and WAN interfaces across all locations. I am about to introduce Nexus switches to the main LAN. How can I make dense and sparse mode coexist to ensure flow of muticast traffic between devices supporting and dense and sparse mode? Eventually, I want to transition to the sparse mode; however, it has to be done gradually, even within a single site. The leacy equipment includes Cat 3750 and 4500s.
View 2 Replies View RelatedI have one controller 2504 and some 1200 series access points.I am using 3 SSID .I want to use two ssid in HREAP mode but HREAP mode is not showinh in access point because multicast is enabled on AP mode. see the below picture
I have disabled the multicast globally from CLI. config network multicast global disabled
disabling the multicast so that i can set the access point in HREAP mode.
does the SG300 switches can be used with Microsoft NLB in Multicast mode?I know on traditional Catalyst switches you can statically "map" IP's to mac's and then to multiple ports but this doesn't seem to work correctly on the SG switches - it gives an error about the mac not being not Unicast?
View 2 Replies View RelatedACE version A2(3.6) is no longer available on CCO. Replaced by A2(3.6a).
1. Is version A2(3.6) a problematic version? If so, suggestion is to implement A2(3.6a) or revert to version A2(3.5)?
2. If ACE version A2(3.6) is OK, on ANM version 5.2, will this support this ACE version? It is not listed in SDT for ANM 5.2, just need confirmation.
Will ACE 4710 support for IPS features?
View 1 Replies View Relatedif ACE SM in L2 mode need the default gateway? We're running v. 3.2a.
View 8 Replies View RelatedWhatever a NAT is supported for ACE-20 module? I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure if the configuration below is correct. ACE module should be configured in bridge mode with two vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36. NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding "policy-map type loadbalance". Check two parts of configs and if the ACE config is properly converted from CSM and will be working in the same way (especialy for NAT). [code]
View 2 Replies View Relatedclients ---asa--3750--cisco ace--- servers behind vip
|
visa card transaction servers
I am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine.
when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.
but if the transaction from the servers need to go to the visa card transaction servers ,how can we acheive this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.
We have a 6509 with an ACE module. For reasons I don't fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.
[Code]...
I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509. I have all the routes configured properly on the 6509 pointing to the ACE for these subnets. The question is though the config has been excepted, is there a limit to the number of secondary on a BVI.
For server load balancing, does the ACE4710 support custom protocols? We'll be using HTTP for server health monitoring, and to determine if a server is up or down. But the client/server application is custom, and includes a lot of non-standard ports. Can the server VIP handle generic TCP connections? For example client1 connects to the VIP on http, but then later client1 switches to using tcp842 (a custom protocol, not http).
View 5 Replies View RelatedDoes ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00
View 6 Replies View Relatedi don't know why cu need this feature, he want stickiness based on source ip and source port. Does CSS 11500 support stickiness based on source IP and source port?or is there any other method to support stickness based on source ip and sourceport?
View 12 Replies View RelatedI haven't run into this before and I can't find anything in the documentation regarding it. (Our 2 4710 were setup prior in a routed configuration although I personally see no reason for it.) Regardless, we have 2 servers that host 4 websites on them. We built everything on the ACE with a new VIP and matching the http header. If we use firefox/chrome, it load balances properly and we are prompted for credentials as those browsers don't support single sign on. We enter our credentials and are able to get to the appropriate website on the server. When we use IE, it fails to open the page. A sniffer capture shows an authentication failure packet and a reset and that's it. We built the ACE both as sticky and non-sticky but neither worked properly with IE.
Is there something else in the ACE we need to configure to get SSO to work?
**NEW CONFIGURATION**
probe icmp PING
description ICMP echo request probe
[Code].....
I'm trying to get confirmation on whether you can have workgroup bridge mode on the 1040 series model.
The 1041N has the same IOS as the 1141/1241 and it has the settings are there, but I read somewhere on the cisco site that workgroup bridge is only supported on 1100 and 1200 series, is this correct or old information?
Scenario is: I have an existing stand alone 1041N AP, on the other side of the building I have a network LAN switch with a couple of PCs, instead of running cables I would like to add an AP as a bridge to link that switch and PCs to the network that the AP is plugged in to. I believe this is called Workgroup Bridge Mode. In fact there already is a cheap non-cisco wireless device doing this but it is unreliable.
I just placed an order for Two 1041N APs, do I need to change the order to Two 1141N instead?
Also even if the 1041N does not support workgroup bridge mode, can it still act as the ROOT Bridge and have 2 1141N APs configured in bridge mode connected to the 1041N?
