I have 2 CSS, 1 as primary and 2nd as standby. I configured the standby CSS as my old standby CSS box and now wanted to test the faliover. I am not aware of how to test it in. ny how i have cr for that.
View 1 Repliesit's possible to clear stickies per VIP? The firmware is 08.20
View 2 Replies View RelatedI have 2 CSS 11501 providing load-balancing rules and SSL termination. When CSS is used for downloading through the rules of SSL, the rates I get are quite lower than those obtained when the download is done either directly on the machine or by using the rules of HTTP. Is it normal? Is there anything that canspeed up this process?
View 2 Replies View Relatedi need to enable snmp on Cisco CSS 11501.
View 1 Replies View RelatedI am load balancing Terminal Server Windows 2008 sessions with an CSS 11501. The code version is sg0750004 (07.50.0.04). I am trying to establish a Terminal Server session with Single Sign-On (SSO), but without success. Normal login with Username and Password on the TS are functionning, but never SSO session. The environment is: 10 Windows 2008 Terminal Servers (NTS1, NTS2,NTS3...). In DNS I have a host A named TS with IP for balanced CSS. The problem I see is that the client PC opens a TS session to "TS". then dont work SSO, but if client PC open a TS session to NTS1, NTS2...is working fine the SSO I am not sur if we can do something on the CSS.
View 3 Replies View Relatedsome misconfiguration (?) may be the reason for an undesired behaviour we are experiencing with our Cisco CSS 11501s. Balancing mechanisms work fine, however if a service transitions to the "down" state, the corresponding flows remain "alive" leading to a temporary outage of our service. Subsequent client requests are still being sent to the "down" frontend which is unresponsive.
View 4 Replies View RelatedWe have a pair of CSS 11501,Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E based on its source IP ( REAL CLIENT IP) .This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).This way we are able to also send it back to the same server when it uses SSL.I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP.
implementation of the cisco CSS 11501 boxes available as spare on our site into production for an application evry thing worked as expected. i was able to telnet the active/master box and was able to console both master and backup box from the console port.however a week post the activity im faced with this weird problem where im not able to take console or the telnet access of my primary/active box.The boxes are working in BOX-to-BOX redundancy and now im not able to telnet or console my active/master box. The telnet and console window prompts me for username and password and after entering the credentials nothing happens. no prompt or no error message is displayed.
The telnet primary authentication is via tacacs and secondary is via local. however for console im not using any method for primay authentication and local for secondary authentication. however i can successfully console my backup box. below are my obsrvations 1. the left and right status LED on the active CSS box is OFF.- it means my CSS 11501 failed and has no power. 2. upon firing the rcmd command with show line command on backup box i see that the telnet sessions and console session is established with the master box3. the redundancy state of the active box says it is master and has not changed state since my last activity, no application issue reported, all the services are active on the active box and also i can ping the active box ip address from my backup box over which box to box redundancy is established. This confirms the active box is functioning well 4. i initially thought the telnet sessions are not getting cleared, however the show line cmd with the rcmd cmd on the backup box confirms this is not happening. now im stuck as the active box cannot be accessed at all via console or telnet. i was thinking of below steps to be carried out.1. to failover the boxes and make the backup as master2. then try to take the faulty box off the network and troubleshoot (are there any other commands that i should use to troubleshoot)3. if nothing works try rebooting the box and check
NOTE: the software running is version 7.20.30.3 with standard feature set. we are not using cvdm or the CSS GUI. we could access the css initially on CSS gui and that is also not working now.
we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client..
# sh ver
Version: sg0820501 (08.20.5.01)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.20.5.01
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
[code]....
I generated a wildcard certificate for my company type *. [URL] in a CSS 11501. For the site [URL] worked fine, for the site [URL] didn't worked. I read on the web that should generate a wildcard certificate with subject alternative names. Is it possible in CSS? how can I do it?
View 5 Replies View RelatedI've got an issue with a CSS 11501 where, if *any* change is made to a global keepalive (active), the device reboots. The code is 08.10.2.05. I'm unable to search the TAC archive or I would've gone there first.
View 2 Replies View RelatedI have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.
View 3 Replies View RelatedI am trying to get a sample command output of "show chassis inventory" for:
CSS 11501
CSS 11503
CSS 11506
I've configure two ACE 4700 in a SLB modus http to a web server.To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
I'm setting up an ACE 4710 in our test lab before deploying in production. Do the test web servers I am using need to use the ACE as their default gateway? The are currently configured to use a multilayer switch on their vlan as their gateway but I'm guessing the ACE needs to see the return traffic for load balancing to work correctly?
View 2 Replies View RelatedI have a tcp socket server application. Some of my clients are asking if I can provide server redundancy for my tcp service for HA purpose. I know it can be done using Windows NLB but the cost of the Enterprise edition is beyond the budget of most of my clients. DNS failover is also out since it will involve fiddling with the DNS server. I'm would prefer to setup a simple solution in which I check the status of the primary server and then if the primary is down, change the ip address of the secondary to the primary so that the service remains available. This sounds simplistic, and besides different clients use different networks, e.g. AD, but I'm not a networking guy so I am at my wits' end.
View 2 Replies View RelatedWe have 2 ACEs configured as Active/Standby. FT vlan is configured directly using a crossover cable , not using a switch for the FT vlan.ACE is setup in routed mode ,vlan 29 is client vlan and 28 is server vlan ,both are being trunked on ACE-- trunk 3750 switch.
When I shutdown the port on 3750 for the primary ACE , data connectivity wise ,primary ACE is down ,but the secondary is not taking over ,and also when I do sh ft group status on the secondary ACE,I see the status of STANDBY_HOT and the peer state: ACTIVE.
I have HA configuration for two ACE4710. FT between Ace's is configured as L2 (V LAN). Active ACE is sending heartbeats, but switch shows lot of 'input errors' on ingress and this is a major problem. FT is logically not working (there is no connection between these two Ace's over V LAN). There is only L2 configuration, with speed and duplex auto, no other special configuration. When I connect Ace's directly, FT is working without problem.
I can see lot of errors on input direction (from ACE) to switch port, that means, L1, or L2 problem, but direct connection (using the same Ethernet cable) is working. I tried 'shut/no shut' on both sides, set duplex/speed,... without success.
ACA IOS version is A4(1.x).
Have a client with one ACE20 and now he needs a second one for redundancy.Since ACE20 is EOL, can I use an ACE30 with an ACE20 as a failover pair?
View 1 Replies View RelatedWe have an ACE 4710 that has two web servers in an active/passive scenario. The issue is that if node 1 fails and node 2 takes over connections to node 2 stay active even if node 1 becomes available again. Is there are way to ensure that node one is not placed back into service if it becomes available again.
how active/passive failover shoudl be configured, so I can make sure I have it set up correctly;
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 Replies View RelatedI am planning to perform a failover drill between active and standy CSS loadbalancers which are configured in a cluster pair. I am looking for help to know what show commands I can run to validate that the failover occurred successfully from primary to secondary load balancer and that the VIP's have failed over successfuly as well.
View 1 Replies View RelatedQuestion re: DIR-655; Hardware ver A4; Firmware version 1.32NA
During bandwidth tests to several sites (principally speedtest.net) I get ping times of 10-11 ms, download speeds of 12+ to 17+ mbps but failure on upload tests using my DIR-655.
When I bypass the 655 and test directly with my cable modem, all (including upload) tests work reliably and consistently.
I have swapped the two ethernet cables involved as well as replacing both with new cables but the results are the same (uploads fail with 655 and work without it)
I have seen several postings over the the last year with this same problem but have never seen any comment from D-Link, or a solution from any reader.
Not that it should have any bearing, but I have TA785GE-128M motherboard and am running Windows 7 (patch current) on COMCAST
is this problem acknowledged by D-Link and is there a solution?
We are about to upgrade Cisco Load Balancer CSS 11501 firmware from current ver, 8.10.4.01 to 8.10.6.02,this is a production line device (a running 24x7 network), upgrading will create unpredictable results even worst the network will go down.
View 1 Replies View RelatedWe have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
View 1 Replies View RelatedI have an issue with the device in subject. I need that some server, listed as service on CSS, can contact a content VIP on the same subnet. To allow that traffic I configured grouping on CSS (group 1) with vip address and an ACL that allow traffic from subnet 10.1.1.0/24 toward same subnet 10.1.1.0/24 and I have bound this ACL with sourcegroup 1. The nat and portmap works but never at first attempt, instead since second attempts it works. Seem like a CSS require to much time to create nat entry.
View 4 Replies View RelatedMy environment have two device ,a cisco css11501 and a cisco 2960 ,when I reboot CSS11501 then 2960 shutdown fa0/41
I command "sh logging | in 0/41" just up down two time,not five times in 10 seconds
.May 17 11:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to down
.May 17 11:13:19: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to down
.May 17 11:14:53: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/41, putting Fa0/41 in err-disable state
.May 17 13:44:35: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to up
.May 17 13:44:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to up
I would like configure a CSS content, that uses the sorry service principal in an advanced way.
I am familiar with the primary Sorry Server command and see that the CSS would send all connections to the named service that is configured as the primary Sorry Server.
What I would like to do is to configure the CSS, so that once it’s decided it’s in a “sorry” state (all the services that are configured with “add service” are down) that it load balances to a different set of services.
To explain what I’ve been trying to do in the form of configuration on the CSS, I’ve pasted some pretend config below.
Connections come into IP address 1.1.1.1, which normally get load balanced between 9.1.1.1, 9.1.1.2 and 9.1.1.3.
If 9.1.1.1, 9.1.1.2 and 9.1.1.3 are all down, the sorry service is used and the CSS starts passing traffic to 1.1.2.1, which I want it to load balance between 9.1.2.1, 9.1.2.2 and 9.1.2.3.
The order that I have applied the config, is different to the below, as I set out to configure in this order: secondary services, secondary content, sorry service, primary services, primary content.
The order of the config below is different, because I wanted it in the order that the traffic flows and the CSS won’t take the config in that order!
The wall I have ran into, is that when I try to create the service I have named “Sorry Service”, I get the following error:
%% Service IP Address conflicts with a local I/F, VIP, mg mt route.
[Code] .....
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies View RelatedI am trying to test and setup some ACL's on a switch, the current setup is:
Core Switch - HP ProCurve 2610-24-PWR
Edge Switch - HP ProCurve 2510-24
VLANS 5, 10, 15, 20, 25, 30
I want to deny access to VLAN 5 from VLAN 20 which is are client VLAN.
How to test the aaa on cisco asr 1000 ? I wana test some user account to a cisco acs.
View 5 Replies View RelatedIXIA----DUT-----IXIA
| | |
|_______ |________|
DUT has redudant connections to IXIA. Im pumping traffic from IXIA and traffic takes PATH A .. When I shut PATH A, i expect traffic to shift to PATH B within 100ms (example). How do I test this ?