Cisco Application Networking :: ACE-20 Crashes NP Core Cause Is Unknown
Apr 25, 2012
One of our ACE-20's crash recently with little info as to why - fortunately it was the FT standby module so service wasn't impacted but obviously keen to determine the cause of the crash, and potential resolution.
Running A2 (3.5).
last boot reason: NP 1 Failed : NP Core Reset - Cause Unknown,There is nothing obvious from the switch perspective:
Apr 17 14:52:35.775 bst: SP: The PC in slot 9 is shutting down. Please wait ...
Apr 17 14:52:45.780 bst: SP: PC shutdown completed for module 9
510497: Apr 17 14:52:55.781 bst: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset)
510498: Apr 17 14:57:58.277 bst: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics...
[Code]...
View 5 Replies
ADVERTISEMENT
May 24, 2011
I'm currently investigating an issue for one of our customers where one of their 3750 Core Switch Stacks crash / becomes unresponsive during a NESSUS Scan.
They've diabled DoS testing and have ensured that safe scanning is enabled. For the test they are port scanning all of their VLANs (around 600 internal addresses).
The network consists of 2x 3750 Switch Stacks connected via fiber, edge switches connect into these cores. Both cores are running HSRP, for VLAN gateway redundancy.
Issue Being faced is as follows:
During the scan, Core 1 becomes unreachable from Core 2. We can telnet to Core 2 and administer as necessary. However we cannot telnet to Core1, a console connection also fails - the switch stack is unresponsive, but does respond to pings.
On Core 2 I've performed a show proc cpu sorted and can see the IP Input process is running at around 60% and the CPU is highly utilised.
Once Core 1 becomes unreachable the network gradually grinds to a halt, almost mimicking some sort of broadcast storm or Spanning Tree loop.
Interestingly Core 1 HSRP is still active, so the hello packets are still being sent.
The only resolution to the issue is to perform a hard reset of the Core to restore service.
Logs from core 1 show the CPU becomes fully utilised. There is also an error logged indiciating:
%FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]"
Both cores are running IOS 12.2.(52) SE IPBASE. I've attempted to reproduce the issue in the office here and although a NESSUS scan does increase switch CPU utilisation I couldn't reproduce the failure scenario.
What may be causing the 1st core to become unresponsive? I've found some articles with regard to a 6500 switch rebooting during a NESSUS scan, and also some HP switches exhibiting similar behaviour but nothing that matches the exact scenario I'm investigating.
View 4 Replies
View Related
Jan 12, 2013
i have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
View 1 Replies
View Related
May 15, 2013
I want to deploy a high availability solution for web servers in two data centers. In the primary data center I have deployed a group of web server and I want two deploy additional servers in a secondary data center for disaster recovery and high availability. Reviewing the documentation, looks like the GSS4492 is the solution for my company needs but I am not sure if I have to implement just the GSS or if I need a ACE4700 integrated with the GSS?.
View 1 Replies
View Related
Sep 22, 2011
ACE20 module with A2(3.3)I have tried to config a NAT-pool with two adresses, but only one is used.
View 6 Replies
View Related
Jul 12, 2012
I have a pair of ACE30 in Active/Standby mode. I can ssh to all active contexts. I can also ssh to all standby contexts except one.
View 6 Replies
View Related
Apr 19, 2011
The below is the display that I get on the screen when i boot the device.There are two error's one is when the daughter card is found and device give us login access after which it reboot’s. The second is stated below (this is a screen copy of the error)
INIT: version 2.85 booting/mnt/cf/TN-CONFIG on /TN-CONFIG type ext3 (rw,sync,loop=/dev/loop0)/mnt/cf/TN-CERTKEY-STORAGE on /TN-CERTKEY-STORAGE type ext3 (rw,sync,loop=/dev/loop1)/mnt/cf/TN-LOGFILE on /TN-LOGFILE type ext3 (rw,sync,loop=/dev/loop2)/mnt/cf/TN-HOME on /TN-HOME type ext3 (rw,sync,loop=/dev/loop3)/mnt/cf/TN-COREFILE on /TN-COREFILE type ext3 (rw,sync,loop=/dev/loop4)insmod: error inserting
[Code]...
View 8 Replies
View Related
Oct 14, 2012
I know that CSRs cannot be generated with multiple names, but if the SAN is added after the cert is ordered from Geo Trust, Veri sign, etc. can the CSS support using the cert?
View 1 Replies
View Related
Mar 21, 2012
I'm working on a small scale Cisco WAAS deployment. I want to know if it's possible to use the entry level Cisco WAVE-294-K9 as Central Manager.Also about licensing, does this appliance model come with the enterprise level license
View 2 Replies
View Related
Feb 11, 2013
Do you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.
View 1 Replies
View Related
Mar 17, 2012
I want to use the ACE blade in CAT6500 to loadbalancing SYSLOG events towards (SIEM) collectors. Servers and network devices will sent there syslog messages to different collectors after being loadbalanced by ACE. I was just wondering, since a lot of clients are going to sent there complete syslog events to the VIP and thus introducing a high connection rate. (+/- 200.000 CPS) According to the specs, the ACE blade has a limitation of 325.000 connection per second. I suppose this is a limitation at device level. (not on a per context basis, and does that include both TCP and UDP packets?) Could the UDP BOOST feature might come in handy allowing very high rate UDP syslog packet loadbalancing?
View 2 Replies
View Related
Jun 6, 2012
if ACE SM in L2 mode need the default gateway? We're running v. 3.2a.
View 8 Replies
View Related
Sep 17, 2008
We are evaluating the one-arm design for the ACE 4700 and need some clarifications:
1. Are there any limitations in the one-arm design and the SSL offloading
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
View 4 Replies
View Related
Aug 16, 2012
Will ACE 4710 support for IPS features?
View 1 Replies
View Related
Dec 21, 2011
We have multiple CSS 11500 clusters. We have found that on all of them, if you try to open a session on any port to an IP address on the backend of the CSS, the CSS will complete the SYN-ACK-ACK session with the client. This happens regardless of whether there is something on that IP address or not.
Coming from any IP, if I try to telnet to ANY IP on the 10.2.2.0 subnet (whether or not there is an actual server on that IP) on any port (whether or not that port is open or not), the CSS will complete the initial connection. I have verified this using telnet to numerous ports and viewing the transaction in a packet capture.
Is there any way to shut this off? This is causing some licensing issues for our security folks that use a vulnerability scanner licensed on number of IP addresses.
View 4 Replies
View Related
Mar 17, 2013
I need to setup new ACE 4710 device , after referring to "Establishing a Console Connection on the ACE" i had managed to set up initial console connection. During installtion i had configured vlan (default vlan 1000) , interface ip adess& subnet mask.
Post initial config i understand i should be able to open' Device Manager GUI Login Window' but it is not opening.I also need inputs on setting 4710 for the telnet connection
View 4 Replies
View Related
Jul 14, 2011
is there a way to reset/clear a particular context's configuration?
I see there is a 'wri erase' within a context, but no reload/reset - neither from the context itself nor from the Admin... puzzling...
I dont want to reload an entire blade just to clear one of the context's configs.
View 5 Replies
View Related
Dec 16, 2012
We have a CSS11503 that is currently being used to accept incoming HTTPS and SSH connections on a specific VIP and then PAT those client connections. I understand that it also PATs the server initiated connections. [code]
View 1 Replies
View Related
Apr 26, 2013
Any info about Exchange 2013 and ACE SLB functions. I know they changed to RPC over HTTPS on exch side and few other items changed as well. Any feedback from a production deployment.
View 1 Replies
View Related
Jan 28, 2012
ACE A2(3.4). Is it possible to set a rate-limit connections per sec from any source IP. For example, if a client is trying to GET a web page 10 time per sec I will send a reset or drop that connection.
View 1 Replies
View Related
Oct 24, 2011
How do I apply the connection parameter map in a configuration like this to the service policy int827? Do I need to define the traffic? Can I specify only one source destination flow to apply the set tcp half-closed TCP normalization against?
policy-map type loadbalance first-match wss-1100-l7slb
class class-default
sticky-serverfarm sticky-srcip-1100
policy-map type loadbalance first-match wss-1101-l7slb
class class-default
sticky-serverfarm sticky-srcip-1101
[code].....
View 1 Replies
View Related
Jun 6, 2011
How to change host name in CSS11500 Series. I cannot find any documentation for that matter.Is there any impact in the system to change the host name?
View 3 Replies
View Related
Jun 1, 2011
For server load balancing, does the ACE4710 support custom protocols? We'll be using HTTP for server health monitoring, and to determine if a server is up or down. But the client/server application is custom, and includes a lot of non-standard ports. Can the server VIP handle generic TCP connections? For example client1 connects to the VIP on http, but then later client1 switches to using tcp842 (a custom protocol, not http).
View 5 Replies
View Related
Jun 28, 2012
What is the equivalent of the command "show flash" in IOS for the CSS11503 as I would like to view available flash space on the CSS11500 series load balancers?
View 3 Replies
View Related
Jan 22, 2013
I am configuring a load balancer from cisco, a ACE 4710.Load blancing is completely new to me, and i am unexpereinced in this field. It has to be configured for a customer that want to load balance HTTP and RTSP traffic over 4 application servers (Back-end),I searched alot on google for possible solutions, and got RTSP in some way to work, but http wont work says my customer.
[Code] .....
View 3 Replies
View Related
Mar 19, 2013
We are running ACE 20 modules in highly available active / standby (all active contexts on one module) mode. Currently they are on A2 (2.4) version. We are going to upgrade them to A2 (3.6a). The question is that how ling can we run them in two different SW levels? In otherwords can we have few days between upgrading both modules?
View 1 Replies
View Related
May 24, 2011
do you know what happens if you reach the limit of, for instance 100 Mbps, compression. I know that if you reach the bandwidth limit ACE will drop packets but if you configure compression what happens if you have 110 Mbps.
I supossed that ACE will compress 100 Mbps and leave 10 Mbps without compression but I don't find this information anywhere.
View 2 Replies
View Related
Jun 3, 2012
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module. I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
View 5 Replies
View Related
Jan 18, 2012
I need configure HTTP Compression by hardware on CSS 11503. I make config like this [URL]
My config:
service s1
ip address 10.1.66.11 (web server)
keepalive type none
[Code].....
View 4 Replies
View Related
May 26, 2011
I'm setting up an ACE 4710 in our test lab before deploying in production. Do the test web servers I am using need to use the ACE as their default gateway? The are currently configured to use a multilayer switch on their vlan as their gateway but I'm guessing the ACE needs to see the return traffic for load balancing to work correctly?
View 2 Replies
View Related
Aug 26, 2012
I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
View 5 Replies
View Related
Jun 26, 2011
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
View 2 Replies
View Related
Aug 21, 2011
Is it possible to upgrade the software images on ACE 20 modules and/or ACE 4710 Appliances?
View 0 Replies
View Related
