Cisco :: FT Configuration On ACE 4710
Oct 13, 2011
I have configured ft on ace 4710 for failover, but the failover is not working. Each ace is acting as active, whereas the peer status is showing " FSM_PEER_STATE_DOWN".
I am attaching the configuartion file of both ace.
Note: Physically I have configure both ace device separately, but my confusion is do I need to configure only on primary ace and the same will be replicate on secondary ace automatically (like failover in ASA configuration) or it is ok.
View 1 Replies
ADVERTISEMENT
Jan 22, 2013
I have Ace 4710 version A4.1.1 and I am experiencing interesting problem with GUI and SSH reachability. I am unable to connect to management vlan3000. Interesting is that I can ping from ACE to network but unable to ping or SSH or HTTPS to ACE. Everything seems good. ARP is ok, switch is OK, line is up, protocol is up. Management is enabled for icmp, https, ssh to any.
When I do show interface I noticed line Config download failures : 9.
Hardware type is VLAN MAC address is 00:1e:68:1e:bc:db Virtual MAC address is 00:0b:fc:fe:1b:01 Mode : routed IP address is 10.168.0.18 netmask is 255.255.255.128 FT status is active Description:Management VLAN MTU: 1500 bytes Last cleared: never Last Changed: Mon Jan 21 16:48:54 2013 No of transitions: 5 Alias IP address not set Peer IP address is 10.168.0.19 Peer IP netmask is 255.255.255.128 Assigned on the physical port, up on the
[Code] ....
View 7 Replies
View Related
Sep 27, 2010
We are replacing CSM modules with 4710 appliances. Is there a config conversion tool? Have not seen it in any Cisco documents.
View 3 Replies
View Related
Jan 22, 2013
I am configuring a load balancer from cisco, a ACE 4710.Load blancing is completely new to me, and i am unexpereinced in this field. It has to be configured for a customer that want to load balance HTTP and RTSP traffic over 4 application servers (Back-end),I searched alot on google for possible solutions, and got RTSP in some way to work, but http wont work says my customer.
[Code] .....
View 3 Replies
View Related
Oct 20, 2009
I have two ACE-4710 in active/standby mode, running code A3(2.2). Four contexts are configured. Both devices were functional without problem, until I reload the standby unit. After reload, the standby unit completely lost its configuration with exception of the FT vlan and the FT peer configuration in the Admin context... Both units recognized each-other and I can still ping the primary unit on the FT vlan, but nothing else. Contexts are lost and interfaces are shutdown! Nothing changed at the software level, both devices run exactly the same image and the same licences are installed (it worked well before the reload).
So, I decided to reconfigure the basics on the standby unit in order to trigger a config sync from the primary. And here arrives the problem : I reconfigure the FT vlan, the FT peer, I check the peer state and everything is OK.
Then, I try to ping the primary unit from the standby unit with success :
switch/Admin# ping 192.168.16.1
Pinging 192.168.16.1 with timeout = 2, count = 5, size = 100 ....
Response from 192.168.16.1 : seq 1 time 0.000 ms
[Code]......
View 3 Replies
View Related
Jun 25, 2012
I am looking at management (backup of the configuration) of the ACE 4710 running A4.1, the management software is Cisco Cirrus. The question I have is around the management of the context's, I have a backup of the Admin but would like the user context's also, how this is completed.
View 3 Replies
View Related
Apr 16, 2012
Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later. I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
View 6 Replies
View Related
Nov 20, 2012
When trying to view the status in the Monitor tab and the Config tab after you log in to the ACE 4710 Device Manager A5 (1.2) management GUI tool, I could not retrieve the status data and the following message appeared.
"Faild to upload Adimn configuration: There is error in loading configuration: Error in loading RMO config from DB:The given index XXXXXXXXX.bak does not match table index definition"
Other features include all normal, so I can get information by using the CLI.In addition, this configuration is redundant in the Primary / Secondary, this event occurs only on the Primary.
Other:-XXXXXXXXX.bak is a backup that you created in the checkpoint, and it does not already exist.
-When I'm logged on to the GUI, the above message is displayed in the status bar always.
-It was not recovered by ACE restart it.
-When I try to create the same configuration in a different environment, it did not reproduce.
View 2 Replies
View Related
Aug 31, 2011
I have been tasked to provide SSL(HTTPS) access to a server farm that will be accessible from the internet. Is this the correct guide to follow?
[URL]
I am assuming I will need to purchase a certificate to import into the load-balance r as well.
View 1 Replies
View Related
Oct 15, 2011
I want to use one arm infrastructure of ACE4710. But I remember it was problem for back end server can not get logging for which client/ip address access the web server.
View 3 Replies
View Related
Feb 2, 2013
i'm looking for a recommendation for a setup guide including ft i've had a quick look a wiki and i can get basics but i'm not sure about if i need to setup additional contexts etc when i'm the only one using the appliance?
View 2 Replies
View Related
Aug 26, 2012
I have an issue with a customer that wants to update a server behind the ACE. The problem is that when the application wants to update the server it does it with the name.Doing some research I found that you can rewrite the record DNS based on the static NAT you set up on the ACE. The feature is called DNS inspection. Is the same feature as the ASA (DNS doctoring).I apply it to the outside interface and it did not work.
View 1 Replies
View Related
May 7, 2013
What are these ports used for? What can I do with them?
View 2 Replies
View Related
Feb 12, 2013
I am trying to configure sticky on an ACE 4710 and don't understand what the netmask part of the sticky ip-netmask netmask address {source | destination | both } name command.
Some examples use 255.255.255.255 and others use 255.255.255.0 but I don't know what the significance is or what it does?
I am going to configure for both source IP and destination IP (both).
View 2 Replies
View Related
Mar 19, 2012
With the current (A5) ACE 4710 lic setup, does the "X gigabit per second appliance throughput" that is licensed affect: -
A) Only "appliance" i.e. load balancing traffic, any other normal routed traffic is not included in the limit
or
B) Is it an overall throughput limit on the interfaces i.e. includes all traffic not only load balancing traffic but also normal routed traffic crossing the appliance
Looking at a scenario where the lic size I need for HTTP load balanacing would be one size if A) but would need to be much larger is B) to accomodate out of hours routed backup traffic crossing the ACE 4710
View 1 Replies
View Related
Aug 27, 2012
I've just run the ACE 4710 and it seems that is booting up well but it stops when 'Setting up dynamic memory size' message appears.
INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.
[Code]....
View 2 Replies
View Related
Aug 11, 2012
I've got a web app that the owners want to run over port 80, but also using SSL to secure private data in transit. The architecture is an ACE 4710 in SSL termination mode->Apache (port 2000)->Back-End app server.
I've got two VIPs set up already - one on port 443 and one on 2000 - both of which do the SSL termination quite nicely, but using the 3rd VIP set up on port 80, the connection steadfastly refuses to be HTTPS (i.e. doesn't show the padlock).
I've done all the set-up through the web interface so far, can this be done? If so, how?
View 1 Replies
View Related
Jul 19, 2011
I am currently running A3(2.6) and evaluate the possibility of upgrading to A4(2.1). The Instal & Upgrade Guide A4(2.0) mentions that A4(2.0) does not include all features of A4(1.1). Does this apply to A4(2.1)? The Release Notes mentions a list of features merged from A4(1.1) to A4(2.1) but does not clarify if there any features not merged.
[URL]
View 1 Replies
View Related
Jan 2, 2012
we are trying to integrate ACE 4710 {Cisco ACE 4710 version A3(2.0) } installed on 4506-E with LMS 3.2. LMS is able to detect the 4506-E But LMS is unable to detect the ACE 4710. Tried to find the cisco document for supported devices in 3.2 it shows ACE 4710 is supported in DFM 3.1.1
[url]...
Also need to open tac for the same. but dont have details of LMS. How to open a SR with cisco (what details are required and how to find those details in LMS)
View 2 Replies
View Related
Nov 13, 2012
we configued An ACE 4710 with SSL termination on Oracle Aplication Server 10g (10.1.2.0.2) ,so that SSL termination is done on the ACE and HTTP reaches the Oracle Aplication Server 10g (10.1.2.0.2) then we configure the ACE to enabled client authentication with Pkcs#11 smart card token certificate and this don succfully my problem need do this client certificate authentication for only the [URL] not for all SSL proxy service how can do that.
View 3 Replies
View Related
Dec 5, 2011
I'm receiving a lot of these messages in a ACE4710 cluster. 192.168.100.1:80 is the VIP, 193.126.127.28:56380 is the client. Already tried to set the mss with this:
parameter-map type connection my map set tcp mss min 0 max 1380
policy-map multi-match L4_policymap
class vip_PRDWEB_http
loadbalance vip inservice
[code].....
But it doesn't work.
View 4 Replies
View Related
Jul 31, 2011
We have recently transitioned one of our Ecommerce products to a new data center, at which we now use a one-armed load balancing approach rather then the routed load balancing approach we used previously. This is casuing us some issues as we generally log the source IP address a user comes in on when he fills out an application. Now the logs only show the natted ip address recieved by the load balancer, which does us no good. Any way to log the source IP address when a new connection is created to a particular vip?
View 3 Replies
View Related
Jun 2, 2011
If we use an ACE4710 to load balance two real servers, obviously it will use health checks to determine if a server is down.When it detects a server is down, it will not send it any more traffic.But can we also have it take any other action? For example maybe email an admin, or send an SNMP trap? Or better yet, can we use a custom TCL script to do other things, like launch some custom activities?
View 2 Replies
View Related
Jan 24, 2012
I am new to the 4710 appliance.Apart from the 4 GE 'data' ports, there are 2 Ethernet 'management' ("console") ports. I find the description in the "quick start guide"somewhat confusing. URL, Is a first-time serial connection (at least to run the initial config. script) mandatory? Or can you obtain the same result via one of the 2 Ethernet management ports and using a default ip address (192.168.1.10 ? When running the initial config. script (only possible from the serially connected console i suppose), you have to select your management port. Why does the system in step 5 proposes you 4 ports, and not just 2? I suppose the intended port for management is one of the 2 management ports, not one of the 4 data ports?
View 1 Replies
View Related
Jun 29, 2012
I have a pair of ACE 4710s with 12 contexts sharing the load, running A4(2.1). esterday I upgraded one of them to A4(2.3) now I cannot telnet to the Admin context.Pings ok. I can telnet to other contexts on the box and everything seems to be working ok when i do a " sh telnet" comes back with
No Session Information is available
sh telnet maxsessions
telnet maxsessions 16
View 1 Replies
View Related
Dec 14, 2011
ACE# sh script code NORDICID_PROBE.Error: Called API is invalid or non-existant.Hardware is ACE-4710-K9 and software A3(2.7)The probe itself is functioning ok according to show probe detail.However show script script_name probe_name -counters all remain at zero for some reason. This wasn't the case on the previously use ACE software.To my recollection the command show script code has worked successfully before on the same ACE software. Not 100% sure though, but it definitely worked on the previous software we ran on the ACE.
View 2 Replies
View Related
Jan 30, 2012
the ACE 4710 is running 3.2.5 and I need to put it in another environment.Is there a way to reset its settings?
View 3 Replies
View Related
Aug 22, 2011
Any document that details the steps to change the FT ip addresses of a pair of Cisco 4710 whilst they are running in a production environment without causing an outage?
Would the steps be:
On the secondary unit:
hbs-syd04-lb01ft interface vlan 417 ip address 172.30.254.221 255.255.255.252 peer ip address 172.30.254.222 255.255.255.252
Then on the primary unit:
hbs-syd04-lb01ft interface vlan 417 ip address 172.30.254.221 255.255.255.252 peer ip address 172.30.254.222 255.255.255.252
Or Vice Versa?
View 1 Replies
View Related
Oct 23, 2011
Is this normal to have millions of current connections within an ace 4710? There is only 3 current connections but shows a high number?
View 3 Replies
View Related
Jan 25, 2012
I have a pair of ACE 4710's running software version A3(2.0). I intend to upgrade to version A5(1.2). Can I go straight to version 5 or do I need to go to version 4 and then version 5?
View 1 Replies
View Related
Oct 6, 2011
We have two pairs of ACE 4710s, one pair running A3(2.4) and the other pair A3(2.0). We plan to upgarde the second pair so that they are running the same image as the first pair (we know they are not the latest, but this is the first step in a larger rollout plan, and to aid some troublshooting for a major issue we are seeing.)
I have details of the upgrade steps, but my question is with regards to the licenses which are now enforced after (2.0). We currently have the following on the first pair, but are these part of the default licenses for (2.4) or would we need to purchase these as well?
ACE-AP-500M-LIC
ACE-AP-C-100-LIC
ACE-AP-OPT-50-K9
ACE-AP-SSL-05k-K9
View 2 Replies
View Related
Mar 19, 2012
Am trying to verify performance figures for a CSS 11503 EOL replacement using ACE 4710
Trying to comapre apples with apples (is a CSS SSL TPS the same as a ACE 4710 TPS etc...)
Pulling figures from data sheets, release notes etc I have only come up with the following
Is there any further figures available for the ACE 4710 to fill in the blanks in table?
Am sure that ACE 4710 smokes the CSS but have to do the due diligence
<TR style="HEIGHT: 30pt" mcestyle="height: 30pt;">
<TD style="WIDTH: 170pt; HEIGHT: 30pt" height=40 width=226 mcestyle="width: 170pt; height: 30pt;"> Metric</TD>
[Code].....
View 1 Replies
View Related
Jan 29, 2013
What exactly happens when the SSL connection rate is exceeded. Is the connection dropped, queued or what ?
Defined as the SSL TPS. In our case 1000 but upgradeable to 5000
View 3 Replies
View Related
