Cisco Switching / Routing :: CSS 11501 - Contact Content VIP On Same Subnet
Feb 5, 2013
I have an issue with the device in subject. I need that some server, listed as service on CSS, can contact a content VIP on the same subnet. To allow that traffic I configured grouping on CSS (group 1) with vip address and an ACL that allow traffic from subnet 10.1.1.0/24 toward same subnet 10.1.1.0/24 and I have bound this ACL with sourcegroup 1. The nat and portmap works but never at first attempt, instead since second attempts it works. Seem like a CSS require to much time to create nat entry.
View 4 Replies
ADVERTISEMENT
Feb 3, 2012
I would like configure a CSS content, that uses the sorry service principal in an advanced way.
I am familiar with the primary Sorry Server command and see that the CSS would send all connections to the named service that is configured as the primary Sorry Server.
What I would like to do is to configure the CSS, so that once it’s decided it’s in a “sorry” state (all the services that are configured with “add service” are down) that it load balances to a different set of services.
To explain what I’ve been trying to do in the form of configuration on the CSS, I’ve pasted some pretend config below.
Connections come into IP address 1.1.1.1, which normally get load balanced between 9.1.1.1, 9.1.1.2 and 9.1.1.3.
If 9.1.1.1, 9.1.1.2 and 9.1.1.3 are all down, the sorry service is used and the CSS starts passing traffic to 1.1.2.1, which I want it to load balance between 9.1.2.1, 9.1.2.2 and 9.1.2.3.
The order that I have applied the config, is different to the below, as I set out to configure in this order: secondary services, secondary content, sorry service, primary services, primary content.
The order of the config below is different, because I wanted it in the order that the traffic flows and the CSS won’t take the config in that order!
The wall I have ran into, is that when I try to create the service I have named “Sorry Service”, I get the following error:
%% Service IP Address conflicts with a local I/F, VIP, mg mt route.
[Code] .....
View 0 Replies
View Related
Mar 27, 2013
I have 2 pair of 11501 switches and 1 pair of 11503 switches on 3 sites(LA, China, Taiwan).Each site has a pair of 1105x switch running as redundancy between them and is a standalone which will not interact with others.Recently a series of interfaces(ports) down happened to every active 1150x switches without any reason and log.Especially today, it happened to active switches at 5:39 AM meanwhile on 3 sites.
View 3 Replies
View Related
Jul 28, 2012
I have an 871 set up at home with 2 VLANs, both of these vlans present a strange behavior where an user is unable to ping/contact another user on the same subnet, however if users are on different subnet it seems to work [code]
According to the troubleshooting that I have done, the issue seems to be with the broadcast traffic, ARP request/reply do not reach another host on the same subnet (wireless to wireless or wired to wireless) however if the wireless device iniciates the connection to wired, it works fine.
I have tried to enable proxy arp on the different VLANs and BVI and different combinations but no sucess in order to get traffic across 2 wireless devices on the same subnet or a connection that is iniciated for a wired client to a wireless one.
I tried enabling and disabling dot11 arp-cache but no luck.
View 2 Replies
View Related
May 18, 2012
My environment have two device ,a cisco css11501 and a cisco 2960 ,when I reboot CSS11501 then 2960 shutdown fa0/41
I command "sh logging | in 0/41" just up down two time,not five times in 10 seconds
.May 17 11:13:18: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to down
.May 17 11:13:19: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to down
.May 17 11:14:53: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/41, putting Fa0/41 in err-disable state
.May 17 13:44:35: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to up
.May 17 13:44:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to up
View 4 Replies
View Related
Nov 8, 2011
My 2811 sip gateway send invite to my ITSP server with incorrect IP address in Contact section. It uses the internal ip address instead of using the public ip. As results, the re-invite sent back from ITSP sip server cannot be recieve. Could some tell how to change the ip address in Contact section of the invite message.
View 6 Replies
View Related
Jan 23, 2013
I have Cisco 871 router with 12.3. OS version.
1. I'm interested if it's possible to block certain contetn only at certain time ? e.g. We would like to block facebook from 7:00 to 10:00 and from 11:00 to 15:00. I was going through cisco manuals but can't find the right answer to this.
2. Cisco 871 has 4 LAN interfaces and one WAN interface. Currently WAN interface is connected to adsl modem in bridge mode and LAN 0 interface is connected to switch.
I'm interested if I could use remaining 3 LAN interfaces for adsl connections same as I'm using WAN interface. Then I would create vlans that would use LAN interface 0. Each of those VLAN's would use different adsl connection.I would assign different IP to each VLAN's so users would be able to change their gateway and use different ADSL connection.
View 1 Replies
View Related
May 24, 2012
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
View 4 Replies
View Related
Jul 16, 2012
Getting a lot of the following errors on our 5508 form the same subnet: 10.20.0.1 255.255.248.0 . I tried researching and not getting much.
broffu_SocketReceive: Jul 17 10:11:10.068: %DATAPLANE-3-DP_MSG: broffu_fp_dapi_cmd.c:2891 FP0.09:(7089389)[cmdAddIpv4:2921]failed to find ipv4 10.20.6.58
[code]....
View 2 Replies
View Related
Feb 20, 2012
I’ve configured a small WLAN for a school that wants to have wireless network access for their staff as well as for guests doing presentations. They want the staff to have access to everything on the 192.168.1.0 /24 network as well as the Internet. They want the guests to only have access to the Internet. I have attached a picture which shows how the network has been configured with 4 Cisco AP1242G AP’s attached to a Cisco SF302-08MP PoE switch and then to a Symantec Security Gateway to the Internet.
I can authenticate wirelessly to the STAFF SSID and ping anything on the 192.168.1.0 /24 network and access the Internet.I can authenticate wirelessly to the GUEST SSID and ping anything on the 172.16.1.0 /24 network, but not anything on the 192.168.1.0 /24 network (which is what we want). However, when on the GUEST network you can’t access the Internet. I added a default route to the Cisco 302-08MP switch to 192.168.1.1 (Symantec firewall) thinking that would forward the traffic from 172.16.1.0 /24 to the Symantec firewall out to the Internet, but that isn’t working.How would I go about getting the traffic from 172.16.1.0 /24 to hit the Symantec firewall and the Internet, without hitting anything else on 192.168.1.0 /24? Do I need to put the Symantec firewall in a different subnet like 192.168.2.0 /24? Am I missing anything else?I’ve worked with Extreme Networks & HP / 3Com CLI in the past, but never with Cisco and never with web based management
View 1 Replies
View Related
Feb 9, 2012
I have Catalyst C3750G switch
with configured route to subnet 192.168.201.0/24
ip routing
ip route 192.168.201.0 255.255.255.0 192.168.160.13
192.168.160.13 is accessible
[Code].....
View 5 Replies
View Related
Feb 14, 2012
we have some devices on the network which cannot be secured and we need to isolate from the rest of the subnet.Our switches are Cisco 2960.Is it possible to via an ACL local a specifric port down to only allow traffic from specific MAC addresses? I've had a go at this myself but not been able to make any progress. The traffic type is TCP/IP.
View 10 Replies
View Related
Jan 14, 2013
We have two switches; a WS-C3550-48 and a WS-C3548-XL connected via fiber uplink ports. Both switches are on the same subnet 192.168.1.0 /24. I would like to change the subnet of the second switch, WS-C3548-XL, to be on 192.168.2.0 /24. Would it be possible to assign 192.168.2.x IP addresses to both uplink ports to achive this?
Or would I need to create a separate VLAN and assign both GigabitEthernet0/1 uplink ports to this VLAN?
View 5 Replies
View Related
Oct 7, 2012
I have a customer who has an ASA 5505 that is handling the routing for their internal network. They are running out of available IP addresses on their subnet 192.168.1.0/24. They have dumb switches that don't suppport multiple vlans or trunking & they are only able to connect to one switchport on the ASA. He doesn't not want to purchase any new equipment or rearrange their existing equipment at this time. The customer would like to statically assign IP addesses for 192.168.1.x & 192.168.2.x and have the ASA hand out DHCP addresses for 192.168.3.x addresses. The customer suggested configuring a super subnet. A 192.168.0.0/22 address scheme would provide an ip range 192.168.0.0 - 192.168.3.255 on a single VLAN. I know this is an unconventional way to setup an internal network & I will definitely advise the customer that this should only be considered as a temporary solution until they get more appropriate network equipment.
View 3 Replies
View Related
Mar 15, 2013
I have forgot this technology name, but, I remember it can achive on between Nexus 7000s in two location, and also between two catalyst 6500.Can I ask if it can be done between one nexus and one catalyst 6500?
View 8 Replies
View Related
Dec 13, 2011
We have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
View 1 Replies
View Related
Jan 25, 2012
I recently bought SG-300 28P to create the VLAN. My network hs 3 subnet 192.168.1.0, 192.168.2.0 and 192.168.3.0.My main net work is 192.168.1.0. I want to divide it to VLAN to eliminate the boardcast storm; especially from the domain 192.168.3.0
But I want all the devices from 192.168.1.0 to access other subnet.
View 4 Replies
View Related
Jun 28, 2012
I need to configure the C3560-24TS, QoS control by IP or subnet.i tried to study books and videos many times but still feel i am not well known about QOs...
View 1 Replies
View Related
Nov 27, 2012
how to know if my bgp neighbour advertised my network from his side or not ???
here is my config :
Gateway7600#sh ip bgp
BGP table version is 8, local router ID is 192.168.40.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
[code]....
View 5 Replies
View Related
Jun 20, 2012
I am trying to modify the OSPF admin distance for a specific subnet under version 5.1(5) of the Nexus 7K, but this command does not appear to be available.
View 1 Replies
View Related
Feb 13, 2013
I have some questions about how to configure my Cisco 1941 with a routed subnet from my ISP to forward them to 1 or more servers in my LAN.1 Routed subnet /29 from my ISP (over a fiber connection).In my LAN I have (at the moment) 3 servers, and about 15 clients.I would like to use the first ip address from the routed subnet for internet traffic from all the clients in the LAN.I would like to use the second ip address from the routed subnet for server1 so that server1 accept some allowed connections and that server1 connects to the internet with the second ip address from the routed subnet
I would like to use the thirth ip address from the routed subnet for server2 so that server2 accept some allowed connections and that server2 connects to the internet with the thirth ip address from the routed subnet.I would like to use the fourth ip address from the routed subnet for server3 so that server3 accept some allowed connections and that server3 connects to the internet with the fourth ip address from the routed subnet.[code]
View 13 Replies
View Related
Sep 6, 2012
Have our public IP address space masked on /24 at our Internet Router. The router portion of 3845 connects to Internet, while the internal switch connects to my internal network and seeds it with the public address space. The switch had a port configured no switchport (L3) with an ip address with /24 (ie 67.63.145.1 /24) this connects to internal IPS/IDS then to Firewall which NATs to internal, then packet shaper, web filter etc etc etc. I need to test my ISP speed so I need to "break in" to the link between the switch and the IPS/IDS. I figured I could configure another port on the switch on the 3845 but my problem is the port to my network is routed and is masked on entire /24. I tried to configure a port on VLAN 1 and give myself an available address in the L3 address space and this did not work (figured it would not but gave it a try)
Any way to get two ports configured to use the same subnet while one is a L3 routed port and the other is just part of that layer 3 routed network?
View 1 Replies
View Related
Mar 11, 2012
I have a Nexus 7K router, has 2 ospf process, ospf 1 and ospf2. OSPF1 has several subnets in 10.1.0.0/16 subnet range , OSPF2 has several subnets in 10.2.0.0/16 subnet range. I want to summary OSPF 1 subnets to 10.1.0.0/16 then redistribute to OSPF2.but OSPF 2 didn't receive 10.1.0.0/16. Below is the config
ip prefix-list all seq 10 permit 0.0.0.0/0 le 32
route-map all permit 10
match ip address prefix-list all
router ospf 1
router-id 10.10.3.9
[code]....
View 2 Replies
View Related
May 13, 2012
I need to make some changes on our network. We currently have two sites 150 miles apart we join both by way of fiber and on each side we have Cisco 3750 stack switches, configure trunking for all V lans on one port in site one then through the the long haul fiber to site two with site one using 10.1.1.30 and site two using 10.1.1.40 as their default gateway, with static routing all V lan sub nets to the other sites default gateway life is good.
My question - seeing how we have sites using the same sub net 10.1.1.x to trunk all data to each site through switches; we need to now change the network and add each site to the MPLS network, site one switch 1 IP address 10.1.1.30 going to MPLS router one with FA0/0/0 using IP 10.1.1.31, site two having switch 1 IP address 10.1.1.40 going to MPLS router one with FA0/0/0 using 10.1.1.41. I need to know will this work.
We have the same sub net in each site 10.1.1.x to the MPLS routers then the external router interface connecting each site to local switches, will this cause any problems by using the same local sub net for each site?
View 1 Replies
View Related
Mar 28, 2013
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
View 12 Replies
View Related
Jun 12, 2012
We are about to upgrade Cisco Load Balancer CSS 11501 firmware from current ver, 8.10.4.01 to 8.10.6.02,this is a production line device (a running 24x7 network), upgrading will create unpredictable results even worst the network will go down.
View 1 Replies
View Related
Mar 1, 2011
We have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
View 1 Replies
View Related
Jan 30, 2012
it's possible to clear stickies per VIP? The firmware is 08.20
View 2 Replies
View Related
Nov 27, 2011
I have 2 CSS 11501 providing load-balancing rules and SSL termination. When CSS is used for downloading through the rules of SSL, the rates I get are quite lower than those obtained when the download is done either directly on the machine or by using the rules of HTTP. Is it normal? Is there anything that canspeed up this process?
View 2 Replies
View Related
Feb 13, 2012
i need to enable snmp on Cisco CSS 11501.
View 1 Replies
View Related
Nov 22, 2011
I am load balancing Terminal Server Windows 2008 sessions with an CSS 11501. The code version is sg0750004 (07.50.0.04). I am trying to establish a Terminal Server session with Single Sign-On (SSO), but without success. Normal login with Username and Password on the TS are functionning, but never SSO session. The environment is: 10 Windows 2008 Terminal Servers (NTS1, NTS2,NTS3...). In DNS I have a host A named TS with IP for balanced CSS. The problem I see is that the client PC opens a TS session to "TS". then dont work SSO, but if client PC open a TS session to NTS1, NTS2...is working fine the SSO I am not sur if we can do something on the CSS.
View 3 Replies
View Related
Aug 7, 2012
I have 2 CSS, 1 as primary and 2nd as standby. I configured the standby CSS as my old standby CSS box and now wanted to test the faliover. I am not aware of how to test it in. ny how i have cr for that.
View 1 Replies
View Related
Oct 14, 2012
some misconfiguration (?) may be the reason for an undesired behaviour we are experiencing with our Cisco CSS 11501s. Balancing mechanisms work fine, however if a service transitions to the "down" state, the corresponding flows remain "alive" leading to a temporary outage of our service. Subsequent client requests are still being sent to the "down" frontend which is unresponsive.
View 4 Replies
View Related
