ACE 4710 Appliance GUI configuration
I am having an issue with configuration of the GUI for the 4710. If I am using local authentication, the GUI works fine. However when I turn on aaa and use radius to authenticate, I am unable to log into the GUI.
When I place the 4710 into debug for aaa, I am sucessfully authenticating. My radius server's logs state the same.
Has anyone run across this?
Are you able to login to the CLI using AAA? Have you configued the role and domain for the user on your AAA server? Here is some documenation on configuring the role and domain for a use on the AAA server:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/aaa.html#wp1321891
Similar Messages
-
VLAN Tagging on the ACE 4710 Appliance
Hello all,
I have a quick question. How does the ACE 4710 Appliance works with VLAN tagging? I have virtual servers that I am trying to configure behind ACE. The VMs support VLAN tagging. Can I just trunk to link to my core switch and allow the ACE vlans to pass through?
Your help is greatly appreciated.ACE 4710 support dot1q trunkning.
Configure the interface between 4710 and core switch as a trunk.
Same between your VMS and core switch.
Gilles -
Hi,
I have ACE 4710 Appliance, but it is failed and giving following error while login at console.....
I am suspecting hardware issue..most probably with harddrive.... Please let me know if it can be recoverable of only replacement is the solution..
switch login: init: failed to initialize modlock_init(): No such file or directo ry
eth2: ERROR while getting interface flags: No such device
perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen t (error-id 0x801E0016).
init: failed to initialize modlock_init(): No such file or directory
eth2: ERROR while getting interface flags: No such device
perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen t (error-id 0x801E0016).
init: failed to initialize modlock_init(): No such file or directory
eth2: ERROR while getting interface flags: No such device
perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen t (error-id 0x801E0016).
/isan/sbin/sysmgr: symbol lookup error: /isan/lib/libutils.so: undefined symbol: tftp_callback_fn
Regards
NadeemHi,
I RMAed the appliace, i think it was hardware failure which casue this issue.
If some one face this issue please let me know...Thanks!
Regards
Nad -
ACE 4710 - need help configuring backend server monitoring
Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru
to backend web servers. This all works fine.
My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should
a web server crash or become unavailable I need to redirect that backend connection to another web server.
Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point
have all the connections forwarded to 2nd server.
Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
Any help would be appreciated.
Cheers
DaveHi Dave,
You can use sorry-server or backup server feature. details can be found at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1000264 -
Schedule reload on ACE 4710 appliance?
Is it possible to schedule a reload of an ACE appliance? Can yuo advise cmd's if so. Regards William
Finally found it in the command reference guide too.
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description
This command has no keywords or arguments.
Command Modes
Exec
Admin context only
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/execmds.html#wp1361286 -
ACE 4710 Appliance end-to-end SSL
Hello,
Am I able to use a port other than 443 to the servers in a end to end SSL config? For example, 443 to the users and 8443 to the servers?
Thanks,
DaveHi Dave,
Sure that's not a problem at all. Just make sure you add the 8443 after the rserver name in the serverfarm configuration
serverfarm host REAL_SERVERS
probe HTTPS-KEEPALIVE
rserver SERVER_01 8443
inservice
rserver SERVER_02 8443
inservice
Hope this helps,
Sean -
ACE 4710 Appliance action list
Hello,
I am running an action-list for an SSL rewite and need to configure another SSL rewrite for a different VIP/site. Can I add to that same action-list and reference in a different policy-map? Or, do I need to create a new action-list for each VIP?
Thanks,
DaveI guess you'd better define a separate action-list for each site/VIP as it usually (always (-: ) contains the site name/IP:
action-list type modify http SSL_ACTLIST
ssl url rewrite location sysanlbs|sysanlbs\.sysa\.acme\.hu|10\.222\.6\.[148] -
ACE 4710: No image in GRUB loader
I have an ACE 4710 appliance that has only a Linux kernel in its GRUB loader, no ACE image. Is anyone aware of how I could copy the image to the ACE via TFTP, USB drive, etc.?
Hi Joe,
Take a look at this link. It will show you how to copy and image to the ACE using the ACE-APPLIANCE-RECOVERY-IMAGE.bin. If it can't find this, then you may need to RMA the device.
Reformatting the Flash Memory
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_x/configuration/admin/guide/managesw.html#wp1069378
Hope this helps,
Sean -
ACE 4710 in failover - ssl offload, cert for second ACE
Hi,
I'm testing two ACE 4710 appliances that should work in active/standby mode and do ssl offload in bridged mode.
At the moment I have configured one of the devices to do basic load balancing (without ssl offload).
Now I would like to move further and configure ssl offload and configure High availability.
I read that the certificate for ssl can be localy generated on the ACE device but I couldn't find any information regarding the cert that should be used on the second ACE.
Should I generate a new cert od the standby unit or somehow use the one on the first ACE?
Is it better to first set up high availability and then configure ssl offload or vice versa?
Does anyone have a config example of ssl offload and active/standby configuration?
Thank you in advance.You simply need to generate keys & CSR on the primary ACE. Export the Keys from Primary ACE, Import these keys to Standby ACE and once you recieve the certs from CA then simply import the cert to both ACEs.
FOllowing will be steps to achive that
On primary Ace
1. create RSA Keys
crypto generate key 2048 app1.key
2. Create CSR & send it to CA
ace/Admin(config)# crypto csr-params app1-csr
ace/Admin(config-csr-params)# common-name www.app1.com
ace/Admin(config-csr-params)# country US
ace/Admin(config-csr-params)# email [email protected]
ace/Admin(config-csr-params)# locality xyz
ace/Admin(config-csr-params)# organization-name xyz
ace/Admin(config-csr-params)# organization-unit xyz
ace/Admin(config-csr-params)# state CA
ace/Admin(config-csr-params)# serial-number 1234
ace/Admin(config-csr-params)# end
ace/Admin(config)# crypto generate csr app1-csr app1.key
(copy the result to a file)
4. Import certificate recieved from CA
crypto import terminal app1.cert
(pasted the content from the cert)
5. verify the cert & keys match
crypto verify app1.key app1.cert
6. Export the keys from Active
crypto export app1.key
(copy the result to a file)
ON Standby ACE:
1. Import the keys
crypto import terminal app1.key
2. Import the cert
crypto import terminal app1.cert
3.verify the cert & keys match
crypto verify app1.key app1.cert
Hope this helps
Syed -
Hello,
I am running redundant ACE 4710 appliances running A3(2.7). I have five FT groups configured along with FT Tracking and when the vlans fail due to physical links being down, the contexts to do not failover. If one of the ACE boxes fail completely, failover works fine. I have included the FT config from one of the contexts below. I have a case open with TAC and the Engineer is suggesting the use of a query interface in additon to FT Tracking. We have had two incidents on separate contexts where we lost a physical interface on the primary ACE, one for the maintenance of the core switch, the other was a cable disconnect and we are unable to understand why the indivdual context didn't failover. Any ideas would be much appreciated. Let me know if more info/configs are needed.
Dave
ft interface vlan 900
ip address 10.10.10.1 255.255.255.0
peer ip address 10.10.10.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 900
ft group 3
peer 1
no preempt
priority 210
peer priority 120
associate-context XYZ
inservice
FT Group : 3
No. of Contexts : 1
Context Name : XYZ
Context Id : 2
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 210
My Net Priority : 210
My Preempt : Disabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 120
Peer Net Priority : 120
Peer Preempt : Disabled
Peer Id : 1
Last State Change time : Wed Jan 11 13:14:16 2012
Running cfg sync enabled : Enabled
Running cfg sync status : Running configuration sync has completed
Startup cfg sync enabled : Enabled
Startup cfg sync status : Startup configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
show int
vlan424 is up, VLAN up on the physical port
Hardware type is VLAN
MAC address is 00:1e:68:1e:ba:b7
Virtual MAC address is 00:0b:fc:fe:1b:03
Mode : routed
IP address is 10.104.224.6 netmask is 255.255.255.0
FT status is active
Description:"New Server VIP and real"
MTU: 1500 bytes
Last cleared: never
Last Changed: Sun Mar 11 01:13:12 2012
No of transitions: 3
Alias IP address is 10.104.224.5 netmask is 255.255.255.0
Peer IP address is 10.104.224.7 Peer IP netmask is 255.255.255.0
Assigned on the physical port, up on the physical port
Previous State: Sun Mar 11 00:04:57 2012, VLAN not up on the physical port
Previous State: Sun Sep 18 10:21:15 2011, administratively up
3991888419 unicast packets input, 23734607976687 bytes
20246934 multicast, 174801 broadcast
0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
1609345958 unicast packets output, 23690663385228 bytes
7 multicast, 55807 broadcast
0 output errors, 0 ignoredDave,
For tracking to work you need to have preempt enabled. Can you try enabling preempt under the ft group and test your tracking again? Another potential issue you may run into is if your tracking is not lowering the priority enough when it fails. The difference between the active and standby device is 100. If you are not decrementing the priority greater than this value even if priority is enabled it will not lower it enough to force the failover. If after enabling preempt on this group the tracking still does not work as expected send you whole config for us to look at.
Regarding the query interface; This is not a bad idea. It will help prevent an active active situation if there is a problem with the ft link between the two modules.
Thanks
Jim -
ANM 5.2 unable to import ACE 4710
Good day,
I am currently experiencing a problem while trying to import multiple 4710 ACE Appliances into ANM. ANM version is 5.2 and ACE 4710 Appliances version is 5.1.2. The error message is the same for all Appliances (currently 14, more to be deployed this year, another 12 this year). The management class, policy-map and servcie policy are all in place.
The error message is below:
Any assistance would be greatly appreiated.
Thank you.
PaulPaul,
Can you get a show tech-support?
After that, can you do the following:
1. "dm status"
2. "dm reload"
3. "dm status"
I think you probably may require to reboot the box but it will be better to open a TAC case for that and check deeper.
Hope this helps!
Jorge -
Server-conn reuse stats on ACE 4710?
Hi,
Does anyone know if it's possible to get the server-conn reuse stats on an ACE 4710 appliance? I'd like to confirm that it's working and ideally see the number of resued connections.
Thanks,
JimScimitar1/Admin# show np 1 me-stats "-socm -v" | i [uU][sS][eE]
Reuse retrieve link update conn invalid 0 0
Reuse retrieve link update conn not on r 0 0
Reuse retrieve success but conn invalid: 0 0
Reuse retrieve miss: 0 0
Reuse conns retrieved: 0 0
Scimitar1/Admin#
The last 2 indicates if a new connection is needed (miss) or if we could retrieve an existing one.
Gilles. -
Can't install ACE 4710 license
Hi,
I've tried to installed the license, but is not successful, below are the steps which i've taken to installed the license, with error messages. pls. assist.
CBJ6-LBDMZ2/Admin# copy tftp://10.2.18.66/ACE20090909090659371.lic disk0:
Enter the destination filename[]? [ACE20090909090659371.lic]
Trying to connect to tftp server......
TFTP get operation was successful
685 bytes copied
CBJ6-LBDMZ2/Admin# license install disk0:ACE20090909090659371.lic
Installing license... failed: Can't install this license with the current countCBJ6-LBDMZ2/Admin# show licen
ACE20090727112500202.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT ACE-AP-01-LIC cisco 1.0 permanent 1 \
VENDOR_STRING=1 HOSTID=ANY \
NOTICE="200907271125002021 \
1211J5CB363" SIGN=F2E3AFA69526
I think you have an HW appliance (code: ACE-4710-K9) with one a la carte license ( ACE-AP-01-LIC).
You bought a Bundle upgrade license, and this is not compatibly with you current license ( a la carte license).
To use the ACE-4710-BUN-UP2= ( 1G Bundle to 2G Bundle Upgrade License) you need to have a bundle product like the
ACE-4710-1F-K9.
Check this:
Table 1 ACE Licensing Bundles
License Model Description Upgrade Path
ACE-4710-0.5F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•0.5-Gbps throughput license (ACE-AP-500M-LIC)
•100-Mbps compression license (ACE-AP-C-100-LIC)
•100 SSL transactions per second (TPS) license (ACE-AP-SSL-100-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 1-Gbps, 2-Gbps, or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP1=.
ACE-4710-1F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•1-Gbps throughput license (ACE-AP-01-LIC)
•500-Mbps compression license (ACE-AP-C-500-LIC)
•5000 SSL TPS license (ACE-AP-SSL-05K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=.
ACE-4710-BAS-2PAK
This license bundle includes the following items:
•Two ACE 4710 appliances
•1-Gbps throughput license (ACE-AP-01-LIC)
ACE-4710-BAS-2PAK also includes the following default options:
•1000 SSL TPS
•100-Mbps compression
•5 virtual contexts
•Application acceleration (50 connections)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=. Two upgrade licenses are required for upgrading two units of the ACE-4710-BAS-2PAK bundle.
ACE-4710-2F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•2-Gbps throughput license (ACE-AP-02-LIC)
•1-Gbps compression license (ACE-AP-C-1000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP3=.
ACE-4710-4F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•4-Gbps throughput license (ACE-AP-04-LIC)
•2-Gbps compression license (ACE-AP-C-2000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
This is the highest value bundle.
ACE-4710-BUN-UP1
0.5 to 1-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP2
1 to 2-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP3
2 to 4-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
Table 2 ACE Licensing Options
Feature License Model Description
Performance Throughput
Default
1-Gbps throughput.
ACE-AP-500M-LIC
0.5-Gbps throughput.
ACE-AP-01-LIC
1-Gbps throughput.
ACE-AP-02-LIC
2-Gbps throughput.
ACE-AP-04-LIC
4-Gbps throughput.
ACE-AP-02-UP1
Upgrade from 1-Gbps to 2-Gbps throughput.
ACE-AP-04-UP1
Upgrade from 1-Gbps to 4-Gbps throughput.
ACE-AP-04-UP2
Upgrade from 2-Gbps to 4-Gbps throughput.
Virtualization
Default
1 admin/5 user contexts.
ACE-AP-VIRT-020
1 admin/20 user contexts.
SSL
Default
100 TPS.
ACE-AP-SSL-05K-K9
5000 TPS.
ACE-AP-SSL-07K-K9
7500 TPS.
ACE-AP-SSL-UP1-K9
Upgrade from 5000 TPS to 7500 TPS.
HTTP Compression
Default
100-Mbps.
ACE-AP-C-500-LIC
500-Mbps.
ACE-AP-C-1000-LIC
1-Gbps.
ACE-AP-C-2000-LIC
2-Gbps.
ACE-AP-C-UP1
Upgrade from 500-Mbps to 1 Gbps.
ACE-AP-C-UP2
Upgrade from 500-Mbps to 2 Gbps.
ACE-AP-C-UP3
Upgrade from 1 Gbps to 2 Gbps.
Application Acceleration Feature Pack License
ACE-AP-OPT-LIC-K9
Application acceleration and optimization. By default, the ACE performs up to 50 concurrent connections. With the application acceleration and optimization software feature pack installed, the ACE can provide greater than 50 concurrent connections.
This license increases the operating capabilities of the following features:
•Delta optimization
•Adaptive dynamic caching
•FlashForward
•Dynamic Etag
ACE-AP-02-LIC=
Upgrade Performance License 2 Gbps Spare -
Unable to GUI into an 4710 appliance
Hi..we have a pair of 4710 appliances and we're able to ssh and HTTPS into one, but not HTTPS into the other. Is there a "lighting rod" as far as configuring the GUI access on the 4710 appliance?
ThanksI am not getting a login page at all for the primary ACE, but getting a full login page and able to login to the stand-by device. The Admin Context between the two contexts are identical. Below is the Admin Context config:
logging enable
logging buffered 6
resource-class ABC
limit-resource all minimum 75.00 maximum unlimited
boot system image:c4710ace-mz.A3_2_0.bin
peer hostname LB2-A
hostname LB2-S
interface gigabitEthernet 1/1
channel-group 1
no shutdown
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
channel-group 1
no shutdown
interface port-channel 1
switchport trunk allowed vlan 201-204
no shutdown
clock timezone standard EST
class-map type management match-any ACCESS
2 match protocol https any
3 match protocol icmp any
5 match protocol ssh any
policy-map type management first-match REMOTE-ACCESS_PL
class ACCESS
permit
interface vlan 202
ip address 10.11.202.251 255.255.255.224
peer ip address 10.11.202.250 255.255.255.224
service-policy input REMOTE-ACCESS_PL
no shutdown
ft interface vlan 203
ip address 10.11.202.10 255.255.255.224
peer ip address 10.11.202.11 255.255.255.224
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 203
query-interface vlan 202
ft group 1
peer 1
priority 75
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 10.11.202.254
context GAP
allocate-interface vlan 201-202
allocate-interface vlan 204
member ABC
context GAPDev1
allocate-interface vlan 201-202
allocate-interface vlan 204
context GAPQA1
allocate-interface vlan 201-202
allocate-interface vlan 204
snmp-server community GAP-MEDI group Network-Monitor
ft group 2
peer 1
priority 75
associate-context GAP
inservice
Thanks.. -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal-
Maybe you are looking for
-
Cálculo de Impostos TAXBRA e TAXBRJ
Pessoal, Estou em um projeto de migração de TAXBRJ para TAXBRA e me deparei com uma questão nos processos de SD. Em alguns testes preliminares constatei que a TAXBRA só está considerando o Código de Imposto para o cálculo, independente do IVA determi
-
Idoc to soap sync without bpm. is it possible? Helping me..
Hi Experts, i have a small clarification Idoc to soap sync interface in sap pi 7.0. i created IDoc to Soap sync using BPM but some times the signals are stuck due to load issue in swpr, while reprocess those signals all going successfully to the rece
-
Last night I received an email telling me I had placed an order to cancel my line and broadband. I never made this order, especially after having to wait TWO months to have my home move order activated. I have called to cancel this order this mornin
-
Downloaded Safari 5, doesn't show after multiple installs / reboots
I went to apple.com and downloaded the latest is Safari 5 at http://www.apple.com/safari/download/ and downloaded the package, ran installation and then rebooted the Mac. I tried this several times. When I tried to check for any Safari, it doesn't sh
-
ACE Graceful Server Shutdown with Sticky
I would like a way to gracefully shutdown a server without killing the sessions of the current users on that server. I know the "no inservice" command will allow the server to finish servicing existing TCP connections, but what happens to the users t