ACE 4710 bundle license backup
Hello,
Is it possible to backup ACE appliance licenses if product is bought as a bundle?
ACE-4710-BAS-SK-K9
Promo Bundle - ACE 4710 HW-1Gbps-1K SSL-100MbpsComp-5VC
Following is mentioned in the ACE documentation:
"If you need to replace the ACE, you can copy and install the license file for the license onto the replacement appliance."
But, when we try to backup licenses, we get following results:
ACE-1/Admin# sh license
ACE-1/Admin# copy licenses disk0:mylicenses.tar
Backing up license... failed: License file not found
ACE-1/Admin# sh license status
Licensed Feature Count
Compression Performance in Mbps 100
Web Optimization Concurrent Conns. 50
SSL transactions per second 1000
Virtualized contexts 5
Module bandwidth in Gbps 1.0
ACE-1/Admin# sh license usage
License Ins Lic Status Expiry Date Comments
Count
ACE-AP-C-UP1 No - Unused -
ACE-AP-C-UP2 No - Unused -
ACE-AP-C-UP3 No - Unused -
ACE-AP-01-LIC No - Unused -
ACE-AP-01-UP1 No - Unused -
ACE-AP-02-LIC No - Unused -
ACE-AP-02-UP1 No - Unused -
ACE-AP-04-LIC No - Unused -
ACE-AP-04-UP1 No - Unused -
ACE-AP-04-UP2 No - Unused -
ACE-AP-VIRT-5 No - Unused -
ACE-AP-500M-LIC No - Unused -
ACE-AP-VIRT-020 No - Unused -
ACE-AP-C-100-LIC No - Unused -
ACE-AP-C-500-LIC No - Unused -
ACE-AP-C-500-UP1 No - Unused -
ACE-AP-OPT-50-K9 No - Unused -
ACE-AP-C-1000-LIC No - Unused -
ACE-AP-C-2000-LIC No - Unused -
ACE-AP-OPT-LIC-K9 No - Unused -
ACE-AP-OPT-UP1-K9 No - Unused -
ACE-AP-SSL-05K-K9 No - Unused -
ACE-AP-SSL-07K-K9 No - Unused -
ACE-AP-SSL-100-K9 No - Unused -
ACE-AP-SSL-UP1-K9 No - Unused -
ACE-AP-SSLUP-5K-K9 No - Unused -
ACE-AP-VIRT-020-UP No - Unused -
I suppose licenses cannot be backuped because they are bundled and delivered with the bundle by default, and not installed...
Does anyone know what would be the procedure for this bundled licenses in case of ACE HW replacement needed?
Best regards,
Jasmina
Hi Jasmina,
License file management is quite simple for ACE. Two methods; save original license email or copy from disk0:.
If you purchased and upgraded license, and followed procedure to generate it, you would have received your license via email. We recommend per documentation (License ordering section) that you:
"Step 5 Save the license key e-mail in a safe place in case you need it in the future (for example, to transfer the license to another ACE). "
Also, to apply, you copy the license file to disk0: on the ACE. This *.lic file resides on disk0: thereafter.
So if you did not happen to save the original email when you obtained the license, and the license has been installed, then you can simply copy the *.lic file off the ACE from disk0: to a safe place. Example copying file from ACE to FTP server:
Switch/Admin# copy disk0: ftp:
Enter source filename]? 1ACE2009060306445454.lic
Enter Address for the ftp server]? 10.2.3.4
Enter the destination filename]? [1ACE2009060306445454.lic]
Enter username]? anonymous
Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
Switch/Admin#
Administrator Guide - Licenses on ACE:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/administration/guide/license.html#wp1010344
Hope this helps.
-pefrench
Similar Messages
-
Can't install ACE 4710 license
Hi,
I've tried to installed the license, but is not successful, below are the steps which i've taken to installed the license, with error messages. pls. assist.
CBJ6-LBDMZ2/Admin# copy tftp://10.2.18.66/ACE20090909090659371.lic disk0:
Enter the destination filename[]? [ACE20090909090659371.lic]
Trying to connect to tftp server......
TFTP get operation was successful
685 bytes copied
CBJ6-LBDMZ2/Admin# license install disk0:ACE20090909090659371.lic
Installing license... failed: Can't install this license with the current countCBJ6-LBDMZ2/Admin# show licen
ACE20090727112500202.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT ACE-AP-01-LIC cisco 1.0 permanent 1 \
VENDOR_STRING=1 HOSTID=ANY \
NOTICE="200907271125002021 \
1211J5CB363" SIGN=F2E3AFA69526
I think you have an HW appliance (code: ACE-4710-K9) with one a la carte license ( ACE-AP-01-LIC).
You bought a Bundle upgrade license, and this is not compatibly with you current license ( a la carte license).
To use the ACE-4710-BUN-UP2= ( 1G Bundle to 2G Bundle Upgrade License) you need to have a bundle product like the
ACE-4710-1F-K9.
Check this:
Table 1 ACE Licensing Bundles
License Model Description Upgrade Path
ACE-4710-0.5F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•0.5-Gbps throughput license (ACE-AP-500M-LIC)
•100-Mbps compression license (ACE-AP-C-100-LIC)
•100 SSL transactions per second (TPS) license (ACE-AP-SSL-100-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 1-Gbps, 2-Gbps, or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP1=.
ACE-4710-1F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•1-Gbps throughput license (ACE-AP-01-LIC)
•500-Mbps compression license (ACE-AP-C-500-LIC)
•5000 SSL TPS license (ACE-AP-SSL-05K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=.
ACE-4710-BAS-2PAK
This license bundle includes the following items:
•Two ACE 4710 appliances
•1-Gbps throughput license (ACE-AP-01-LIC)
ACE-4710-BAS-2PAK also includes the following default options:
•1000 SSL TPS
•100-Mbps compression
•5 virtual contexts
•Application acceleration (50 connections)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=. Two upgrade licenses are required for upgrading two units of the ACE-4710-BAS-2PAK bundle.
ACE-4710-2F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•2-Gbps throughput license (ACE-AP-02-LIC)
•1-Gbps compression license (ACE-AP-C-1000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP3=.
ACE-4710-4F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•4-Gbps throughput license (ACE-AP-04-LIC)
•2-Gbps compression license (ACE-AP-C-2000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
This is the highest value bundle.
ACE-4710-BUN-UP1
0.5 to 1-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP2
1 to 2-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP3
2 to 4-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
Table 2 ACE Licensing Options
Feature License Model Description
Performance Throughput
Default
1-Gbps throughput.
ACE-AP-500M-LIC
0.5-Gbps throughput.
ACE-AP-01-LIC
1-Gbps throughput.
ACE-AP-02-LIC
2-Gbps throughput.
ACE-AP-04-LIC
4-Gbps throughput.
ACE-AP-02-UP1
Upgrade from 1-Gbps to 2-Gbps throughput.
ACE-AP-04-UP1
Upgrade from 1-Gbps to 4-Gbps throughput.
ACE-AP-04-UP2
Upgrade from 2-Gbps to 4-Gbps throughput.
Virtualization
Default
1 admin/5 user contexts.
ACE-AP-VIRT-020
1 admin/20 user contexts.
SSL
Default
100 TPS.
ACE-AP-SSL-05K-K9
5000 TPS.
ACE-AP-SSL-07K-K9
7500 TPS.
ACE-AP-SSL-UP1-K9
Upgrade from 5000 TPS to 7500 TPS.
HTTP Compression
Default
100-Mbps.
ACE-AP-C-500-LIC
500-Mbps.
ACE-AP-C-1000-LIC
1-Gbps.
ACE-AP-C-2000-LIC
2-Gbps.
ACE-AP-C-UP1
Upgrade from 500-Mbps to 1 Gbps.
ACE-AP-C-UP2
Upgrade from 500-Mbps to 2 Gbps.
ACE-AP-C-UP3
Upgrade from 1 Gbps to 2 Gbps.
Application Acceleration Feature Pack License
ACE-AP-OPT-LIC-K9
Application acceleration and optimization. By default, the ACE performs up to 50 concurrent connections. With the application acceleration and optimization software feature pack installed, the ACE can provide greater than 50 concurrent connections.
This license increases the operating capabilities of the following features:
•Delta optimization
•Adaptive dynamic caching
•FlashForward
•Dynamic Etag
ACE-AP-02-LIC=
Upgrade Performance License 2 Gbps Spare -
Question about ACE-4710-BAS-2PAK bundle
Hello,
I want to order ACE-4710-BAS-2PAK bundle (2 Units of ACE 4710 Hardware-1Gbps-1K SSL-100MbpsComp-5VC- 5) and then separate two units of this bundle.
I couldn't get any information about separation possibility, therefore âsome howâ i need to ensure that 2 units of ACE-4710-BAS-2PAK will be able to work separate.
Could you please provide me some suggestion about this issue.
Any advise are welcome.yes, these units can work alone.
The pak is just a sale operation.
The HW is still the same.
G. -
Upgrading ACE 4710 & Licensing
Hello
We have two pairs of ACE 4710s, one pair running A3(2.4) and the other pair A3(2.0). We plan to upgarde the second pair so that they are running the same image as the first pair (we know they are not the latest, but this is the first step in a larger rollout plan, and to aid some troublshooting for a major issue we are seeing.)
I have details of the upgrade steps, but my question is with regards to the licenses which are now enforced after (2.0). We currently have the following on the first pair, but are these part of the default licenses for (2.4) or would we need to purchase these as well?
ACE-AP-500M-LIC
ACE-AP-C-100-LIC
ACE-AP-OPT-50-K9
ACE-AP-SSL-05k-K9
Thanks in advance
ShaunAccording to the release notes, the default with the ACE running A3 is :
•Performance: 1 gigabit per second (Gbps) appliance throughput
•Virtualization: 1 admin context and 5 user contexts
•Secure Sockets Layer (SSL): 100 transactions per second (TPS)
•Hypertext Transfer Protocol (HTTP) compression: 100 megabits per second (Mbps)
so you don't have to purchase anything -
Dear All,
i have ACE-4710-1F-K9 (ACE 4710 Hardware‐1Gbps‐5K SSL‐500MbpsComp‐5VC-50 APPAccel )
and i need to buy ACE-4710-01-K9
I want to ask does (ACE-4710-01-K9) has 50 AppAccel like the old part number (ACE-4710-1F-K9)???As per my understanding
Both will give you same functionality
ACE-4710-BAS-SK-K9 is a basic kit/bundle
that Includes:
- ACE 4710 Hardware
- ACE Software
- 1 Gbps Throughput License
- 1,000 SSL TPS
- 100Mbps Compression
- 5 Virtual Devices
Where as
"ACE-4710-K9 with ACE-AP-01-LIC" is kind of La Carte option
ACE-4710-K9 is the ACE Appliance Hardware includes(1K SSL TPS, 5 contexts, 100Mbps comp)
With it you need to select two mandatory options
ACE Software :ACE-AP-SW-XX Software Version XX
Throughput License :("ACE-AP-01-LIC" 1 Gbps OR "ACE-AP-02-LIC" 2 Gbps )
Then you can select optional licences for
SSL TPS, Virtual Devices, compression & App acceleration...(if you need to upgrade the defaults 1K SSL TPS, 5 contexts, 100Mbps comp)
Syed iftekhar Ahmed -
ACE 4710 - serverfarm predictor
Hi, I have a pair of ACE 4710 running in failover bundle and I have a number of server farms configured on them. For one of the server farm I'd like to use a different predictor than round robin. I have two real servers members of the server farm. Usually I do select predictor round robin and put both real servers in service. In this situation I need to have only one server as active and the 2nd one to be in standby and take over when the first one is down. I have tried to put the 2nd server in standby and when I shut down the primary the 2nd one won't become active. I do have a health probe to check for the status of the server so I thought this would be enough to detect the status of the server. So my question is , how can I configure the ACE to have one server as active and the second as a backup and this second one to take traffic only when the primary is down. Thank you, Florin.
Hi,
There are a couple of ways of achieving your objective.
The first method works for the simple case of two servers:
serverfarm host FARM-Redacted
probe PROBE-Redacted
rserver am03
backup-rserver am04
inservice
rserver am04
inservice standby
or you could use two serverfarms:
serverfarm host FARM-Redacted-Pri
description Redacted Serverfarm Primary
probe PROBE-Redacted
rserver am03
inservice
serverfarm host FARM-Redacted-Sec
description Redacted Serverfarm Secondary
probe PROBE-Redacted
rserver am04
inservice
policy-map type loadbalance first-match LB-POLICY-443
class class-default
serverfarm FARM-Redacted-Pri backup FARM-Redacted-Sec
HTH
Cathy -
Technical differences between ACE-4710-K9 & ACE-4710-BAS-SK-K9
Hi All,
Iam trying to find technical diff between ACE-4710-K9 with ACE-AP-01-LIC & ACE-4710-BAS-SK-K9 with ACE-AP-BAS-LIC.
Can someone shed some light..?
Thank you all in advance
MSAs per my understanding
Both will give you same functionality
ACE-4710-BAS-SK-K9 is a basic kit/bundle
that Includes:
- ACE 4710 Hardware
- ACE Software
- 1 Gbps Throughput License
- 1,000 SSL TPS
- 100Mbps Compression
- 5 Virtual Devices
Where as
"ACE-4710-K9 with ACE-AP-01-LIC" is kind of La Carte option
ACE-4710-K9 is the ACE Appliance Hardware includes(1K SSL TPS, 5 contexts, 100Mbps comp)
With it you need to select two mandatory options
ACE Software :ACE-AP-SW-XX Software Version XX
Throughput License :("ACE-AP-01-LIC" 1 Gbps OR "ACE-AP-02-LIC" 2 Gbps )
Then you can select optional licences for
SSL TPS, Virtual Devices, compression & App acceleration...(if you need to upgrade the defaults 1K SSL TPS, 5 contexts, 100Mbps comp)
Syed iftekhar Ahmed -
With the current (A5) ACE 4710 lic setup, does the "X gigabit per second appliance throughput" that is licensed affect: -
A) Only "appliance" i.e. load balancing traffic, any other normal routed traffic is not included in the limit
or
B) Is it an overall throughput limit on the interfaces i.e. includes all traffic not only load balancing traffic but also normal routed traffic crossing the appliance
Looking at a scenario where the lic size I need for HTTP load balanacing would be one size if A) but would need to be much larger is B) to accomodate out of hours routed backup traffic crossing the ACE 4710
thanks,
SezHi Sez,
The license applies to the overall throughput, both routed and load-balanced traffic.
Regards
Daniel -
ACE 4710 Web Optimization Licnesing
I currently have a 4710 running the 1Gbps package. We are utilizing Application Acceleration and are comg very close to hitting our 10,000 Web Optimization connection limit. I am trying to find out how to upgrade that.
I see in our license usage an option of ACE-AP-OPT-UP1-K9 but can find no information on this part number. Does anyone know if this is even available and what it brings you connection limit to?
ACE01/Admin# show license usage
License Ins Lic Status Expiry Date Comments
Count
ACE-AP-C-UP1 No - Unused -
ACE-AP-C-UP2 No - Unused -
ACE-AP-C-UP3 No - Unused -
ACE-AP-01-LIC No - Unused -
ACE-AP-01-UP1 No - Unused -
ACE-AP-02-LIC No - Unused -
ACE-AP-02-UP1 No - Unused -
ACE-AP-04-LIC No - Unused -
ACE-AP-04-UP1 No - Unused -
ACE-AP-04-UP2 No - Unused -
ACE-AP-VIRT-5 No - Unused -
ACE-AP-500M-LIC No - Unused -
ACE-AP-VIRT-020 No - Unused -
ACE-AP-C-100-LIC No - Unused -
ACE-AP-C-500-LIC Yes 1 In use never -
ACE-AP-C-500-UP1 No - Unused -
ACE-AP-OPT-50-K9 No - Unused -
ACE-AP-C-1000-LIC No - Unused -
ACE-AP-C-2000-LIC No - Unused -
ACE-AP-OPT-LIC-K9 Yes 1 In use never -
ACE-AP-OPT-UP1-K9 No - Unused -
ACE-AP-SSL-05K-K9 Yes 1 In use never -
ACE-AP-SSL-07K-K9 No - Unused -
ACE-AP-SSL-100-K9 No - Unused -
ACE-AP-SSL-UP1-K9 No - Unused -
ACE-AP-SSLUP-5K-K9 No - Unused -
ACE-AP-VIRT-020-UP No - Unused -Unfortunately, ACE-AP-OPT-LIC-K9 is not available on ACE4710 and
ACE 4710 cannot handle more than 10,000 concurrent connections..
When you use the ACE to perform a specific set of application
acceleration and optimization functions, and the ACE reaches the
maximum of 10,000 concurrent connections, the appliance stops
accepting any additional concurrent connections until the count
drops below 10,000.
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/optimize.html#wp1048813
Regards,
Yuji -
ACE 4710 transparent LB with two Caches and two routers.
Hello,
I have ACE 4710 that load balance two cach flows (bluecoat), i am doing pbr on the routers to send the traffic destined to port 80 to ACE then Cach farm. After that the Cach flow will get the page from the internet via two routers. The return traffic will match another pbr on the routers with source port 80 that will send it to the ACE then CachFlow again .....then to the users.
I am not using ip-spoofing on the CachFlow for now. In the figure attached i created a VIP 0.0.0.0 0.0.0.0 port 80 on the interface on the ACE facing the routers, but the question is do i have to create another VIP 0.0.0.0 0.0.0.0 port 80 on the interface on ACE facing the Cach Flow? or just forward the traffic on the default route? What might be the default route since i have to use two routers and i cannot use hsrp?
Kindly I need some assistance
Thank you and regards,
George
access-list PERMIT_ALL line 8 extended permit ip any any
access-list CFLOW line 8 extended permit ip any any
ip name-server 8.8.8.8
ip name-server 4.2.2.2
##################################Config for Cache Cache Servers###################
probe http CISCO_WWW_PROBE
ip address 72.163.4.161
interval 2
faildetect 2
passdetect interval 2
passdetect count 5
request method head url /index.html
expect status 200 200
exit
probe http YAHOO_WWW_PROBE
ip address 87.248.112.181
interval 2
faildetect 2
passdetect interval 2
passdetect count 5
request method head url /index.html
expect status 200 200
exit
serverfarm host TRANSPARENT_PROXY_SF
description Transparent Proxy Farm
transparent
predictor hash url
probe CISCO_WWW_PROBE
probe YAHOO_WWW_PROBE
rserver CFLOW01
inservice
rserver CFLOW02
inservice
exit
exit
############################################# Router Cache Farm ############################
probe icmp ICMP_PROBE
description *** Probe for icmp health monitoring ***
interval 5
faildetect 2
passdetect interval 60
passdetect count 2
exit
rserver host Router01
description Connection to Sodetel Router
ip address 192.168.14.4
probe ICMP_PROBE
inservice
rserver host Router02
description Connection to IDM Router
ip address 192.168.14.5
probe ICMP_PROBE
inservice
serverfarm host Routers
description Transparent Proxy Farm
transparent
predictor hash url
probe ICMP_PROBE
rserver Router01
inservice
rserver Router02
inservice
exit
exit
################################# Management################################
class-map type management match-any REMOTE_MGMT
description Allow Remote management for below protocols
8 match protocol icmp any
9 match protocol ssh source-address 172.31.13.31 255.255.255.255
10 match protocol ssh source-address 172.31.31.21 255.255.255.255
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_MGMT
permit
class-map match-all CFLO2Internet
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map match-all TRANSPARENT_VIP_CM
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map type loadbalance first-match TRANSPARENT_LB_PM
class class-default
serverfarm TRANSPARENT_PROXY_SF backup Routers
policy-map type loadbalance first-match CFLO2Internet_LB
class class-default
serverfarm Routers
policy-map multi-match CFLO2Internet_PM
class CFLO2Internet
loadbalance vip inservice
loadbalance policy CFLO2Internet_LB
loadbalance vip icmp-reply active
connection advanced-options TCP
policy-map multi-match L3L4_PM
class TRANSPARENT_VIP_CM
loadbalance vip inservice
loadbalance policy TRANSPARENT_LB_PM
loadbalance vip icmp-reply active
connection advanced-options TCP
====Interfaces======
interface vlan 11
description Interface between Routers and ACE
ip address 192.168.14.2 255.255.255.224
alias 192.168.14.1 255.255.255.224
peer ip address 192.168.14.3 255.255.255.224
no icmp-guard
access-group input PERMIT_ALL
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input L3L4_PM
no shutdown
interface vlan 21
description Connection to CFlow ServerFarm
ip address 192.168.12.2 255.255.255.224
alias 192.168.12.1 255.255.255.224
peer ip address 192.168.12.3 255.255.255.224
no icmp-guard
access-group input CFLOW
service-policy input CFLO2Internet_PM ------>>>> Is this necessary???
no shutdownHi George,
In the topology you described, only the service-policy in the interface towards the routers is necessary. For the traffic from the caches, the ACE will just forward to the default gateway.
The only problem is, as you mentioned, that you cannot use HSRP. In that case, you can still configure two default gateways, but there is no way to predict which one the ACE will use at a given time (the way it does to select the one it will use is sending an ARP request to both gateways and using the one that replies first until the ARP entry expires)
If you need to load-balance the traffic between both routers, then yes, you would need to configure a new VIP on the cache side and load-balanced to a transparent serverfarm composed of both routers.
Regards
Daniel -
Importing HA 2 ACE 4710 into ANM 4.1
I am New to ACe Loadbalancers. We have just installed the ANM4.1 and we are trying to import both appliances into the ANM4.1. Is there somthing I sould be aware off before I do the Install.? The question is when O do the Import does the ANM will have my config from the aces AS IS untouched. I am making sure that the ANM will not delete my config on the ACES
ThanksHi Hussaini,
As per best practice I would like you to make sure that you have taken the backup of all the context of ACE using running config and saved it separately other then the device itself so at any point of contingency your hard work for configuring the box should not go in vain and you be ready for any kind of situation post import into ANM.
When you install ANM for the first time you need to add a license from the command line before you can access ANM.
ANM requires licenses to manage virtual devices and to run the ANM server or servers.
ANM checks against the licensed Virtual Context count on each ACE.
Thus if you have the ACE-VIRT-020 license on the ACE, to manage that ACE you must have an available ANM-AV-020 installed on the managing ANM. Even if that ACE to be managed has 5 or fewer defined Virtual Context or so.
BTW..if at *any* time you get stuck in an operational bind due to ANM licensing, go to www.cisco.com/go/licensing, select the first link for evaluation licenses, and from there select to get evaluation license PAK for ANM. This will allow you to install the evaluation license that is *unlimited* for 90 days. Hopefully that is plenty of time to order the additional licensing you need for production operations.
For each ACE with ACE-VIRT-020 ANM needs qty 1 of ANM-AV-020.
Same for 050, 100, 250.
ANM uses the following protocols for communication:
For communication to an ACE module or appliance:
–XML over HTTPS
–SSHv2 (read and write)
–SNMP V2C (read-only)
–Syslog over User Datagram Protocol (UDP) (inbound notifications only)
Enabling SSH Access and the HTTPS Interface on the ACE Module and Appliance
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/user/guide/UG_manage_devices.html#wp1362821If the ACE module or appliance is new and still has its factory settings, you do not need to perform the procedure in this section because SSH is enabled by default.
If you are using ANM with an ACE module or ACE appliance and you configure a named object at the ACE CLI, keep in mind that ANM does not support all of the special characters that the ACE CLI allows you to use when configuring a named object. If you use special characters that ANM does not support, you may not be able to import or manage the ACE using ANM.
The quickest and easiest way to add devices to ANM is to import them individually using the Add function available at Config > Devices. If you already know the device IP address, you can use this procedure to add your devices to ANM.
Before you begin importing, you need to set up your network devices so that ANM can communicate and monitor them.
Before importing a device, the ANM server pings the IP address of the device. If you have a firewall between the ANM server and the device that you want to import, your network administrator needs to modify the firewall to allow the ping traffic to reach the device or ACE.
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/user/guide/UG_manage_devices.html#wp1449529
You can install the ANM server software on a standalone server or on a VMware virtual machine . The capabilities and functions of the ANM software are the same regardless of which application you use. The two ANM applications:
ANM server: Dedicated server with ANM server software and Red Hat Enterprise Linux (RHEL) operating system installed on it. For information about installing this type of ANM application, see the Installation Guide for the Cisco Application Networking Manager 4.1.
ANM Virtual Appliance: VMware virtual appliance with ANM server software and Cisco Application Delivery Engine Operating System (ADE OS) installed on it. Cisco distributes ANM Virtual Appliance in Open Virtual Appliance (.OVA) format. For information about installing this type of ANM application, see the Installation Guide for the Cisco Application Networking Manager 4.1 Virtual Appliance.
So I am repeating again that please check the liscense as the ANM_AV license needed as it doesn't depend on the amount of contexts currently in use.
If the ACE you are trying to import is using more contexts than the amount allowed by the ANM_AV license then you can face problem during import or only that much contexts will be imported and rest will fail to sync or face problem during import.
You can check this value with the "ACE# show license status" command.
Some times there may be chance for license mismatch between the ACE and the ANM.
ANM uses TCP port 10444 for the ANM License Manager.
For any other difficulty if you face even after this please write back to me.
HTH
Sachin Garg -
Hi,
We have to ACE 4710 device in our network and we have facing device hung issue in our Primary ACE. We are not able to get management access or direct console access to the device when the issue is happened and also we are not able to reach the vlan interface IP or/VIP. Please find the below output we got through monitor that we are connected to the ACE.
Booting localboot(c4710ace-t1k9-mz.A5_1_2.bin)
kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9
600n8 quiet bigphysarea=32768
[Linux-bzImage,setup=0x1400,size=0xe75a16c]
Uncompressing linux Ok, booting the kernal.
Issue is resolved after we manually rebooted the ACE. We have collected the sh tech after the reboot.
Software version : A5 1.2
Kindly suggest what may cause this issue.
Thanks in Adavance.
Regards,
RanjithHi,
We have collected the console logs while we done the reboot. Please find the below output.
------------------------------------------------ Boot log -----------------------------------------------------------------------------
ÐS ÀS AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Broadcom NetXtreme Ethernet Boot Agent v8.1.53 Copyright (C) 2000-2005 Broadcom Corporation All rights reserved. Press Ctrl-S to Enter Configuration Menu ... Broadcom NetXtreme Ethernet Boot Agent v8.1.53 AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Press F2 to run Setup Press F12 for BBS POPUP DDR2 Frequency:667 MHz, ECC Support in Dual-Channel Interleaved Mode Initializing USB Controllers .. Done. 6144MB OK USB Device(s): 1 Keyboard Auto-Detecting Pri Slave...IDE Hard Disk Pri Slave : 1GB CompactFlash Card CF B612J GRUB Loading stage2........ GNU GRUB version 0.95.1 (639K lower / 3144640K upper memory) *************************************************************************** * localboot(ACE_APPLIANCE_RECOVERY_IMAGE.bin) * * localboot(c4710ace-t1k9-mz.A5_1_2.bin) * * localboot(c4710ace-t1k9-mz.A4_2_0.bin) * * * * * * * * * * * * * * * * * * * *************************************************************************** Use the * and * keys to select which entry is highlighted. Press enter to boot the selected OS, 'e' to edit the commands before booting, or 'c' for a command-line. The highlighted entry will be booted automatically in 1 seconds. kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9 600n8 quiet bigphysarea=32768 [Linux-bzImage, setup=0x1400, size=0xe75a16c] INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.
Bringing up NP 0
Downloading U-Boot to NP card 0
Downloading DP image to NP card 0
Starting DP image on NP card on all cores
DP image started on NP card
Setting up dynamic memory size
Initializing Shared Memory
INIT: Entering runlevel: 3
Testing PCI path for Octeon(0)....
This may take some time, Please wait ....
PCI test loop , count 0
PCI path is ready
Starting services...
Waiting for 3 seconds to enter setup mode...
Certificate & key are up to date
Installing MySQL
groupadd: group nobody exists
useradd: user nobody exists
MySQL Installed
Installing JRE
JRE Installed
Starting sysmgr processes.. Please wait...Done!!!
IDC4-INTR-ACE-01 login: admin
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
We have not found any error related to flash while booting ACE.
Regards,
Ranjith -
Can ACE 4710 send ICMP-dest-unreachable?
Dear Community!
We have previously configured an ACE context for implementing redundant corporate DNS service and now testing a transparent ACE context and HA configuration.One virtual-IP is configured for UDP/53, listening for DNS requests. Behind the VIP, there are 3 DNS server. The next step of our testing process, we have shut down all real-server instance behind the virtual-IP while inspecting DNS clients behaviour. Besides the DNS clients requesting the virtual-IP DNS service need ICMP-destination-unreachable packet to switchover the secondary DNS server.
Can ACE 4710 send ICMP-dest-unreachable?
Thanks in advance!
Regards,
Belabacsi
from HungaryUnfortunately the 4710 does not send icmp unreachable when a vserver is down.
If you have backup dns service, you can configure it on ace itself.
Gilles. -
I have an ACE 4710 that wont boot.
When booting the Linux starts boot, and then it just start write this in the console:
Waiting for lock /tmp/octeon-pci-lock
Waiting for lock /tmp/octeon-pci-lock
Waiting for lock /tmp/octeon-pci-lock
Waiting for lock /tmp/octeon-pci-lock
Waiting for lock /tmp/octeon-pci-lock
google aint much help.
Have any of you seen this before, and does any of you know what to do ??
Best Regards
MortenHi,
It need additional testing but as per my understanding if you put the back up in this order then the last backup server will be choosen first.
In your case it will be like " RSERVER1 >> backup sorry server >> backup web content
As per the below example:
I put test 2 as first backup server and test1 as second backup server but if you look at the first part it took rserver test1 as first backup.
serverfarm host 1313-GIN-GWAP-SDC-80
rserver RSERVER1
backup-rserver test1
inservice
rserver test1
inservice standby
rserver test2
inservice standby
regards,
Ajay Kumar -
ACE 4710 - need help configuring backend server monitoring
Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru
to backend web servers. This all works fine.
My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should
a web server crash or become unavailable I need to redirect that backend connection to another web server.
Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point
have all the connections forwarded to 2nd server.
Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
Any help would be appreciated.
Cheers
DaveHi Dave,
You can use sorry-server or backup server feature. details can be found at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1000264
Maybe you are looking for
-
Changing from PC to Mac--which PS Elements should I get?
I have been using PSE 7 on my pc, and it has done everything I need it to do, EXCEPT for including the llight blue guidelines that allow me to easily line up images. I have Wiindows 7 installed on my new iMac, and I suppose I could move PSE 7 from my
-
Error In MIRO GL account allows only output tax
Hello All, We are facing an error in MIRO that GL account xxxxx allows only out put tax. The scinario & settings are as below. FB60 There is no error when using the particular tax code sytem posts the document MIRO Same vendor & tax code used as in
-
Hi All, We have the below scenario which is not happening as expected. We have the Partner Function ZS and ZG which is assigned to the respective Account Groups. ZS is the sourse for ZG. We have done the config for the Partner Function in such a way
-
X crashed, cannot open display in screen session for X apps
I had X crash and logged back in, and now in my screen session I can't open any apps that use X, ie.,: ~/.fluxbox # gedit keys cannot open display: Run 'gedit --help' to see a full list of available command line options. ~/.fluxbox # Must I start a n
-
Hi , i have situation , where i have to find a date between two dates i used below filter condition, but i get error (TO_DATE(PLAYER_MONTHLY_SUMMARY.CURRENT_MONTH, 'DD-MON-YYYY') BETWEEN TO_DATE('01-MAR-2012', 'DD-MON-YYYY') AND TO_DATE('31-MAR-2012'