ACE checkpoint question

I have a ACE checkpoint question. when u create a checkpoint to save the config on the ACE module where does the file get stored

HI,,
To display checkpoint information, use the show checkpoint command in Exec mode. The syntax of this command is:
show checkpoint {all | detail name}
The options and arguments are:
â¢all-Displays a list of all existing checkpoints
â¢detail name-Displays the running configuration of the specified checkpoint
For example, to display the running configuration for a specific checkpoint, enter:
host1/Admin# show checkpoint detail MYCHECKPOINT
Sachin

Similar Messages

Ace 6500 question

new to ace just purchased a new blade, could somebody advise on deployment in routed and single arm mode. if a client connects to the vip can the traffic route back out the vip interface to the servers. we have a dmz were we want to deploy a vip, once the packet enters the dmz and hits the vip can the servers be located on the same subnet as the vip and also a backup server on another dmz or even the inside of the firewall.

I am also fairly new to the ACE modules, but I think I can answer your question. Yes the servers can be located on the same subnet as the VIP. As for the backup servers, as long as the ACE can reach the servers via IP you can load balance servers even if they are if different VLANs or DMZ's.
I have a context in one arm mode and would suggest against it unless you do not have a choice. Even though one arm mode is easy to set up, it can be a little hard to troubleshoot if you have source NAT enabled, if you do not have Source NAT enabled on the ACE, you will have to configure PBR on the MFSC of the 6500 and specify what you want to go to the ACE(what needs to be load balanced).
If you configure the ACE in routed mode, be sure that you configure it so that you do not run into an assymetrical routing issues.
Like I said; I am fairly new to these load balancers, but we have very talented folks on this site that can assist you with almost any ACE related question that you may have.
Good luck,
John...

PSCS4 ACE Exam - Questions on 3D and Video included or not?

Hi,
I have been thinking of taking the ACE exam for CS4 for awhile now. I have been using a couple of the exam sims available, ExamAids & uCertify but have noticed that while the uC one has questions on 3D, Video and Animation, the EA one does not.
Can anyone who has actually taken the test please tell me if they had to answer questions on these elements of the software. I'm not interested in what the questions were, just if they covered those subjects. I know they are not listed on the exam bulletin, but they might crop up in the 'Advanced Knowledge' section.
And before anyone from the 'why bother with ACE exams' crowd chips in, I work for a training company that wants to become AATC, they need to use ACIs to achieve that status. So I need to become an ACE.
Thanks in advance,
Kris

The questions are only comming from the prep guide, if something isn't mentioned there then it won't be in the exam. There's nothing about 3d in the prep guide so you don't need to learn about it but there are two subpoints about video so make sure that you go through those:
• Given a scenario, describe the proper color conversion to apply. (Scenarios include: To CMYK for prepress, to a different color space for Web or video.)
• Explain how to use features that handle images moving to and from video workflows.(Includes: Pixel aspect ratio, document presets, Video Preview.)

ACE Module Question

Hi,
I have the following configuration:
policy-map type loadbalance first-match test
class L7-URL
sticky-serverfarm test
insert-http src-ip header-value %is:%ps:%id:%pd
class class-default
serverfarm test
Does the class class-default need to be in the above configuration? The reason I as is because I see it in some examples and not in others.
Regards,
John...

class-default act as a last resort under policy configuration. If there are multiple classes to check against the traffic then policy will compare traffic against all the classes and if there is no match then actions for class-default will be used.
In your case
ACE will look for the condition in "class L7-URL" , if it matches then it will use sticky-group test (which should have a serverfarm associated to it). Serverfarm under the sticky group will be used if the client request matches the class L7-URL.
If client request doesnt match the condition in "class L7-URL" then server farm test (under class-default) will be used.
HTH
Syed iftekhar Ahmed

ACE functionally question - SSL tunnelling / proxy on behalf of non SSL client

Hi
Can the ACE perform SSL tunnelling of web services(HTTP) traffic. Can ACE perform SSL tunnelling/proxy on behalf of a non SSL client.
Example:
Client (HTTP) ---->>> (HTTP)Cisco ACE(HTTPS) ------>>>>(HTTPS) Server
The "client" Server does not support SSL.
Can an ACE tunnel the web services traffic inside an SSL tunnel to a specific destination server on behalf of the client server (that does not support SSL)
Are there any other Cisco products that could be used to perform this SSL tunnelling on behalf of a non SSL Client.
Regards

Hello Byron,
Yes, the ACE can do it
Here you have some of the flavors of SSL with the ACE.
Here you have a sample about it:
parameter-map type http CASE_PARAM
case-insensitive
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
class-map match-all CLEAR_TEXT_VIP
2 match virtual-address 172.20.120.19 tcp eq www
policy-map multi-match JORGE-MULTIMATCH
class CLEAR_TEXT_VIP
    loadbalance vip inservice
    loadbalance policy POLICY_TO_ENCRYPT_TRAFFIC
    loadbalance vip icmp-reply active
    appl-parameter http advanced-options CASE_PARAM
policy-map type loadbalance first-match POLICY_TO_ENCRYPT_TRAFFIC
class class-default
    serverfarm ENCRYPTED-SERVERFARM
    ssl-proxy client SSL-PROXY-JORGE
ssl-proxy service SSL-PROXY-JORGE
key TAC-key
cert TAC-cert
serverfarm host ENCRYPTED-SERVERFARM
rserver JORGE-SERVER 443
    inservice
Here you have some additional details under the configuration guide:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/initiate.html
Here you have some additional samples:
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
Hope this helps for you and fix your issue
Jorge

ACE Stickiness Question

Hi Folks,
First of all I am new the job and have very little ACE expierence. I work on a large campus. We have to 6513's with an ACE blade in each. A few contexts configured for different applications. Basically the server guys have come to me and asked me to enabled stickiness on one of there contexts.
Now I am sure this is basic stuff to ye guys but I am just wondering what I need to do? Can I implement this on the fly without causing an outage? I have cut and paste the relevant context below. And added the changes I think that need to be made. Do you guys think this will work and will it cause any outage?
I appreciate any help at all guys:
Here is current config:
probe tcp APPS-PROBE
port 8080
interval 3
passdetect interval 5
parameter-map type ssl SSL-APPS-ADVANCED
cipher RSA_WITH_RC4_128_MD5
rserver host SERVER1
ip address 10.10.10.1
inservice
rserver host SERVER2
ip address 10.10.10.2
inservice
ssl-proxy service SSL-APPS-PROXY
key appfiles.pem
cert appfilesCAcert
chaingroup APPFILES-CHAINGRP
ssl advanced-options SSL-APPS-ADVANCED
serverfarm host APPS-FARM
predictor leastconns
probe APPS-PROBE
rserver SERVER1 8080
inservice
rserver SERVER2 8080
inservice
class-map match-any APPS-VIP
2 match virtual-address 10.10.10.4 tcp eq https
policy-map type management first-match MGT-POLICY
class class-default
policy-map type loadbalance first-match APPS-POLICY
class class-default
serverfarm APPS-FARM
policy-map multi-match APPSPOLICY
class APPS-VIP
loadbalance vip inservice
loadbalance policy APPS-POLICY
loadbalance vip icmp-reply active
ssl-proxy server SSL-APPS-PROXY
service-policy input APPSPOLICY
Will adding the following to the context make stickiness work?
sticky ip-netmask 255.255.255.255 address source STICKY-APPS-FARM
timeout 720
timeout activeconns
replicate sticky
serverfarm APPS-FARM
policy-may type loadbalance first-match APPS-POLICY
class class-default
sticky-serverfarm STICKY-APPS-FARM
I am really lost on this and only getting this from looking at stickiness on other configs. Can you guys advise will this work.

Also look at the following :
www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/rtg_brdg/guide/vlansif.html
Autogenerating a MAC Address for a VLAN Interface
By default, the ACE does not allow traffic from one context to another context over a transparent firewall. The ACE assumes that VLANs in different contexts are in different Layer 2 domains, unless it is a shared VLAN. The ACE allocates the same MAC address to the VLANs.
When you are using a firewall service module (FWSM) to bridge traffic between two contexts on the ACE, you must assign two Layer 3 VLANs to the same bridge domain. To support this configuration, these VLAN interfaces require different MAC addresses.
To enable the autogeneration of a MAC address on a VLAN interface, use the mac address autogenerate command in interface configuration mode. The syntax of this command is as follows:
mac address autogenerate
For example, enter:
host1/Admin(config-if)# mac address autogenerate
To disable MAC address autogeneration on the VLAN, use the no mac address autogenerate command. For example, enter:
host1/Admin(config-if)# no mac address autogenerate

Basic ACE Design Question

Hi All,
In the network layout below, does the ACE need to be setup in a routed mode to work? can it be also be setup in a bridged mode in this scenario?
Network Cloud <--> Firewall <--> ACE <--> Router <--> Server Farm.
Any refences would also be greatly appreciated.
Thanks in advance.
HH

you only need the server adjacent if you do transparent loadbalancing. Which means you do not nat the virtual ip to the server ip.
Instead the servers are configured with a loopback ip address the same as the vip on the loadbalancer.
You can always bridge between 2 vlans and this is possible in your case.
However, I don't see the need to insert a router between the ace module and the servers.
Can't you have the ace module inserted between the router and the servers ?
Or get it rid of the router and have the servers directly connected to the ACE vlan and using the firewall as gateway ?
Gilles.

ACE Redirection question

We are migrating a large application to a new serverfarm one folder at a time. the exiting applicaiton server is not loadbalanced via the ACE.
We want to set a vip on the ACE as the primary DNS entry for host ans.company.com. When users requrest ans.company.com/dfr they will get L7 loadbalanced (via url matching) to a new local serverfarm.
When the users request ans.company.com/cms we want to redirect them to the old application server that wull be renamed via dns as classic.ans.company.com.
As each folder is migrated to the new servers the L7 rules will be modified to keep that traffic local
example
user requests ans.company.com/bfr or ans.company.com/cms they will be sent to the local new serverfarm.
user requests ans.company.com/dma1 or ans.company.com/dma2 they will be redirected to classic.ans.company.com/dma1 or classic.ans.comapny.com/dma2 (depending on the original request).
Does anyone have an sample script for this type of senario? I have the loadbalancing working fine. It's the redirection that is not working. I am trying to use a L7 url match to send the requrest to a redirect rserver
Any help would be appreciated.

It should be some thing like
rserver redirect REDIRECT-TO-OLD
webhost-redirection http://classic.ans.company.com/%p 302
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-OLD
inservice
class-map type http loadbalance match-any local-new
match http url /bfr
match http url /cms
class-map type http loadbalance match-any remote-old
match http url /dma1
match http url /dma2
policy-map type loadbalance first-match L7_LOGIC
class local-new
serverfarm local-serverfarm
class remote-old
serverfarm REDIRECT-SERVERFARM
policy-map multi-match CLIENT_VIPS
class VIPs
loadbalance vip inservice
loadbalance policy L7_LOGIC
HTH
Syed Iftekhar Ahmed

ACE Upgrade question

I would like to upgrade a redundant pair of ACE Modules from "3.0.0_A1_6.1" to "A2_1.2". Are there any concerns or gotchas or should this be a standard upgrade.
Thanks

Just follow the documented procedure and you will be good
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/administration/guide/upgrade.html#wp1027870
Syed Iftekhar Ahmed

ACE Role question

Just a clarification about ACE roles. Why does the predefined "Admin" role have any rules beyond:
1. Permit Create all
Why are the other 3 rules necessary?
2. Permit Create user access
3. Permit Create system
4. Permit Create changeto
thanks,
marty

The ACE provides role-based access control (RBAC), which is a mechanism that determines the commands and resources available to each user. A role defines a set of permissions for accessing the objects and resources in a context and the actions you can perform on them.

Two-tier ACE config question

Hi,
I am an ACE newbie - I have a two-tier ACE setup and I am basically trying to get the front-end ACE to divert to a sorry page if the back end servers hanging of the Back-end ACE do not reply to their probes.
I have the following setup...
Internet
|
DMZ ACE (doing SSL termination)
|
Reverse Proxy Server farm
|
Corporate LAN ACE
|
Application Server farm
DMZ ACE is probing Rev Proxy farm on TCP 2000 - and using sticky cookie insertion.
Corporate LAN ACE is probing App Server farm on TCP 2000 - and using sticky cookie insertion.
If the Application server farm becomes unavailable, I would like the DMZ ACE to detect this and then redirect the clients to a 'service unavailable' page hosted on the Reverse Proxy Servers.
My thought so far is the following...
DMZ ACE
rserver Rev_proxy1
rserver Rev_proxy2
probe icmp probe_icmp
ip address <App_Server_VIP>
serverfarm Rev_proxy_farm
probe probe_icmp
prove probe_tcp_2000
rserver Rev_proxy1, Rev_proxy2
So the above Rev_proxy_farm availability is tied to the appearance of the App Server vip due to the directed icmp probe to the Corporate LAN ACE VIP - the VIP will disappear if the App Server farm does not respond to it's TCP probe.
I am then not sure how to redirect the HTTP request to the Reverse Proxy Server seeing as though these have already been flagged unavailable.
Should I then follow 'Configuring a Sorry Server Farm' as per http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/classlb.html#wp1049254 to divert the connections from the Reverse_proxy:2000 to Reverse_proxy:3000 (which serves Service unavailable page)?
Any advice on whether this is the best way to go would be much appreciated.
Cheers,
Al

you need to create a redirect host and serverfarm and use this serverfarm as a backup serverfarm for your main serverfarm.
I'm not sure that the icmp ping will work.
Because the ping will be sent to dest ip address of the vip, but the dest mac-address ill the rev-proxy where your configured the probe.
Give it a try.
Gilles.

Checkpoint question....

Once a checkpoint has occured all the blocks modified by transactions after that have to wait till the next checkpoint(or 3 seconds) for the DBW0 to write it to the disk. But, in one of the Oracle training materials for 1Z0-042 i read that, after a checkpoint has occured, some modified blocks may be written to the disk before waiting till the next checkpoint.
Is this possible?

DBWR writes,
every 3 secsI think that it'sLGWR that writes every 3 seconds not the DBWR.

ACE Leastconn question

Hi,
I had just moved one server farm from round-robin to leastconns with slowstart of 300 second and no new rservers had been added (or failed), they are all the same as before the change.
What I see is that one rserver gets much more hits than other and one of them is practically idle. I know that CSCso93479 states that current connections count in "show serverfarm" is inaccurate, but I cannot understand such a difference....
Is total connections counter bugged as well?
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: prmesapp11
10.16.127.17:0 8 OPERATIONAL 23 6 0
rserver: prmesapp12
10.16.127.18:0 8 OPERATIONAL 44 187 0
rserver: prmesapp13
10.16.127.19:0 8 OPERATIONAL 31 43 0
rserver: prmesapp14
10.16.127.20:0 8 OPERATIONAL 27 62 0
Or am i missing something about leastconns predictor?
Thanks a lot!
David

Hi,
Nope. I was trying to see what I can do about this, so I removed the leastconn (reverting back to round-robin) then configured leastconn back, but without slow-start parameter. What I immediately noticed is that servers started to be hit in a more equal manner, which is what I expected. I then reapplied the leastconn command, but with slow-start parameter and it would seem that session distribution was as expected. I assume that maybe removing and reapplying leastconn command did the trick, or maybe slow-start parameter was somehow misbehaving when I first applied it....
Now what I noticed is there are some sessions under failure column of "show serverfarm" output and I don't believe I had those before I switched to leastconn. The number is very low, like 5 failed versus 30,000 total, but still I was wondering if there is anything different with leastconn from round-robin that would cause some of the sessions to fail ?
Thanks!
David

Best resource that would help me to pass adobe Photoshop CC ACE exam

Best resource that would help me to pass adobe Photoshop CC ACE exam ?
and another question
can i practice from Adobe Photoshop CS6 Classroom in a Book
and then knowing the new feature of CC , to pass the exam
thanks in advance

Ideally you want to get hold of the ACE sample exam & study guides for the product versions you are testing for. It doesn't hurt to know previous versions but be keenly aware of the differences in menus, filters, etc...
Below is a PDF with some sample questions.
http://training.adobe.com/certification/exams/photoshop_cc_2013/_jcr_content/sampleExam
Online preparation
Prepare for the Adobe Certified Expert in Photoshop CC exam by Martin Perhiniak | Udemy
ACE Exam Self Study Aid (Mac)
Photoshop CC ACE Exam Questions | Adobe Certified Expert | Study Guide & Test Prep Simulator | 9A0-354 and 9A0-347
More resources here
Preparing for the Adobe Certified Expert (ACE) Exam
Nancy O.

Navigation issues with question slides in Captivate 6

In earlier versions of Captivate (5.5) we have always been able to insert question slides into our projects as checkpoints and allow the user to freely navigate through the project and answer the checkpoint questions as often as they like. We have also been able to provide success and failure feedback popups for those question.
In Captivate 6 we are seeing that question slides can apparently only be answered once and do not reset to be answered again the next time the user navigations to those slides. We want to allow the user to answer checkpoint questions as often as they like and we need to be able to provide success and failure feedback popups. We have tried every imaginable combination of setting with no success. Has anyone else been experiencing this or have a solution to this problem?
Thanks,
Vernon . . .

When I run the same projects with the exact same settings side by side in Captivate 5 and Captivate 6, in the Cap 5 project I can navigate the project freely and answer the checkpoint questions repeatedly as often as I like. As I navigate the questions are reset and can be answered again every time I enter the question slides.
In Cap 6 the questions are locked after the first answer and cannot be answered a second time. Even stranger is the fact that when tested using only a subset of the slides adjacent to the question slide (next 3) it works and does appear to reset the question allowing repeated answers, but it fails when the entire project is run.
I have asked our other developers to test this and they are experiencing the same problem with their projects.
The only difference I can see between the two projects is that the Quiz results slide in Cap 6 cannot be deleted whereas it does not exist in the Cap 5 project ???

ACE checkpoint question

Similar Messages

Maybe you are looking for