ACS support for ACE Module
Does ACS for Windows 3.3 support AAA for the ACE module?
I don't think that is correct. I am still
having issues with ACE and ACS. See below:
ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)#
Similar Messages
-
[UDP fast age support for ACE Module]
Hello,
I'm testing 2 ACE modules running A3.0.0 for DNS load balancing (UDP). We're testing this by using a DNS query generator that (always) seems to use the same UDP source port when originating these queries. At the moment, the ACE module is hardly doing any load-balancing.
It looks to me like, that because of this, the ACE believes it's the same session (connection) and doesn't really load-balance, so I started looking for a solution and found the fast-age udp feature. But, it seems this is not supported on my ACE modules. Can any one offer another solution and/or look at my config and see if there is another way to achieve load balancing in a testing environment when using a tool like the one I described?
(I put it that way because i believe in real life since queries come from different IP addresses and randomized udp ports, the ACE module will be just fine).
Thanks in advance!
c.Hi Carlos,
Correct. The 3.0(0) is really misleading. You need to start with the "A" - so you really have 1.6.3a installed.
The "show version" for V2 is slightly better -
system: Version A2(1.2) [build 3.0(0)A2(1.2)
Cathy -
Revision: 16403
Revision: 16403
Author: [email protected]
Date: 2010-06-02 12:47:11 -0700 (Wed, 02 Jun 2010)
Log Message:
Added runtime support for latest module library (LazyModuleLoadPolicyTag).
Modified Paths:
cairngorm3/trunk/libraries/Module/src/com/adobe/cairngorm/CairngormModuleXMLSupport.as
cairngorm3/trunk/libraries/ModuleTest/src/CairngormModuleLibRuntimeSample.mxml
cairngorm3/trunk/libraries/ModuleTest/src/runtimeContext.xmlBing,
I think one thing you might want to do is to post your code on the Web somewhere. Maybe you can open a Weblog and post this there.
http://www.jroller.com will let you open a blog for free we'll love to see more customers of JDeveloper opening weblogs and sharing their experience over the Web. -
Inventory collection fails for ACE module (RME 4.3.1)
I am trying to collect the inventory and ultimately the configurations for my ace modules. When i try to do an inventory collection I get the error
Device sensed, but collection failed
Anybody have any ideas?
ChrisPost your IC_Server.log.
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com -
Monitor TPS value for Ace Module
Hi Everyone,
I recently installed the license ACE-SSL-05K-K9 on ACE10 with multicontext solution.
The license provides 5000 Maximum number of SSL transactions per second (TPS).
The customer would like to track this to find out the correct size and in the case of services https upgrade licenses.
Can I do it so through particular output or it's necessary monitoring with snmp service? In the second case, can you tell me the oid string to use?
In case the module should receive a higher number of connections to that provided by the license, what's the issue for new https connections?
Regards
DinoHello Dino!
You can go into the Admin-Context and use sh resource usage all. Watch out for the ssl-connections rate. But I dont know the OID for this. But you can look into Cisco's MIB browser.
Cheers,
Marko -
I've been searching but i can't find the visio stencil for the ACE-10 or ACE-20 module.
Can anyone point me in the right direction or is this stencil yet to be made ?I don't think they are available yet. I needed them a few months ago, couldn't find them, and ended up making my own.
In case you need it, here's a link to the stencils Cisco provides.
http://www.cisco.com/en/US/products/prod_visio_icon_list.html -
What are all Browsers supported for irecruitment module
Hi Guru's,
We are using R12.0.7 oracle application version. I wanted to find out what are the browsers it's supports.
For example:
Mozilla Firefox 3 and till which higher version it will support?
Internet Explorer (IE) 7 and which higher versions?
Safari 3.1.2 and any higher version ?
Chrome 5 and any higher version ?
Please let me know if any one have idea about this versions.
Regards,
Joshna.We are using R12.0.7 oracle application version. I wanted to find out what are the browsers it's supports.
For example:
Mozilla Firefox 3 and till which higher version it will support?
Internet Explorer (IE) 7 and which higher versions?
Safari 3.1.2 and any higher version ?
Chrome 5 and any higher version ?
Please let me know if any one have idea about this versions.Please see this link:
http://search.oracle.com/search/search?search.timezone=420&search_startnum=1&search_endnum=10&num=10&search_dupid=&exttimeout=false&actProfId=0&q=389422.1+weblog%3AstevenChan&group=Blogs&sw=t&search_p_main_operator=all&search_p_atname=&adn=&search_p_op=equals&search_p_val=&search_p_atname=&adn=&search_p_op=equals&search_p_val=
Thanks,
Hussein -
ACE module support for IPv6 ?
what is the latest on IPv6 support for ACE module? I saw something saying 2HCY10, but that's where we are now. Any documentation pointers to current compatability and or roadmap are greatly appreciated.
thanks
Bob O.As mklemovitch described in the following thread, IPv6 will be
supported on ACE30 module but not in the initial release.
There is no plan for ACE20 module.
https://supportforums.cisco.com/message/3192517#3192517
I'm not sure but maybe around Q3 CY11 or later.
I cannot see the documentation regarding this feature on CCO.
I would suggest to contact your account team for details.
Regards,
Yuji -
Ace module in bridged mode with client nat
Could someone confirm whatever a NAT is supported for ACE-20 module, please?
Let me to explain technical details.
I do need to convert working CSM(SLB) config to ACE configuration and I am not quite sure
if the configuration below is correct. ACE module should be configured in bridge mode with two
vlans - vlan 36 (client) and vlan 436 (server) - bridged with interface bvi 36.
NAT on ACE configurad as "nat dynamic 1025 vlan 436" into corresponding
"policy-map type loadbalance"
Could you check two parts of configs and advise me if the ACE config is
properly converted from CSM and will be working in the same way (especialy for NAT).
Thank you in advance.
CSM config
=======
vlan 36 client
ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
gateway 10.36.3.1
vlan 436 server
ip address 10.36.3.3 255.255.255.0 alt 10.36.3.4 255.255.255.0
natpool WEB-MAIL 10.36.3.100 10.36.3.100 netmask 255.255.255.0
sticky 30 netmask 255.255.255.255 address source timeout 60
probe SHAREPOINT tcp
interval 30
failed 120
open 3
port 80
probe WEBMAIL-443 tcp
interval 5
failed 60
open 2
port 443
serverfarm WEBMAIL-443
nat server
nat client WEB-MAIL
predictor leastconns
real 10.36.3.101 443
inservice
real 10.36.3.102 443
inservice
probe WEBMAIL-443
serverfarm WEBMAIL-80
nat server
nat client WEB-MAIL
predictor leastconns
real 10.36.3.101 80
inservice
real 10.36.3.102 80
inservice
probe SHAREPOINT
vserver WEBMAIL-443
virtual 10.36.3.100 tcp https
serverfarm WEBMAIL-443
sticky 60 group 30
replicate csrp sticky
replicate csrp connection
persistent rebalance
inservice
vserver WEBMAIL-80
virtual 10.36.3.100 tcp www
serverfarm WEBMAIL-80
replicate csrp connection
persistent rebalance
inservice
ACE config
=======
probe tcp WEBMAIL-443
interval 5
open 2
passdetect interval 60
port 443
probe tcp SHAREPOINT
interval 30
open 3
passdetect interval 120
port 80
serverfarm host WEBMAIL-443
predictor leastconns
probe WEBMAIL-443
rserver 10-36-3-101 443
inservice
rserver 10-36-3-102 443
inservice
serverfarm host WEBMAIL-80
predictor leastconns
probe SHAREPOINT
rserver 10-36-3-101 80
inservice
rserver 10-36-3-102 80
inservice
class-map match-all WEBMAIL-80
match virtual-address 10.36.3.100 tcp eq www
class-map match-all WEBMAIL-443
match virtual-address 10.36.3.100 tcp eq https
sticky ip-netmask 255.255.255.255 address source 30
serverfarm WEBMAIL-443
replicate sticky
timeout 60
policy-map type loadbalance first-match WEBMAIL-80
class class-default
serverfarm WEBMAIL-80
nat dynamic 1025 vlan 436 serverfarm primary
policy-map type loadbalance first-match WEBMAIL-443
class class-default
sticky-serverfarm 30
nat dynamic 1025 vlan 436 serverfarm primary
parameter-map type http HTTP_ADV_OPT
persistence-rebalance
policy-map multi-match IFVLAN36-POLICY
class WEBMAIL-80
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-80
loadbalance vip inservice
loadbalance vip icmp-reply active
class WEBMAIL-443
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-443
loadbalance vip inservice
loadbalance vip icmp-reply active
interface vlan 36
bridge-group 36
service-policy input IFVLAN36-POLICY
mac-sticky enable
no shutdown
interface vlan 436
bridge-group 36
nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0
no shutdown
interface bvi 36
ip address 10.36.3.3 255.255.255.0
peer ip address 10.36.3.4 255.255.255.0
no shutdownHello F.Makarenko-
You will want to use PAT while you do nat, so change the natpool configuration to this:
nat-pool 1025 10.36.3.100 10.36.3.100 netmask 255.255.255.0 pat
You also need to apply the nat like this:
policy-map multi-match IFVLAN36-POLICY
class WEBMAIL-80
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-80
loadbalance vip inservice
loadbalance vip icmp-reply active
nat dynamic 1025 vlan 436
class WEBMAIL-443
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-443
loadbalance vip inservice
loadbalance vip icmp-reply active
nat dynamic 1025 vlan 436
If you are going to build out a lot of classes, you can instead do source nat like this:
policy-map multi-match IFVLAN36-POLICY
class WEBMAIL-80
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-80
loadbalance vip inservice
loadbalance vip icmp-reply active
class WEBMAIL-443
appl-parameter http advanced-options HTTP_ADV_OPT
loadbalance policy WEBMAIL-443
loadbalance vip inservice
loadbalance vip icmp-reply active
class class-default
nat dynamic 1025 vlan 436
Regards,
Chris Higgins -
How to Virtual IP configuration in ACE module?
Hi,
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module.
I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
Can anybody please post the steps/commands to perform this activity? An early response would be appreciated.
Regards,
Rachit.Hi Rachit,
Here is a basic configuration example:
access-list Allow_Access line 10 extended permit ip any any
rserver host test
ip address 10.198.16.98
inservice
rserver host test2
ip address 10.198.16.93
inservice
serverfarm host test
rserver test 80
inservice
rserver test2 80
inservice
sticky http-cookie test group2
cookie insert
serverfarm test
class-map match-all VIP
2 match virtual-address 10.198.16.122 tcp eq www
policy-map type loadbalance first-match test
class class-default
sticky-serverfarm group1
policy-map multi-match clients
class VIP
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
interface vlan 112
ip address 10.198.16.91 255.255.255.192
access-group input Allow_Access
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
service-policy input NSS_MGMT
service-policy input clients
no shutdown
ip route 0.0.0.0 0.0.0.0 10.198.16.65
Here is the configuration guide:
http://tools.cisco.com/squish/101AD
Cesar R -
ACE Module Radius with ACS 4.2
Hi,
I am able to authenticate to my ACE modules via Radius, but when I login it does not give my Admin rights. Does anyone have a fix for this? My ACS admin has been working with TAC since last week to no avail.
John...You have to use a custom AV pair on TACACS server under user setup to make it work. ACE uses RBAC (role based Access Control) and for that you have to pass the context and User Role from Tacacs server to ACE to make it work.If there is no RBAC info is pushed from Tacacs server and user just get authenticated then the default role assigned by ACE is Network-Monitor.
Following steps (On tacacs server) will make it work
1. Select your user
2. goto tacas+ settings
3. Select " shell (exec)" checkbox
4. Select "custom attributes" checkbox
5. Type your context and role information in custom attrib box, using following format
shell:*
for e.g (if context name is Admin, domain is default-domain and you want to assign role "Admin" to this user )
shell:Admin*Admin default-domain
Hope it helps
Syed -
SSL initiation for SMPP on ACE module
Hi Community,
we have a new requirement to enable a connection to a server with SMPP protocol wrapped inside a SSL channel for transport over internet. Can any one suggest if the ACE module support to do SSL initiation to secure standard SMPP (3.4) servers?
Kind regardsHi,
ACE does support SSL initiation. Please visit the below link for details. Ace also supports SSL termination and End-to-End SSL.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/initiate.html
Regards,
Kanwal -
ACE Module support loadbalance rmi, ajp, jms, etc?
Hello,
Do you know if ACE Module support balance the follow protocols:
1. rmis
2. ajp
3. jms
4. IIOP
5. CORBA
6. IIOPS
I know that ACE module support http, https and tcp/udp port.
Best RegardsHi Alvaro,
There are no specific handlers in ACE for the protocols listed. RMI over IIOP and majority of CORBA implementations are TCP socket based and typically require persistent (Sticky) assignments to real servers if load-balanced, so generic ACE loadbalancing predictors, probes and sticky features should suffice. If you need to do a deeper inspection you can use the Generic Protocol Parsing, and custom Probe (TCL) capabilities to track content of interest. Same applies for JMS and AJP, although there are different transports for these prototocls (i.e. JMS over HTTP) which may change configuration requirements.
In general, since these protocols are used for stateful application integration, long running transactions, messaging, and data access...and they are very sensitive to object namespace/target references you should detail individual use case requirements and applicability of external application delivery controller based load balancing (i.e. using ACE).
Let me know if this helps or if you need more detail. Thanks. -George -
When will ANM support ACE module A2(3.0)?
Hello,
We are using ANM 2.2 to manage our ACE modules running A2(2.2). I would like to upgrade our ACE modules to version A2(3.0). It was released on 12/Oct/2009 but ANM 2.2 still does not support it (although it does support A2(1.6a) which was published on 20/Oct/2009, after A2(3.0)). And 2.2 seems to be the latest version of ANM.
When can we expect ANM to officially support ACE module A2(3.0)?
Regards,
Marc.anm 3.0 will support ACE A2(3.0).
The current schedule date for next anm release is jan 2010.
Gilles. -
Revision: 1307
Author: [email protected]
Date: 2008-04-18 16:28:33 -0700 (Fri, 18 Apr 2008)
Log Message:
modules: added support for automatically adding "use namespace X", depending on the -target-player value
* similar to how we add "use namespace AS3"
* symmetric with ASC's -use feature, however we don't have equivalent commandline support yet
Bugs: n/a
QA: Nothing in particular, except for testing the new functionality of -target-player (email me about this)
Doc: Maybe: If we doc about "use namespace AS3" being added to all Flex compiles, we may want to talk about this.
Reviewers: Pete and Erik
Modified Paths:
flex/sdk/trunk/frameworks/flex-config.xml
flex/sdk/trunk/lib/asc.jar
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/BatchCompiler.java
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/Compiler.java
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/embedding/ScriptCompiler.java
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/parser/Parser.java
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/util/Context.java
flex/sdk/trunk/modules/asc/src/java/macromedia/asc/util/ContextStatics.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/SymbolTable.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/as3/MetaDataParser.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/common/Configuration.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/common/DefaultsConfigurator.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StyleDef.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StyleModule.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/css/StylesContainer.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/InterfaceCompiler.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/reflect/TypeTable.java
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/mxml/rep/AtEmbed.java
flex/sdk/trunk/modules/swfutils/src/java/flash/swf/tools/SwfxPrinter.javaThanks for your attention.
In the above logs, higher resolutions seems to be detected on both screens, hence my surprise :
[ 391.631] (II) intel(0): Printing probed modes for output LVDS1
[ 391.631] (II) intel(0): Modeline "1600x900"x60.0 110.00 1600 1664 1706 2010 900 903 906 912 -hsync -vsync (54.7 kHz eP)
[ 391.897] (II) intel(0): Printing probed modes for output HDMI1
[ 391.897] (II) intel(0): Modeline "1680x1050"x59.9 119.00 1680 1728 1760 1840 1050 1053 1059 1080 +hsync -vsync (64.7 kHz eP)
If it can help here is also my current xrandr output (after having called it manually to use the preferred resolution of each screen)
itanguy ~ $ xrandr
Screen 0: minimum 320 x 200, current 1680 x 1050, maximum 8192 x 8192
LVDS1 connected 1600x900+0+0 (normal left inverted right x axis y axis) 309mm x 174mm
1600x900 60.0*+ 40.0
1024x768 60.0
800x600 60.3 56.2
640x480 59.9
VGA1 disconnected (normal left inverted right x axis y axis)
HDMI1 connected 1680x1050+0+0 (normal left inverted right x axis y axis) 434mm x 270mm
1680x1050 59.9*+
1280x1024 75.0 60.0
1152x864 75.0
1024x768 75.1 60.0
800x600 75.0 60.3
640x480 75.0 60.0
720x400 70.1
DP1 disconnected (normal left inverted right x axis y axis)
HDMI2 disconnected (normal left inverted right x axis y axis)
HDMI3 disconnected (normal left inverted right x axis y axis)
DP2 disconnected (normal left inverted right x axis y axis)
DP3 disconnected (normal left inverted right x axis y axis)
If needed, I may reboot and provide xrandr output after boot (it will be 1024x768), or could other logs help you ? Please ask...
Maybe you are looking for
-
Are ID templates "live" such that changes can be updated across multiple documents?
SCENARIO: I have a document (DOC_A) ... from which I make a template (TEMP_T) ... from which I make fa second document (DOC_B). [A --> T --> B] After working on DOC_B for a few weeks, I find I have made some really nice changes (paragraph and font
-
Need help SELECT wiht INNER JOIN
Hi, I need the the entire record of the MVKE with the same vkorg as in the table YMMARKET. Why has the bellow Join syntex error. Thank you SELECT * FROM MVKE INNER JOIN YMMARKET_CODE ON mvkevkorg = ymmarket_codevkorg WHERE matnr = p_mat
-
Operation number count from er_src on x86?
Hello all, according to several reports and manuals it should be possible to get the number of load, store, calc operations in, for example, innermost loops from the compiler comments. This is done by using er_src after compilation with -g -xO4 etc.
-
Photoshop Save /File size estimate
Hi I have a very silly issue that I am sure Ive either unset or has a simple solution. I am using Windows 64 bit photoshop cs5 When I go to file save as and specify JPEG as the file format. The file size estimate does not show anything. I can leave i
-
Using mac mail 3.6 on leopard OS to connect to exchange server 2010?
Is there a way to connect to a 2010 exchange server using mac mail 3.6 on leopard OS? I have the server name but cannot figure out how to send mail using the smtp outgoing sever?