Cisco ACE appliance backend Requests

Hi,
I have a question about the Cisco ACE 4700x appliances.
I hope that someone can help me out with the next question please, which is:
does the appliance support backend server selection based on URL, hostnames or IP?
if yes, where can i find more details about it ?
Thank you

Here it is.
class-map type http loadbalance match-all DOMAIN-ONLY-CM 2 match http header Host header-value "xxx[.]domain[.]com"class-map type http loadbalance match-all DOMAIN-AND-PATH-CM 2 match http header Host header-value "www[.]domain[.]com" 3 match http url /very-long-path/.*

Similar Messages

Logging user commands in Cisco ACE appliance

Good afternoon gentlemen
I need to configure the same as shown below in Cisco ACE Appliance. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
#IOS commands
no logging console
logging buffered 307200 informational
service timestamps log datetime localtime show-timezone
logging trap debugging
login on-failure log
login on-success log
archive
   log config
      logging enable
      logging size 500
      hidekeys
      notify syslog contenttype plaintext
If you guys have an idea please answear
Regards
Christian

Hello Arun,
we saw before the message you report, it's probably a symptom of:
CSCtx03563
or
CSCue38032
I would suggest opening a TAC case to get this properly investigated.
Kind Regards,
Francesco

How to monitor memory on Cisco ACE Appliance 4710?

I'm trying to monitor the memory usage in balancers Cisco ACE Appliance 4710 with version A3 (2.2), but the OIDs cpmCPUMemoryUsed (.1.3.6.1.4.1.9.9.109.1.1.1.1.12) and cpmCPUMemoryFree (.1.3.6.1.4.1.9.9. 109.1.1.1.1.13) not work.
What the right OID to monitor memory usage in balancers Cisco ACE 4710 Appliance?

HI,
You need to use CISCO-ENHANCED-SLB-MIB .
cpmProcExtMemAllocatedRev .1.3.6.1.4.1.9.9.109.1.2.3.1.1 (this gives the memory allocated to each process)
You can also read up on the mib
Hope this helps
Venky

Cisco ACE Appliance Redundant configuration

How cisco ACE appliance changes its Ip address and MAC address after failover???

Hi Birendra,
Could you please elaborate more on your question?
FT mac's depend upon FT group that you have configured and they remain same. They will not change after failover.
Here's a document at the link which explains in details about different MAC addresses in ACE:
https://supportforums.cisco.com/docs/DOC-8723
Let me know if you have any questions.
Regards,
Kanwal

Cisco ACE Appliance showing error while boot

Hello Everyone,
I intend to Configure two ACE appliance in one arm mode, Post configuration I have tried to test the functionalities of the same.
Below are the queries which I am having now.
>Post reboot of the appliance it popped with the error ,pls clarify .
     Starting sysmgr processes.. Please wait...tg3: tg3_reset_hw timed out for eth1, firmware will not restart magic=4b657654
tg3: tg3_reset_hw timed out for eth1, firmware will not restart magic=4b657654
Done!!!
> Please confirm whether SNAT is compusory for one-arm mode setup . as our requirement is to loadbalance only the requests from the clients .
     the reply from server should go back to the client directly .
> How can I achieve the HA config with out dedicated port . as I have configured port channel for all the 4 ports . I am not interested to provide the seperate port for HA.
Thanks in advance

Hi,
> Please confirm whether SNAT is compusory for one-arm mode setup . as our requirement is to loadbalance only the requests from the clients .
     the reply from server should go back to the client directly .
**Mos of the times SNAT is require but is not must. For example, you can have the servers connected to a L2 Switch, using the ACE as DG and you probably don't need SNAT.
The important is to have the response of the server going back to the ACE with or without NAT
> How can I achieve the HA config with out dedicated port . as I have configured port channel for all the 4 ports . I am not interested to provide the seperate port for HA.
***Configure in the portchannel the ft-port vlan command. Remember that the FT vlan should be L2, no L3 devices in between the ACEs
Cesar R
ANS Team

Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance failed

Hi,
I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1). Please help.
tacacs-server key 7 "xxxxxxxxxxxxx"
aaa group server tacacs+ tac_admin
server xx.xx.xx.xx
aaa authentication login default group tac_admin local
aaa authentication login console group tac_admin local
aaa accounting default group tac_admin

Hi,
Since the ACS is receiving the request.
Could you please ensure that In ACE on every context (including Admin and other) you have following strings:
tacacs-server host x.x.x.x key 7 "xxx"
aaa group server tacacs+ tac_admin
   server x.x.x.x
aaa authentication login default group tac_admin local
aaa authentication login console group tac_admin local
aaa accounting default group x.x.x.x
On ACS side for group named "Network Administrators" you should configure in TACACS settting:
1. Shell (exec) enable
2. Privilege level 15
3. Custom attributes:
           shell:Admin*Admin default-domain
    if you have additional context add next line
          shell:mycontext*Admin default-domain
After loging to ACE and issuing sh users command you should see following
User             Context                                                                  Line     Login Time   (Location)        Role   Domain(s)
*adm-x        Admin                                                                    pts/0   Sep 21 12:24 (x.x.x.x)    Admin   default-domain
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you fee your query is resolved. Do rate helpful posts.

Cisco ACE Issue accessing SAP applications through ACE appliance

Hi,
I have website whose VIP resides on my ACE appliance. That site has many links on it which are SAP applications.
For one link, when i click it first time, user is asked for authentication which is not actually required and get blank page.
When I click back (go to main site again) and again click the same link, it opens normally without any authentication prompt.
Rest all links on the site have no issues and open normally.
I had same issue with acceptance for same application and below parameter map resolved the issue
parameter-map type http case_param
case-insensitive
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
I tried using same parameter map with persistance rebalance disbaled but still it does not work.
What could be the issue in this case?

Hi,
The SAP has front end server to which ACE is sending traffic dstined to particular VIP. front end server then communicates with backend server for all date related to all applications. When client is using different applications, url in browser remains the same. All applications are working fine except this single application.
same setup is working fine with cisco CSS and even the accepatnce is working fine for same set of applications.
I am getting bad tcp checksum messges in capture output.
10.38.199.196 is client IP....10.36.64.40 is VIP and , 10.36.64.86 is nat ip and 10.36.32.55 is front end server which is user interface to various applications

Cisco ACE backend communication

We are performing SSL overloading in Cisco ACE 4710..
443 from client to load balancer then 80 on the backend.. which works fine, however when I change the backend to 8080 I get to the initial screen but everything after breaks,..
It seems to be something with 443 as if I configure the front end to talk port 81 and backend 8080 all works, as soon as the front end is changed to 443 I get to the first page then everything after breaks

Hi Networker,
Kindly use the following command:
ssl url rewrite location expression [sslport number1] [clearport number2]
As per in your case:
CLIENT -----> ACE = port 443 = sslport
ACE --------> Server = port 8080=clearport
Suppose you are specifying SSL URL rewrite for the URL www.cisco.com or www.cisco.net using the default SSL port of 443 and a clear port of 8080,
Then enter:
host1/Admin(config-actlist-mod)# ssl url rewrite location www\.cisco\.* sslport 443 clearport 8080
In the above example, the ACE attempts to perform the following tasks:
1. Match all HTTP redirects to http://www.cisco.com:8080 or http://www.cisco.net:8080
2. Rewrite the HTTP redirects as https://www.cisco.com:443 or https://www.cisco.net:443
3. Forward the HTTP redirects to the client
After you enter the ssl url rewrite command, associate the action list with a Layer 3 and Layer 4 policy map.
Check the URL for your reference:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_1_0/command/reference/actnlist.html#wp1050875
HTH
Sachin Garg

Tacacs authentication with ACE appliance not working

Hi All,
I'm having trouble with a Cisco ACE 4710 appliance using tacacs to authenticate ssh/telnet remote users. Following the CCO documentation we have configured the backend tacacs server (Cisco Secure ACS) and setup the ACE with the required configuration.
tacacs-server key 7 "letmein"
tacacs-server host 192.168.1.1 timeout 5
aaa group server tacacs+ ACStac
server 192.168.1.1
aaa authentication login default group ACStac local
So far no luck in successfully authenticating any users. I can see in the log on the ACS a key mismatch error however I have 100% verified the keys are identical, im thinking this may be a bug?
Furthermore when I paste in the tacacs-server key it gets converted to a type 7 in the running configuration even though I use the no encryption option. Anyone have any ideas? The ACE is running version A3(2.3)
Thanks in advance

Hi Matt,
Please remove the shared secret of teh NDG and test.
Regards,
Anisha
P.S.: please rate this post if ypou feel your query is answered

Cisco ACE - "show conn" command queries

Hi all,
i have some queries regarding the "show conn" command in Cisco ACE.
Working Scenario:
VIP : 10.10.10.1
Server 1 : 10.10.20.1
Server 2 : 10.10.20.2
Client: 30.30.30.1
When a client 30.30.30.1 initiates a connection to the VIP on 10.10.10.1, the ACE load balances it to Server 1, 10.10.20.1. Looking at the "show conn" table, it shows that Server 1 is replying back to the Client 30.30.30.1 through the ACE.
Now, my question is when the ACE returns the traffic to the Client, should the Client be seeing the source IP coming from the VIP or Server 1? My understanding is that the Client should be seeing traffic returning from the VIP. But the show conn table does not seem to suggest so.
show conn table
conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
1768       1 in TCP   10   30.30.30.1:9221   10.10.10.1:80       ESTAB
41         1 out TCP   52    10.10.20.1:80    30.30.30.1:9221   CLOSED

Daniel,
The client is expecting a response from the VIP otherwise there would be an asymmetrical routing problem and conns will never complete.
The fact that you're seeing 30.30.30.1 as the destination address is just that the server is able to see client's IP address on the request, when your backend servers sends the reply back to the client this response is forced to go through the ACE, when the ACE looks at the packet it matches with a previously conn created on the flow table so it "NATs" the reply so now the source of the packet is the VIP and destination is 30.30.30.1.
This is a expected behavior as you're not using S-NAT on your network.
HTH.
Pablo

Need help to Configure Cisco ACE 4710 Cluster Deployment

Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-

Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    inservice
rserver ebsapp2 80
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
    permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
    serverfarm ebsppsvrfarm
class class-default
    compress default-method deflate
    sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
    loadbalance vip inservice
    loadbalance policy ebsapp-vip-l7slb
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal-

Cisco ACE loadbalancing matching more than one header in L7 class map

Dear All,
This is regarding Cisco ACE loadbalancing matching more than one header in L7 class map. I have a small setup with ACE 30 module in Cisco6500. I have got three webservers. Presently I have following configuration where I am mathing one url header.
class-map type http loadbalance match-all L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
So for above configuration, when traffic is coming for abhisar.com, it is working fine.
Now, I have following headers and DNS entry is pointing to same virtual IP for all http url header same as abhisar.com
abhisarindia.com
indiaabhi.com
So new configuration will be
class-map type http loadbalance match-any L7_WEB_HEADER_MATCH
description MATCH THE HOST HEADER OF HTTP REQUEST
2 match http header Host header-value ".*abhisar.com*"
4 match http header Host header-value ".*abhisarindia.com*"
6 match http header Host header-value ".*indiaabhi.com*"
So just want to confirm if this is fine.
Thank You,
Abhisar.

Dear Rajesh,
Thank you for reply. I will let you know once I carry out this activity.
Thank You,
Abhisar.

Slow connection in one server if accessing through Cisco ACE

Hi,
Good day, Can someone help me on my problem? I have 3 servers, server1, server2 and server3. When one pc accessing the server 3 application via Cisco ACE, it experienced a slow connection but when direct access without Cisco Ace, it's fast. The connection of this PC through cisco ace and direct access have no issue.
What need to do in my configuration? Below is my configuration
logging enable
logging timestamp
logging trap 7
logging buffered 7
logging monitor 7
logging host 167.81.126.5 udp/514
logging host 137.55.152.147 udp/514
resource-class SG_01
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 10.00 maximum equal-to-min
boot system image:c4710ace-mz.A3_2_0.bin
login timeout 30
peer hostname singapore-ace2
hostname singapore-ace1
interface gigabitEthernet 1/1
channel-group 14
no shutdown
interface gigabitEthernet 1/2
channel-group 14
no shutdown
interface gigabitEthernet 1/3
channel-group 14
no shutdown
interface gigabitEthernet 1/4
channel-group 14
no shutdown
interface port-channel 14
description ISOLAN-ACE-TRUNK
ft-port vlan 99
switchport trunk native vlan 1
switchport trunk allowed vlan 12,14,112
no shutdown
clock timezone SGT 8 0
ntp server 137.55.152.1
context Admin
member SG_01
access-list ALL line 8 extended permit ip any any
access-list ALL line 9 extended permit icmp any any
ip domain-name ysn.psg.philips.com
probe http singapore_01
description This probe used to monitor application url-app-script
interval 5
passdetect interval 5
request method get url /insiteserverstatus/insiteserverstatus.aspx
expect status 200 200
open 1
probe http singapore_02
description This probe used to monitor IIS-login-page
interval 5
passdetect interval 5
request method get url /InSiteLumiledsApplication/
expect status 200 200
open 1
probe icmp uplink
description This probe used in conjunction with ft track host
interval 2
faildetect 2
passdetect interval 3
parameter-map type connection PARAM_L4STICKY-IP
exceed-mss allow
rserver host sggysnysn1ms013
ip address 137.55.152.135
inservice
rserver host sggysnysn1ms014
ip address 137.55.152.136
inservice
rserver host sggysnysn1ms018
ip address 137.55.152.145
inservice
serverfarm host PLI9058
probe singapore_01
probe singapore_02
rserver sggysnysn1ms013
    inservice
rserver sggysnysn1ms014
    inservice
rserver sggysnysn1ms018
    inservice
sticky ip-netmask 255.255.255.255 address both SG_GROUP_01
timeout 720
replicate sticky
serverfarm PLI9058
class-map type management match-any HTTPS-ALLOW_CLASS
class-map match-all L4STICKY-IP_141:ANY_CLASS
2 match virtual-address 137.55.152.141 any
class-map type http loadbalance match-any NO_MS018
50 match source-address 137.55.155.31 255.255.254.0
class-map type management match-any SSH-ALLOW_CLASS
2 match protocol ssh source-address 167.81.124.0 255.255.255.192
3 match protocol ssh source-address 167.81.126.0 255.255.255.192
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
    permit
policy-map type loadbalance first-match L7PLBSF_STICKY-NETMASK_POLICY
class class-default
    sticky-serverfarm SG_GROUP_01
    insert-http X-Forwarded-For header-value "%is"
policy-map multi-match PLI9058-VIPs_POLICY
class L4STICKY-IP_141:ANY_CLASS
    loadbalance vip inservice
    loadbalance policy L7PLBSF_STICKY-NETMASK_POLICY
    loadbalance vip icmp-reply
    connection advanced-options PARAM_L4STICKY-IP
interface vlan 12
description Client-side vlan
bridge-group 1
no normalization
mac-sticky enable
access-group input ALL
access-group output ALL
service-policy input PLI9058-VIPs_POLICY
no shutdown
interface vlan 14
ip address 137.55.152.236 255.255.255.248
peer ip address 137.55.152.237 255.255.255.248
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 112
description Server-side vlan
bridge-group 1
no normalization
access-group input ALL
access-group output ALL
nat-pool 1 137.55.152.141 137.55.152.141 netmask 255.255.255.192 pat
no shutdown
interface bvi 1
ip address 137.55.152.189 255.255.255.192
alias 137.55.152.188 255.255.255.192
peer ip address 137.55.152.190 255.255.255.192
description Bridge-Group 1 Virtual Interface
no shutdown
ft interface vlan 99
ip address 192.168.1.1 255.255.255.252
peer ip address 192.168.1.2 255.255.255.252
no shutdown
ft peer 1
heartbeat interval 100
heartbeat count 10
ft-interface vlan 99
ft group 1
peer 1
priority 150
peer priority 50
associate-context Admin
inservice
ft track host test1
track-host 137.55.152.234
peer track-host 137.55.152.235
peer probe uplink priority 50
probe uplink priority 50
ip route 0.0.0.0 0.0.0.0 137.55.152.233

Hi Earsdale,
All the three servers are using the same configuration, so, I'm afraid it's not possible to give you a simple answer. You will need more troubleshooting.
I would recommend you to start by checking the differences between the servers because one of those differences is certainly causing the failure.
Also, it would be helpful to get traffic captures on the TenGig interface of the ACE to compare the behavior of the connection when going to the different servers, as well as the differences when being load-balanced vs accessing the server directly.
If you need help with this troubleshooting, you can always open a TAC service request
Regards
Daniel

Cisco ace mibs for concurrent connection on real and virtual servers

i have loaded cisco provided mibs for cisco ace into nms but i am not able to fetch the details from ace appliance 4710.where can i find IODs for this.
would really appreciate if anyone can help me regarding this

Hi Manohar,
you need two MIBs:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
The current connection you will find in the section:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
slbVServerInfoTableEntry .1.3.6.1.4.1.9.9.161.1.4.2.1
Example:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
slbVServerNumberOfConnections .1.3.6.1.4.1.9.9.161.1.4.2.1.6.1.44
Use a MIB-Browser to find out the OID for each server.
Best Regards,
Achim

How to buy Cisco (ACE-UPG2-LIC=) 8Gbit to 16Gbit?

The Cisco (ACE-UPG2-LIC=) product is an upgrade from 8Gbit to 16Gbit throughput. How does a customer get this license? It is for the Cisco ACE 20 or ACE 30 Modules, which I believe are End of Sale, but still supported.
Any help would be appreciated..
Thanks,
RO

You cannot buy the license. Neither Cisco nor any authorized reseller will sell it as the product is no longer for sale (as of 24 January 2014). Reference.
You need to either make do with the ACE you have or migrate to a different ADC platform (like the Citrix Netscaler, F5 BigIP, A10 Networks appliances, etc.).

Cisco ACE appliance backend Requests

Similar Messages

Maybe you are looking for