Cisco ACE Appliance Redundant configuration

How cisco ACE appliance changes its Ip address and MAC address after failover???

Hi Birendra,
Could you please elaborate more on your question?
FT mac's depend upon FT group that you have configured and they remain same. They will not change after failover.
Here's a document at the link which explains in details about different MAC addresses in ACE:
https://supportforums.cisco.com/docs/DOC-8723
Let me know if you have any questions.
Regards,
Kanwal

Similar Messages

  • Logging user commands in Cisco ACE appliance

    Good afternoon gentlemen
    I need to configure the same as shown below in Cisco ACE Appliance. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
    #IOS commands
    no logging console
    logging buffered 307200 informational
    service timestamps log datetime localtime show-timezone
    logging trap debugging
    login on-failure log
    login on-success log
    archive
       log config
          logging enable
          logging size 500
          hidekeys
          notify syslog contenttype plaintext
    If you guys have an idea please answear
    Regards
    Christian

    Hello Arun,
    we saw before the message you report, it's probably a symptom of:
    CSCtx03563
    or
    CSCue38032
    I would suggest opening a TAC case to get this properly investigated.
    Kind Regards,
    Francesco

  • How to monitor memory on Cisco ACE Appliance 4710?

    I'm trying to monitor the memory usage in balancers Cisco ACE Appliance 4710 with version A3 (2.2), but the OIDs cpmCPUMemoryUsed (.1.3.6.1.4.1.9.9.109.1.1.1.1.12) and cpmCPUMemoryFree (.1.3.6.1.4.1.9.9. 109.1.1.1.1.13) not work.
    What the right OID to monitor memory usage in balancers Cisco ACE 4710 Appliance?

    HI,
    You need to use  CISCO-ENHANCED-SLB-MIB .
    cpmProcExtMemAllocatedRev .1.3.6.1.4.1.9.9.109.1.2.3.1.1 (this gives the memory allocated to each process)
    You can also read up on the mib
    Hope this helps
    Venky

  • Cisco ACE Appliance showing error while boot

    Hello Everyone,
    I intend to Configure two ACE appliance in one arm mode, Post configuration I have tried to test the functionalities of the same.
    Below are the queries which I am having now.
    >Post reboot of the appliance it popped with the error ,pls clarify .
         Starting sysmgr processes.. Please wait...tg3: tg3_reset_hw timed out for eth1, firmware will not restart magic=4b657654
    tg3: tg3_reset_hw timed out for eth1, firmware will not restart magic=4b657654
    Done!!!
    > Please confirm whether SNAT is compusory for one-arm mode setup . as our requirement is to loadbalance only the requests from the clients .
         the reply from server should go back to the client directly .
    > How can I achieve the HA config with out dedicated port . as I have configured port channel for all the 4 ports . I am not interested to provide the seperate port for HA.
    Thanks in advance

    Hi,
    > Please confirm whether SNAT is compusory for one-arm mode setup .  as our requirement is to loadbalance only the requests from the clients  .
         the reply from server should go back to the client directly .
    **Mos of the times SNAT is require but is not must.  For example, you can have the servers connected to a L2 Switch, using the ACE as DG and you probably don't need SNAT.
    The important is to have the response of the server going back to the ACE with or without NAT
    > How can I achieve the HA config with out dedicated port . as I have  configured port channel for all the 4 ports . I am not interested to  provide the seperate port for HA.
    ***Configure in the portchannel the ft-port vlan command.  Remember that the FT vlan should be L2, no L3 devices in between the ACEs
    Cesar R
    ANS Team

  • Cisco ACE appliance backend Requests

    Hi,
    I have a question about the Cisco ACE 4700x  appliances.
    I hope that someone can help me out with the next question please, which is:
    does the appliance support backend server selection based on URL, hostnames or IP?
    if yes, where can i find more details about it ?
    Thank you

    Here it is.
    class-map type http loadbalance match-all DOMAIN-ONLY-CM  2 match http header Host header-value "xxx[.]domain[.]com"class-map type http loadbalance match-all DOMAIN-AND-PATH-CM  2 match http header Host header-value "www[.]domain[.]com"  3 match http url /very-long-path/.*

  • Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance failed

    Hi,
    I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
    ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
    Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
    I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1). Please help.
    tacacs-server key 7 "xxxxxxxxxxxxx"
    aaa group server tacacs+ tac_admin
      server xx.xx.xx.xx
    aaa authentication login default group tac_admin local
    aaa authentication login console group tac_admin local
    aaa accounting default group tac_admin

    Hi,
    Since the ACS is receiving the request.
    Could you please ensure that In ACE on every context (including Admin and other) you have  following strings:
    tacacs-server host x.x.x.x key 7 "xxx"
    aaa group server tacacs+  tac_admin
       server x.x.x.x
    aaa authentication login default group  tac_admin local
    aaa authentication login console group  tac_admin local 
    aaa accounting default group x.x.x.x
    On ACS side for group named "Network  Administrators" you should configure in TACACS settting:
    1. Shell  (exec) enable
    2. Privilege level 15
    3. Custom attributes:
               shell:Admin*Admin default-domain
        if you have additional  context add next line
              shell:mycontext*Admin  default-domain
    After  loging to ACE and issuing sh users command you should see following
    User             Context                                                                  Line     Login Time   (Location)        Role   Domain(s)   
    *adm-x        Admin                                                                    pts/0   Sep 21 12:24  (x.x.x.x)    Admin   default-domain
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you fee your query is resolved. Do rate helpful posts.

  • Need help to Configure Cisco ACE 4710 Cluster Deployment

    Dear Experts,
    I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between  two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
    http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
    This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
    This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
    My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
    Thanks....!
    -Amal-

    Dear Kanwal,
    I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
    Following detail required for configuring Oracle EBS Apps tier on HA:
    LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
    Suggested IP and Name for LBR:
    IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
    ebiz.xxxx.lk [on port 80 for http protocol accessibility]
    This LBR IP & name must be resolve and respond on DNS network
    Server Farm detail for LBR Setup
    Following detail will be use for configuring the LBR:
    LBR IP and Name :
    IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
    ebiz.xxxx.lk [on port 80 for http protocol accessibility]
    This LBR IP & name must be resolve and respond on DNS network
    Server Farm Detail for LBR setup:
    Server 1 (EBS App1 Node, ap1ebs):
    IP : 172.25.45.19
    Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
    Protocol: http
    Port: 8000
    Server 2 (EBS App2 Node, ap2ebs):
    IP : 172.25.45.20
    Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
    Protocol: http
    Port: 8000
    Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
    Following are my latest config :
    probe http Get-Method
      description Check to url access /OA_HTML/OAInfo.jsp
      interval 10
      faildetect 2
      passdetect interval 30
      request method get url /OA_HTML/OAInfo.jsp
      expect status 200 200
    probe udp http-8000-iRDMI
      description IRDMI (HTTP - 8000)
      port 8000
    probe http http-probe
      description HTTP Probes
      interval 10
      faildetect 2
      passdetect interval 30
      passdetect count 2
      request method get url /index.html
      expect status 200 200
    probe https https-probe
      description HTTPS traffic
      interval 10
      faildetect 2
      passdetect interval 30
      passdetect count 2
      ssl version all
      request method get url /index.html
    probe icmp icmp-probe
      description ICMP PROBE FOR TO CHECK ICMP SERVICE
    rserver host ebsapp1
      description ebsapp1.xxxx.lk
      ip address 172.25.45.19
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      probe http-probe
      inservice
    rserver host ebsapp2
      description ebsapp2.xxxx.lk
      ip address 172.25.45.20
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      probe http-probe
      inservice
    serverfarm host ebsppsvrfarm
      description ebsapp server farm
      failaction purge
      predictor response app-req-to-resp samples 4
      probe http-probe
      probe icmp-probe
      inband-health check log 5 reset 500
      retcode 404 404 check log 1 reset 3
      rserver ebsapp1 80
        conn-limit max 4000000 min 4000000
        probe icmp-probe
        inservice
      rserver ebsapp2 80
        conn-limit max 4000000 min 4000000
        probe icmp-probe
        inservice
    sticky http-cookie jsessionid HTTP-COOKIE
      cookie insert browser-expire
      replicate sticky
      serverfarm ebsppsvrfarm
    class-map type http loadbalance match-any default-compression-exclusion-mime-type
      description DM generated classmap for default LB compression exclusion mime types.
      2 match http url .*gif
      3 match http url .*css
      4 match http url .*js
      5 match http url .*class
      6 match http url .*jar
      7 match http url .*cab
      8 match http url .*txt
      9 match http url .*ps
      10 match http url .*vbs
      11 match http url .*xsl
      12 match http url .*xml
      13 match http url .*pdf
      14 match http url .*swf
      15 match http url .*jpg
      16 match http url .*jpeg
      17 match http url .*jpe
      18 match http url .*png
    class-map match-all ebsapp-vip
      2 match virtual-address 172.25.45.21 tcp eq www
    class-map type management match-any remote_access
      2 match protocol xml-https any
      3 match protocol icmp any
      4 match protocol telnet any
      5 match protocol ssh any
      6 match protocol http any
      7 match protocol https any
      8 match protocol snmp any
    policy-map type management first-match remote_mgmt_allow_policy
      class remote_access
        permit
    policy-map type loadbalance first-match ebsapp-vip-l7slb
      class default-compression-exclusion-mime-type
        serverfarm ebsppsvrfarm
      class class-default
        compress default-method deflate
        sticky-serverfarm HTTP-COOKIE
    policy-map multi-match int455
      class ebsapp-vip
        loadbalance vip inservice
        loadbalance policy ebsapp-vip-l7slb
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 455
    interface vlan 455
      ip address 172.25.45.36 255.255.255.0
      peer ip address 172.25.45.35 255.255.255.0
      access-group input ALL
      nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
      service-policy input remote_mgmt_allow_policy
      service-policy input int455
      no shutdown
    ft interface vlan 999
      ip address 10.1.1.1 255.255.255.0
      peer ip address 10.1.1.2 255.255.255.0
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 10
      ft-interface vlan 999
    ft group 1
      peer 1
      no preempt
      priority 110
      associate-context Admin
      inservice
    ip route 0.0.0.0 0.0.0.0 172.25.45.1
    Hope you will reply me soon
    Thanks....!
    -Amal-

  • Cisco ACE Issue accessing SAP applications through ACE appliance

    Hi,
    I have website whose VIP resides on my ACE appliance. That site has many links on it which are SAP applications.
    For one link, when i click it first time, user is asked for authentication which is not  actually required and get blank page.
    When I click back (go to main site again) and again click the same link, it opens normally without any authentication prompt.
    Rest all links on the site have no issues and open normally.
    I had same issue with acceptance for same application and below parameter map resolved the issue
    parameter-map type http case_param
      case-insensitive
      persistence-rebalance
      set header-maxparse-length 65535
      set content-maxparse-length 65535
      length-exceed continue
    I tried using same parameter map with persistance rebalance disbaled but still it does not work.
    What could be the issue in this case?

    Hi,
    The SAP has front end server to which ACE is sending traffic dstined to particular VIP. front end server then communicates with backend server for all date related to all applications. When client is using different applications, url in browser remains the same. All applications are working fine except this single application.
    same setup is working fine with cisco CSS and even the accepatnce is working fine for same set of applications.
    I am getting bad tcp checksum messges in capture output.
    10.38.199.196 is client IP....10.36.64.40 is VIP and , 10.36.64.86 is nat ip  and 10.36.32.55 is front end server which is user interface to various applications

  • Tacacs authentication with ACE appliance not working

    Hi All,
    I'm having trouble with a Cisco ACE 4710 appliance using tacacs to authenticate ssh/telnet remote users. Following the CCO documentation we have configured the backend tacacs server (Cisco Secure ACS) and setup the ACE with the required configuration.
    tacacs-server key 7 "letmein"
    tacacs-server host 192.168.1.1 timeout 5
    aaa group server tacacs+ ACStac
      server 192.168.1.1
    aaa authentication login default group ACStac local
    So far no luck in successfully authenticating any users. I can see in the log on the ACS a key mismatch error however I have 100% verified the keys are identical, im thinking this may be a bug?
    Furthermore when I paste in the tacacs-server key it gets converted to a type 7 in the running configuration even though I use the no encryption option. Anyone have any ideas? The ACE is running version A3(2.3)
    Thanks in advance

    Hi Matt,
    Please remove the shared secret of teh NDG and test.
    Regards,
    Anisha
    P.S.: please rate this post if ypou feel your query is answered

  • TCP SYNSEEN with load balancing Cisco ACE 4710

    I have a Cisco ACE 4710 load balancing the traffic to two proxy servers, the configuration is the same since December 2012,  but yesterday it stated to show SYNSEEN in the show conn command, and the hosts cannot browse. I think that means that the three-way-handshake is not complete.
    If I bypass the ACE the hosts can browse without problems. 
    I have tested with another ACE appliance and the same configuration but the behaviour is the same.
    I need help as soon as possible,
    thanks,
    I've attached the Show conn, show conn detail and show run.

    Hi Cesar,
    Thank you for your answer,
    The issue was solved,
    We were running an A3 software version, it seems to have a Bug so it doesn't show the NAT commands in the "show run", so when we made the configuration backup we didn't noticed it.
    The ACE reloaded because an electrical failure so it losted the NAT config.
    We just upgraded to an A4 version and also added a NAT/PAT to enable the communication between the Clients and the Proxy.
    Regards,

  • Cisco ACE loadbalancing matching more than one header in L7 class map

    Dear All,
    This is regarding Cisco ACE loadbalancing matching more than one header in L7 class map. I have a small setup with ACE 30 module in Cisco6500. I have got three webservers. Presently I have following configuration where I am mathing one url header.
    class-map type http loadbalance match-all L7_WEB_HEADER_MATCH
    description MATCH THE HOST HEADER OF HTTP REQUEST
    2 match http header Host header-value ".*abhisar.com*"
    So for above configuration, when traffic is coming for abhisar.com, it is working fine.
    Now, I have following headers and DNS entry is pointing to same virtual IP for all http url header same as abhisar.com
    abhisarindia.com
    indiaabhi.com
    So new configuration will be
    class-map type http loadbalance match-any L7_WEB_HEADER_MATCH
    description MATCH THE HOST HEADER OF HTTP REQUEST
    2 match http header Host header-value ".*abhisar.com*"
    4 match http header Host header-value ".*abhisarindia.com*"
    6 match http header Host header-value ".*indiaabhi.com*"
    So just want to confirm if this is fine.
    Thank You,
    Abhisar.

    Dear Rajesh,
    Thank you for reply. I will let you know once I carry out this activity.
    Thank You,
    Abhisar.

  • Slow connection in one server if accessing through Cisco ACE

    Hi,
    Good day, Can someone help me on my problem? I have 3 servers, server1, server2 and server3. When one pc accessing the server 3 application via Cisco ACE, it experienced a slow connection but when direct access without Cisco Ace, it's fast. The connection of this PC through cisco ace and direct access have no issue.
    What need to do in my configuration? Below is my configuration
    logging enable
    logging timestamp
    logging trap 7
    logging buffered 7
    logging monitor 7
    logging host 167.81.126.5 udp/514
    logging host 137.55.152.147 udp/514
    resource-class SG_01
      limit-resource all minimum 0.00 maximum unlimited
      limit-resource sticky minimum 10.00 maximum equal-to-min
    boot system image:c4710ace-mz.A3_2_0.bin
    login timeout 30
    peer hostname singapore-ace2
    hostname singapore-ace1
    interface gigabitEthernet 1/1
      channel-group 14
      no shutdown
    interface gigabitEthernet 1/2
      channel-group 14
      no shutdown
    interface gigabitEthernet 1/3
      channel-group 14
      no shutdown
    interface gigabitEthernet 1/4
      channel-group 14
      no shutdown
    interface port-channel 14
      description ISOLAN-ACE-TRUNK
      ft-port vlan 99
      switchport trunk native vlan 1
      switchport trunk allowed vlan 12,14,112
      no shutdown
    clock timezone SGT 8 0
    ntp server 137.55.152.1
    context Admin
      member SG_01
    access-list ALL line 8 extended permit ip any any
    access-list ALL line 9 extended permit icmp any any
    ip domain-name ysn.psg.philips.com
    probe http singapore_01
      description This probe used to monitor application url-app-script
      interval 5
      passdetect interval 5
      request method get url /insiteserverstatus/insiteserverstatus.aspx
      expect status 200 200
      open 1
    probe http singapore_02
      description This probe used to monitor IIS-login-page
      interval 5
      passdetect interval 5
      request method get url /InSiteLumiledsApplication/
      expect status 200 200
      open 1
    probe icmp uplink
      description This probe used in conjunction with ft track host
      interval 2
      faildetect 2
      passdetect interval 3
    parameter-map type connection PARAM_L4STICKY-IP
      exceed-mss allow
    rserver host sggysnysn1ms013
      ip address 137.55.152.135
      inservice
    rserver host sggysnysn1ms014
      ip address 137.55.152.136
      inservice
    rserver host sggysnysn1ms018
      ip address 137.55.152.145
      inservice
    serverfarm host PLI9058
      probe singapore_01
      probe singapore_02
      rserver sggysnysn1ms013
        inservice
      rserver sggysnysn1ms014
        inservice
      rserver sggysnysn1ms018
        inservice
    sticky ip-netmask 255.255.255.255 address both SG_GROUP_01
      timeout 720
      replicate sticky
      serverfarm PLI9058
    class-map type management match-any HTTPS-ALLOW_CLASS
    class-map match-all L4STICKY-IP_141:ANY_CLASS
      2 match virtual-address 137.55.152.141 any
    class-map type http loadbalance match-any NO_MS018
      50 match source-address 137.55.155.31 255.255.254.0
    class-map type management match-any SSH-ALLOW_CLASS
      2 match protocol ssh source-address 167.81.124.0 255.255.255.192
      3 match protocol ssh source-address 167.81.126.0 255.255.255.192
    class-map type management match-any remote_access
      2 match protocol xml-https any
      3 match protocol icmp any
      5 match protocol ssh any
      6 match protocol http any
      7 match protocol https any
      8 match protocol snmp any
    policy-map type management first-match remote_mgmt_allow_policy
      class remote_access
        permit
    policy-map type loadbalance first-match L7PLBSF_STICKY-NETMASK_POLICY
      class class-default
        sticky-serverfarm SG_GROUP_01
        insert-http X-Forwarded-For header-value "%is"
    policy-map multi-match PLI9058-VIPs_POLICY
      class L4STICKY-IP_141:ANY_CLASS
        loadbalance vip inservice
        loadbalance policy L7PLBSF_STICKY-NETMASK_POLICY
        loadbalance vip icmp-reply
        connection advanced-options PARAM_L4STICKY-IP
    interface vlan 12
      description Client-side vlan
      bridge-group 1
      no normalization
      mac-sticky enable
      access-group input ALL
      access-group output ALL
      service-policy input PLI9058-VIPs_POLICY
      no shutdown
    interface vlan 14
      ip address 137.55.152.236 255.255.255.248
      peer ip address 137.55.152.237 255.255.255.248
      service-policy input remote_mgmt_allow_policy
      no shutdown
    interface vlan 112
      description Server-side vlan
      bridge-group 1
      no normalization
      access-group input ALL
      access-group output ALL
      nat-pool 1 137.55.152.141 137.55.152.141 netmask 255.255.255.192 pat
      no shutdown
    interface bvi 1
      ip address 137.55.152.189 255.255.255.192
      alias 137.55.152.188 255.255.255.192
      peer ip address 137.55.152.190 255.255.255.192
      description Bridge-Group 1 Virtual Interface
      no shutdown
    ft interface vlan 99
      ip address 192.168.1.1 255.255.255.252
      peer ip address 192.168.1.2 255.255.255.252
      no shutdown
    ft peer 1
      heartbeat interval 100
      heartbeat count 10
      ft-interface vlan 99
    ft group 1
      peer 1
      priority 150
      peer priority 50
      associate-context Admin
      inservice
    ft track host test1
      track-host 137.55.152.234
      peer track-host 137.55.152.235
      peer probe uplink priority 50
      probe uplink priority 50
    ip route 0.0.0.0 0.0.0.0 137.55.152.233

    Hi Earsdale,
    All the three servers are using the same configuration, so, I'm afraid it's not possible to give you a simple answer. You will need more troubleshooting.
    I would recommend you to start by checking the differences between the servers because one of those differences is certainly causing the failure.
    Also, it would be helpful to get traffic captures on the TenGig interface of the ACE to compare the behavior of the connection when going to the different servers, as well as the differences when being load-balanced vs accessing the server directly.
    If you need help with this troubleshooting, you can always open a TAC service request
    Regards
    Daniel

  • Cisco ACE dynamic rerouting (dc to dc failover)

    Good day,
    We currtenly have two dc's (site A and site B)
    We are using netapps as our SAN and we ar booting our server directly from the SAN
    SAN A and SAN B are insync and the network between site A and site B is routed.
    The challange:
    When a server is failover from site A to B it still has an ip adress that is routed to site A.(due to the SAN boot)
    We have a cold - hot design in regards to the servers (so no clustering of ESX)
    I have been reading about cisoc ACE and i think that it would solve the challange by dynamily updateing OSPF.
    Can any one please confirm that cisco ACE will solve this challlange (whitout the need for any other additional hardware)
    Thanks a lot,
    Regards,
    joli-coeur Wouter
    (CCIE Security 23078)

    It's more related to disaster recovery planning than ACE configuration
    The cleanest way is to use L2 extension.
    Otherwise you can use VMWare SRM to change the ip addresses of your VMs, or run an OSPF process and replicate all the subnets and put it in the "shutdown state" (or announcing it with a very high cost, proximity routing will do the rest - ACE module can do this for the VIPs with OSPF route health injection, ACE4710 doesn't support RHI but on the upstream router you can define an IP SLA probe and perform conditionnal redistribution), or use a dummy VRF with all your subnets and when enabling DRP, perform route leaking... use NAT with DNS-based failover etc...
    There is no generic answer to your problem.

  • How can ftp service on non-standard port be load balanced using Cisco ACE.

    How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

    Hi Samarjit,
    you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
    Regards
    Abijith

  • Monitoring the Cisco ACE module with SNMP

    We use 2 redundant Cisco ACE loadbalancer in our datacenter
    The models are ACE20-MOD-K9 with software A2(2.0)
    Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
    We were not able to find an applicable MIB for that module.
    The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
    What are the correct oid's for cpu and memory?
    Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
    thanks

    Hi Patrik,
    to monitor the ACE I use these two MIB's:
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
    Example for CPU:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Normale Tabelle";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
    The resource usage and other interesting things you will find with a MIB browser.
    Achim

Maybe you are looking for

  • Acrobat 9 Pro - Adding new fields in order

    Hello all!!! I am hoping everyone is doing well.  I have a quick question for you all.  I am creating a form that has a ton of text fields.  I am trying to keep them in order (tab # wise).  When I create a new text field, it just places it randomly i

  • Vendor Hierarchy account group

    Hi Gurus, Is it possible to use the Z account group (copied from the acct group 0002 Vendor) instead of 0012 for the Hierarchy node? The Client want to use the existing vendors which were created under Z account group for the hierarchy node. He wants

  • Issue in  Banking Module

    Hi All,         I have a typical issue which i am unable to resolve. The scenario is, the user has created 2 Incoming Payments of amount INR 60,000.00 dated 26/02/09 and 28/02/09 with the same cheque number. Also, he has created two deposits and canc

  • Fraudelent charge for Gameloft "Order & Chaos Online"!

    I received an e-mail that this morning that I had purchased an app called "Order & Chaos© Online" for $6.99 and two in-app purchases for $14.99 each! I haven´t installed this on either my iPhone or my iPad so obviously my account must have been compr

  • Creating sequence in Pointbase db

    Hi, i am a student trying to develop a database using Pointbase by Sun Microsystems. Does anyone know the SQL coding for creating a sequence in pointbase because the SQL coding is slightly different compared to Oracle. In Oracle the normal coding wou