Cisco CSS 11500 and RDP

Dear NetPros:
Does anyone know that does Cisco CSS 11500 Series Content Services Switch support 'Session Caching of RDP Clients? session for roaming of disconnected sessions' features?
Thanks
Bernard

The Cisco CSS 11500 is a compact modular platform, specifically designed to provide robust Layer 4-7 traffic management services for e-business applications in Internet and intranet data centers.
This URl should help you:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns50/ns254/networking_solutions_package.html

Similar Messages

CSS 11500 and 301 redirect

Does anyone know if it is possible to do a 301 redirect as opposed to the 302 redirect in a CSS 11500?

Everything I have read and these forums indicate 302 only I am just wondering if anyone knows of a way to work around via script or possibly any CSS updates that can add 301 functionality.

CSS 11500 url path rewrite and NAT

Hi,
We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.
What we would like to do is the following:
http://www.example.com/path1 -> http://host1:80
http://www.example.com/path2 -> http://host1:8080
http://www.example.com/path3 -> http://host2:80
The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.
The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.
Any help would be very much appreciated!
Regards,
Harald

Hello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.
First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.
Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.
Third : To solve your problem...
http://www.example.com/path1 -> http://host1:80 (ipA)
http://www.example.com/path2 -> http://host1:80 (ipB)
http://www.example.com/path3 -> http://host2:80
if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...
O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(
I'm sorry if I make mistake, I'm just telling my experience...

What is the appropriate product name for CSS 11500 on Bug Toolkit

Today I tried to search DDTs of CSS 11500 on Bug Toolkit (http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl), however I can not find out appropriate product name corresponding to CSS 11500.
Before I had searched DDTs of CSS 11500 on Bug Toolkit many times, at that time, if my memory correct..
I selected "Cisco CSS 11500 Series Content Services Switches" in the list of "Search for bugs in other Cisco software and hardware products" on Bug Toolkit.
But I can not find this product name today.
Do you know what product name appropriate for CSS 11500 on Bug Toolkit ?
Your information would be appreciated.
Best regards,

Hi Gilles,
Thank you for your cooperation.
Today, I can find the CSS at "new Bug Toolkit".
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
Select Product Category: Application Networking Services
Select Product: Cisco CSS 11000 Series Content Services
So I understand I should go "new Bug Toolkit" instead of old "Bug Toolkit" to
search any DDTs for CSS 11500.
Many thanks.
Best regards,

Cisco CSS 11501 - High-Availabilty

We have a single CSS 11501 and were thinking about just buying a new one and putting it online as the standby with statefull (hopefully) failover, but weren't sure that this would work.
Does anyone know what is needed to create a high-availability Cisco CSS 11501 environment?
Do you only need 2 CSS 11501 and then configure them with one being active and the other being in a standby mode, like a PIX?
Is there a HA Cable that would need to be connected between the 2 CSS's?
Thanks in Advanced.
Joe

Daniel,
There is a new stateful failover mechanism for the Cisco CSS 11500.
This description is a bit "salesy" I know, but it covers the question asked :-)
The Cisco CSS 11500 delivers ASRthe industry's first stateful Layer 5 session redundancy feature that enables failover of important flows while maximizing performance. Some flowssuch as a long-lived File Transfer Protocol (FTP) or a database session may be mission critical, but many are not. Most solutions on the market today require all trafficimportant or notto be backed up from one box to another. If the majority of flows are not critical, then most of system performance is wasted on unnecessary back
ups. With ASR, the Cisco CSS 11500 may be configured so critical flows are marked as replication worthy, whereas others do not need to be so marked. ASR focuses traffic management resources precisely where needed.
Better yet, have a look at the following link focusing on the section on Stateless Redundancy.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_510/advcfggd/redndncy.htm
Regards
Pete..

Multihoming with CSS 11500?

Can I do load balancing between two internet ISP's (multihoming), from Internet to Web Server (inside traffic) and from Internal network to Internet (outside traffic) with a Cisco CSS 11500?

you can connect the CSS to multiple ISP.
With the ECMP feature, the CSS will forward the response back to where the connection came from.
However, for outgoing connection, the CSS can't do loadbalancing over multiple ISP.
Regards,
Gilles.

Cisco CSS and ACE study guide

Hi,
Im ready to kick start Cisco CSS and ACE load balancers. I found that 642-972 DCASD and 642-975 DCASI are the relevant exams for that. But, they are expired now. And, I couldn't even find the old materials for those. Could you please anyone assist me in getting started with this?

Hi Kanwal,
Thanks for your reply. BTW, wasn't there any specific study guides for 642-972 DCASD and 642-975 DCASI from Cisco? The reason behind this question is, I want to go step by step starting from how load balancing works, the basics and terminologies of load balancing and its various options and operations etc. I have been working with Network Security and just stepping in to DC operations.

Services with different IP address subnets over CSS 11500 series

Hi all folks!
I have two CSS 11500 series...
In just a few months i will have ready a DRS (Disaster Recovery Site), where i will have 2 more servers to add to the environment.
But this servers will be in a different subnet from that today i have for the servers who are configured in the current services of my CSS.
So then the doubt i arises is:
Is correct to add two new services with these servers, but using the IP addressing of the DRS site???, and including on the CSS a static route to this network, (of the DRS) in order to reach them?? is it correct, it will work well?
This would be so....
             ________________LAN to LAN_____________________
             |                                                                                |
             |                                                                                |
|------SITE A------|                                                        |------SITE B------|
     [Firewall] ===============IPSEC============= [Firewall]
           |                                                                                |
           |                                                                                |
[CSS-A]-[CSS-B]                                                            [SWITCH]
       |          |                                                                     |         |
     [SWITCH]                                                                    |         |
[srvA] [srvB] [srvC]                                                          [srvD] [srvE]
So, at [CSS-A] & B, i will put a static route to firewall that know the subnet of site B through the IPSEC tunnel.
So In the CSSs, i will add the new services for the Servers "D" & "E" with the IP address of Site B.
This should be seen as well:
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 [IP FIREWALL]
ip route SITE B [IP FIREWALL]
!************************** SERVICE **************************
service srvA
ip address A.A.A.x
port 8080
service srvB
ip address A.A.A.x+1
port 8080
service srvC
ip address A.A.A.x+2
port 8080
service srvD
ip address B.B.B.y
port 8080
service srvE
ip address B.B.B.y+1
port 8080
I know that this practice is not the most desirable, in fact should use"Basic Global Server Load Balancing Site Redundancy Using the CSS with DNS", but I don't have much time to change the entire environment today, and in this first stage i have to begin with this poor but quick solution that i thought and i wanted to be validated if there is posibliidades this to work
Within their experiences that they say? Will operate?
Thanks in advance!
Regards!
Esteban =)

Daniel!
Sorry by delay!
Thank you so much for you time for reply.
You have given me a great help to this doubt!
But..using "source group" let me know..
I can´t undertand the really difference between NAT with ACls as you can see at this link: (http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093dfc.shtml)
and
this other link, using NAT (from the piont 5), (http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml)
where the NAT is configured under a method different from the previous one..
So.. for this scenario described above, which would you recommend using? I would think that the second is the most indicated truth? What do you think?
Thanks in advance again!!!
Have nice day!
Regards.
Esteban.

Do CSS 11500 series allow remote SPAN?

Hi,
I found SPAN (Switch port analyzer) is available on CSS 11500 series, but could only found destination must be local. Is it possible to do remote SPAN and make the destination be in another remote switch?
And how many local span sessions are allowed?
Thanks,
Rgds
Jorge

Cisco WebNS Software Version 7.20 delivers support for a new Cisco CSS 11501 model and Cisco WebNS Software 7.20 supports SPAN the features.
Switched Port Analyzer (SPAN) or port mirroring is useful for network analysis?a copy of the packets received or transmitted by a source port is sent to a designated destination port.
Kindly go through these links to get detailed information:
http://www.provantage.com/cisco-systems-css11503-ac~7CSCO288.htm
http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a008077c440

CSS 11500 Series LOGs

Hi everyone,
I need some help about one type of CSS 11500 LOG messages:
OCT 12 07:47:03 1/1 273 WCC-6: Computing slow start parameters for newly activated service index 4
OCT 12 10:25:05 1/1 274 WCC-6: Computing slow start parameters for newly activated service index 3
OCT 12 11:19:49 1/1 275 WCC-6: Computing slow start parameters for newly activated service index 3
OCT 12 11:26:33 1/1 276 WCC-6: Computing slow start parameters for newly activated service index 3
OCT 12 12:20:37 1/1 277 WCC-6: Computing slow start parameters for newly activated service index 3
OCT 12 14:04:32 1/1 278 WCC-6: Computing slow start parameters for newly activated service index 4
OCT 12 14:04:53 1/1 279 WCC-6: Computing slow start parameters for newly activated service index 5
OCT 12 14:05:01 1/1 280 WCC-6: Computing slow start parameters for newly activated service index 4
I was trying to find some explanation about these LOGs, but I didn’t have any success.
My questions are:
1. What does this LOG type mean?
2. Does it signalize some issue on the service?
Thanks a lot for the help!
Regards,
Marko

Hi Marko,
Please go through the below link:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/ContRule.html#wpmkr1150644
Just pasting some content. Read the details please.
Slowly Starting Connections on a Service
When you configure a content rule with the least connection (leastconn) load-balancing method, a service on the rule with the fewest connections receives the next request. If you activate a service on this rule, the service may become flooded with requests.
To prevent the flooding of connections on a newly activated or reactivated service, you can enable the slow-start feature on a content rule configured with the leastconn load-balancing method. Through this feature, you can configure:
•The rate that an activated service receives connections. The slow-start rate is applied globally to all leastconn content rules on the CSS. By default, the rate is enabled with a default value of 3. If you disable the rate by setting it to 0, the slow-start feature is disabled on all leastconn content rules configured on the CSS.
Note We recommend that you do not change the slow-start rate default value.
•The maximum time that the service remains in the slow-start process. The slow-start timer sets the number of seconds that the service on a leastconn content rule is in the slow-start process. The timer is applied to a leastconn content rule. By default, the timer is disabled. If the timer is disabled, the slow-start feature is disabled on the rule.
When you enable the slow-start feature on the CSS and a leastconn rule, a service on the rule enters the slow-start process when you:
•Add and activate a service to the rule
•Reactivate a service after suspending it on the rule
•Activate the rule
When you activate a rule, it starts to load balance the connections on its services. The service with the least number of connections is selected to enter the slow-start process.
When a rule has only two services, only one service can enter the slow-start process. When the rule has more than two services, a newly activated service can enter the slow-start process when one of the services is currently in the slow-start process and the other services are out of the slow-start process.
A service in the slow-start process slowly continues to receive connections until either the slow-start timer expires or its connections equal the number of connections on the other active services of the rule. Then, the service exits the slow-start process and starts receiving connections as it normally would.
Regards,
Kanwal

Cisco css http keepalive is not working with GET command

Dear all
i have Cisco Css connected to Dell Server (via switch)
Cisco CSS - 192.168.1.3 and Dell Server - 192.168.1.5
Dell server is setup with windows 2009R2 and Apache HTTPD is version 2.2
This server is dedicated to host multiple doamins with Apache lik
www.abc.co.uk
www.xyz.co.uk
Now the clinet wants to setup the http keepalive with specfic web page like /testpage.html for all these domains. i have teseed with single URI. it is working the comamnds are
config)# service serv1
(config-service[serv1])# ip address 192.168.1.5
(config-service[serv1])# keepalive type http
(config-service[serv1])# keepalive method head    ( get i have not used due to hash mismatch with apche server, if i use GET it is not working)
(config-service[serv1])# keepalive uri "/testpage.html"
(config-service[serv1])# active
It is working with single URI. but how can i do the same thing for multiple doamins ?
for multiple doamins do i need use script ? or can i use with commands ?
if i need to use script the script is
!no echo
! Filename: httptag-test
! Parameters: HostName WebPage HostTag
! Description:
!       This script will connect to the remote host and do an HTTP
!   GET method upon the web page that the user has asked for.
!   This script also adds a host tag to the GET request.
! Failure Upon:
!   1. Not establishing a connection with the host.
!       2. Not receiving an HTTP status "200 OK"
if ${ARGS}[#] "NEQ" "3"
        echo "Usage: httptag-test \'Hostname WebPage HostTag\'"
        exit script 1
endbranch
! Defines:
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set HostTag "${ARGS}[3]"
! Connect to the remote Host
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 80 tcp
! Send the GET request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Send the HEAD request for the web page
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "HEAD ${WebPage} HTTP/1.1\nHost: ${HostTag}\n\n"
! Wait for a good status code
set EXIT_MSG "Waitfor: Failed"
socket waitfor ${SOCKET} "200 OK"
no set EXIT_MSG
socket disconnect ${SOCKET}sh w
exit script 0
in the script i have not used GET becasue, when CSS send GET request to apache it use hash, but apache is not able to respond with same hash and it shows that website is down. more information- click below url
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdKeepC.html#wp1139668
(config-keepalive) method
I have uploaded in CSS with httptag-test file and applied these commands
service comp.brit.co.uk-80
keepalive port 80
ip address 192.168.1.5
keepalive frequency 10
keepalive maxfailure 2
keepalive retryperiod 10
keepalive type script httptag-test "192.168.1.5 /testpage.html www.abc.co.uk
keepalive type script httptag-test "192.168.1.5 /testpage.html www.xyz.co.uk
but this script is not working
my question is:
1.do i need use script only to setup http keepalvie with webpage for multiple domains ?
2.with out using script is there any solution like CICSCO CSS commands to setup http uril for multiple domains which are on 1 singl server.
please help me asap

Hello Muhammad,
If you wish to use multiple domains for a URI keep-alive check, and perform a HEAD request what Daniel mentioned is correct. You have to use a scripted keep-alive check on the service. However, you should not use the default "ap-kal-httptag" script to do so as it's limited to only 1 website (unless you modify the script). You're best bet would be using the "ap-kal-httplist" script on the CSS as it allows the checking of 2 different websites along with a webpage to check for each site using HTTP HEAD method.
!no echo
! Filename: ap-kal-httplist
! Parameters: Site1 WebPage1 Site2 WebPage2 [...]
! Description:
!    This script will connect a list of sites/webpage pairs. The
!   user must simply supply the site, and then the webpage and
!   we'll attempt to do an HTTP HEAD on that page.
! Failure Upon:
!   1. Not establishing a connection with the host.
!   2. Not receiving a status code 200 on the HEAD request on any
!      one site. If one fails, the script fails.
! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "LT" "2"
        echo "Usage: ap-kal-httplist \'WebSite1 WebPage1 WebSite2 WebPage2 ...'"
        exit script 1
endbranch
while ${ARGS}[#] "GT" "0"
        set Site "${ARGS}[1]"
    var-shift ARGS
    if ${ARGS}[#] "==" "0"
        set EXIT_MSG "Parameter mismatch: hostname present but webpage was not"
        exit script 1
    endbranch
    set Page "${ARGS}[1]"
    var-shift ARGS
    no set EXIT_MSG
    function HeadUrl call "${Site} ${Page}"
endbranch
exit script 0
function HeadUrl begin
! Connect to the remote Host
set EXIT_MSG "Connect: Failed to connect to ${ARGS}[1]"
socket connect host ${ARGS}[1] port 80 tcp 2000
! Send the head request
set EXIT_MSG "Send: Failed to send to ${ARGS}[1]"
socket send ${SOCKET} "HEAD ${ARGS}[2] HTTP/1.0\n\n"
! Wait for the status code 200 to be given to us
set EXIT_MSG "Waitfor: Failed to wait for '200' on ${ARGS}[1]"
socket waitfor ${SOCKET} " 200 " 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
function HeadUrl end
Rather then modify the default "ap-kal-httplist" script on the CSS I would simply define the arguments within the service configuration itself.   Something like the following (using your service example):
service dell-192.168.1.5
ip address 192.168.1.5
keepalive type script ap-kal-httplist "www.abc.co.uk /testpage.html www.xyz.co.uk /testpage.html"
active
As long as the server is configured to reply to host headers, and the page is configured to retuen a "200 OK" the above service configuration should work. If there are any errors simply run "show service " to view why there was a failure. If there is a failure, and the output from the command specified shows a line number run the following command against the script to view at what point (line) did the failure occur:
show script ap-kal-httplist line-numbers
Hope this helps!
- Jason Espino

ASA 5505 + ASA 5540 static VPN, ssh and rdp problems

Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.

Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
      match access-list rdp_ssh
policy-map global_policy
     class TCP_TIMEOUT
          set connection timeout idle 0:30:00
          set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful.

Security on the Cisco CSS

I have a Cisco CSS 11501s attached to a Cisco 6000. I am using the CSS in an on arm design, which is basically a router on a stick. The Cisco 6000 only provides layer 2 switching. It utilizes 1 Ethernet interface on a single vlan.
I configure 3 VIPs for client connection.
- VIP 1 for SSL
- VIP 2 is for the clear text traffic from the
VIP1/proxy list.
- VIP 3 is for redirecting clear text traffic from
the client.
- All VIPs use the same address, but differing
ports.
I have a source group for all outbound traffic to the server farm. I tried to block traffic to the clear text interface, but I blocked all traffic. Is there an issue with one security of VIPs in a one-arm design?
Any design ideas?
Thank you

Hi,
If I understand correctly, you want to block the traffic destined to the VIP which is actually meant for the back-end traffic with the server once it is off the proxy-list. I understnad you use the VIP2 for this purpose as per your question and is same as the client side IP range.
Here is the solution just use a config what is known as "full-proxy" configuration by Cisco on the CSS. To do this you would need two different IP ranges. One would be for your client side (the one resolved by dns) and the other could be a different IP range preferably the non-routable private ip rnage like 192.168.x.x for the back-end server segment. You will now pick-up a VIP from server segment and assign it in the proxy-list with the 'cipher' specs.
In essence, this way you wouldn't be forced using the same VIP range for the servers and for the clients as well. You can have a private range on the back-end. This prevents traffic being targeted to your server segment from the client segment in the clear http in your case.
thanks

Load balancing PPTP (Windows 2003) behind CSS 11500

I am wondering if you can load balance PPTP service (TCP port 1723 and GRE) behind CSS 11500, please let me know if anyone as experience with this setup.
Irfan
[email protected]

No. I dont think you can load balance PPTP service behind CSS 11500.

Implementing two cisco CSS 11154's in an ISP environment.

Hi All,
My boss has asked me to implement CSS11154's as redundant loadbalancers in our network. We are an ISP that hosts client machines.
My initial plan is as follows:
A quick example:
clientA has 3 webservers
clientB has 2 webservers
Both clients want to loadbalance http traffic on their webservers.
webserverA1 webserverA2 and webserverA3 are connected to switchA
webserverB1 and webserverB2 are connected to switchB
switchA is connected to ethernet port1 on a CSS11154
switchB is connected to ethernet port2 on a CSS11154
The CSS balances traffic addressed to VIP-A over IPADDR-A1, IPADDR-A2 and IPADDR-A3
The CSS balances traffic addressed to VIP-B over IPADDR-B1 and IPADDR-B2
this example is without the second CSS.
Then there is the with / without firewall part.:
I can create 2 vlans with the following config:
vlan1 ethernet port 1, 2, 3, 4, 5, 6 and 13
vlan2 ethernet port 7. 8. 9. 10. 11. 12 and 14
port 13 (Gigabit) is connected to our core-switch so clients connected to port 1 through 6 can loadbalance with an direct internet connection
port 14 (Gigabit) is connected to a switch behing a pix firewall..
This is all possible right?
The there is the redundancy part..
How do I get backup CSS to communicate with the active primary? is it possible through the management interface?
Could anyone tell me if this is a good setup, end if there are caveats in this plan.
Also maybe other things I must look at (software version etc)
Thanks in advance...
Bastiaan
ps I know I have to read more of the documentation before I start this, but this idesign plan is for presentation to my boss.

Hi,
Please see my answers inline begining with >>>>
Please be aware I can only give you conceptual information due to the lack of specifics.
clientA has 3 webservers
clientB has 2 webservers
Both clients want to loadbalance http traffic on their webservers.
webserverA1 webserverA2 and webserverA3 are connected to switchA
webserverB1 and webserverB2 are connected to switchB
switchA is connected to ethernet port1 on a CSS11154
switchB is connected to ethernet port2 on a CSS11154
>>>>No Problem
The CSS balances traffic addressed to VIP-A over IPADDR-A1, IPADDR-A2 and IPADDR-A3
The CSS balances traffic addressed to VIP-B over IPADDR-B1 and IPADDR-B2
this example is without the second CSS.
>>>>No Problem
Then there is the with / without firewall part.:
I can create 2 vlans with the following config:
vlan1 ethernet port 1, 2, 3, 4, 5, 6 and 13
vlan2 ethernet port 7. 8. 9. 10. 11. 12 and 14
port 13 (Gigabit) is connected to our core-switch so clients connected to port 1 through 6 can loadbalance with an direct internet connection
port 14 (Gigabit) is connected to a switch behing a pix firewall..
This is all possible right?
>>>> Cant see any problem
The there is the redundancy part..
How do I get backup CSS to communicate with the active primary? is it possible through the management interface?
>>>>No not a good idea. From what you have here it is better to use vip and interface redundancy. This uses a vrrp protocol which runs across the uplinks and downlinks . The 2 CSS need to be on the same layer 2 segment and does not require a dedicated interface. It also give you the ability to run in an active active state. Client A can be active on CSS A and Client B can be active on CSS B. If one of the switches fail then the other switch will take over for all services. One downfall of this is that you need to make sure one CSS can handle all the load in case of a failure.
I will send you a doco seperately that you can have a look at the redundancy methods.
Could anyone tell me if this is a good setup, end if there are caveats in this plan.
Also maybe other things I must look at (software version etc)
>>>Latest 5.00 train on CCO is a good choice.
Cheers
Phil
Cisco Systems

Cisco CSS 11500 and RDP

Similar Messages

Maybe you are looking for