LB redirection configuration ACE30
Hi,
I have two server farms and each includes two real servers on my ACE30. (See the basic
configuration below)
They have 2 VIP's. (10.10.10.101, 10.10.10.102)
One of them serves as http://vip1/path1/index.html
and the other serves as http://vip2/path2/index.html
My need is to define one more VIP (for example 10.10.10.100) and make a redirection to
appropriate server farm in according to url.
For example;
When user go to link http://vip3/path1 user must be redirected server farm1 (http://vip1/path1/index.html);
When user go to link http://vip3/path2 user must be redirected server farm2. (http://vip2/path2/index.html).
I don't know how to make this. If anyone help, it will be highly appreciated.
Thanks,
Ferruh
access-list ALL line 16 extended permit ip any any
probe tcp HTTP
interval 5
faildetect 2
passdetect interval 10
passdetect count 2
open 3
rserver host SERVER1
ip address 10.10.10.10
inservice
rserver host SERVER2
ip address 10.10.10.11
inservice
rserver host SERVER3
ip address 10.10.10.12
inservice
rserver host SERVER4
ip address 10.10.10.13
inservice
serverfarm host SF1
predictor leastconns
probe HTTP
rserver SERVER1
inservice
rserver SERVER2
inservice
serverfarm host SF2
predictor leastconns
probe HTTP
rserver SERVER3
inservice
rserver SERVER4
inservice
class-map match-all VIP1
2 match virtual-address 10.10.10.101 tcp eq www
class-map match-all VIP2
2 match virtual-address 10.10.10.102 tcp eq www
class-map type management match-any mgmt-cm
2 match protocol https any
3 match protocol icmp any
4 match protocol snmp any
5 match protocol ssh any
policy-map type management first-match mgmt-pm
class mgmt-cm
permit
policy-map type loadbalance first-match TEST-SERVERS1
class class-default
serverfarm SF1
policy-map type loadbalance first-match TEST-SERVERS2
class class-default
serverfarm SF2
policy-map multi-match TEST-POLICY
class VIP1
loadbalance vip inservice
loadbalance policy TEST-SERVERS1
loadbalance vip icmp-reply
class VIP2
loadbalance vip inservice
loadbalance policy TEST-SERVERS2
loadbalance vip icmp-reply
interface vlan 10
description "VLAN in bridged mode."
bridge-group 1
access-group input ALL
service-policy input mgmt-pm
service-policy input TEST-POLICY
no shutdown
interface vlan 20
description "LOADBALANCE VLAN on the bridge."
bridge-group 1
access-group input ALL
no shutdown
interface bvi 1
ip address 10.10.10.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Hi Ferruh,
In this situation, you have two possible ways to approach your setup
The first one, which is the one I would personally recommend would be configure this new vip with a L7 configuration and directly load-balance the traffic to the correct serverfarm. The configuration would be similar to the one below (I'm only putting the parts that are either new or modified):
class-map type http loadbalance match-all URL1
2 match http url /path1/*
class-map type http loadbalance match-all URL2
2 match http url /path2/*
policy-map type loadbalance first-match TEST-SERVERS3
class URL1
serverfarm SF1
class URL2
serverfarm SF2
policy-map multi-match TEST-POLICY
class VIP1
loadbalance vip inservice
loadbalance policy TEST-SERVERS1
loadbalance vip icmp-reply
class VIP2
loadbalance vip inservice
loadbalance policy TEST-SERVERS2
loadbalance vip icmp-reply
class VIP3
loadbalance vip inservice
loadbalance policy TEST-SERVERS3
loadbalance vip icmp-reply
The second alternative is configuring the same kind of URL matching as before, but instead of load-balancing directly, redirecting the traffic to one of the other two VIPs. In this case, the configuration would be:
rserver redirect redirect_server1
webhost-redirection http://vip1/path1/index.html
inservice
serverfarm redirect redirect_farm1
rserver redirect_server1
inservice
policy-map type loadbalance first-match TEST-SERVERS3
class URL1
serverfarm redirect_farm1
class URL2
serverfarm redirect_farm2
I hope this helps
Daniel
Similar Messages
-
Folder redirection configured in GPO does not create Documents folder and does not redirect
Hi
Another Folder Redirect-post - sorry for that, but I could not find an answer for my problem so far: even with consulting many threads here...
We have an existing environment under Windows XP and want to move away from that. Now I ran into troubles with folder redirection...
The following folder- and permission structure exists so far:
\\<server>\<Users$-share>: This is the base folder for all users-directories
-> Permissions: SYSTEM: Full / Administrators: Full / Users: Read&Execute, only this folder
-> Share-permissions: Authenticated users: Full control
\\<server>\<Users$-share>\<username>: base folder for the specific user
-> Permissions: SYSTEM: Full / Administrators: Full / User: Change, all permissions inherited onwards
-> Giving only change permission prevent further problems with self-called "advanced users"... ;-)
\\<server>\<Users$-share>\<username>\profil.V2: Profile directory of the user
-> Of course here the permissions are set by the system: override the predefined permission
\\<server>\<Users$-share>\<username>\daten: Atcual Home directory of the user
\\<server>\<Users$-share>\<username>\daten\Documents: Suposed Documents directory of the user
Now I am going to Server 2012 and Windows 8.1, configured the GPO to redirect Documents folder into the above mentioned:
GPO - User configuration - Policies - Windows settings - Folder Redirection - Documents:
Setting: Standart - redirects all folders to the same path
Destination folder: Copy to base directory of the user
I apply policy to the user, log out and in - it doesn't work, no folder Documents created in my home-folder, Folder Documents still configured at C:\Users\<user>\Documents
A very special point:
I also do Redirection of the My Pictures-folder: Define it to follow the Documents folder. Funnily that one works and creates and configures \\<server>\<Users$-share>\<username>\daten\Pictures
-> So in my eyes, it should work!
Then: I want to do the folder redirection without Offline Files, due to the fact, that our users work with dynamically assigned virtual desktops, which are been cleaned everytime a user logs off a machine. Therefore synchronizing doesn't make sense...
I just cannot see, why this redirection does not work :-(
Thank you very much for any help!
Kind regards
DavidHi David,
Before going further, would you please let me confirm the OS version of the Windows Server which you used to
configure folder redirection? Based on your description, did you mean that those users (who will be applied folder redirection settings) logged on Windows XP client computer?
When you configure the folder redirection setting in Document Properties (path:
User Configuration-> Policies-> Windows Settings-> Folder Redirection-> Documents), please check if you checked “Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating system” in Settings
tab. As below picture shows.
à
GPO - User configuration - Policies - Windows settings - Folder Redirection - Documents:
à•Setting: Standart
- redirects all folders to the same path
à•Destination
folder: Copy to base directory of the user
Would you please provide a screenshot of those settings you describe? Meanwhile, please summarily describe
that how you configure. For example, where this GPO link to? Or any other. It will help me to understand clearly. Thanks for your understanding.
In addition, please use
gpresult command to check if the folder redirection group policy was really applied.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
Permissions are not working after HTTP redirect configured.
Hello,
I have configured HTTP redirect in IIS Manager from root site to sub site. The users have to be redirect from roo tsite to
sub site
I have full rights for root site, but when I get to sub site I can only see documents, but all options are grey out. So I have limited access.Hi,
For your question, you could check the account in the top right corner beside site setting icon.
As I tested, I configured HTTP redirect via IIS manager as the screenshot below.
http://sp:19073 is the url of root site, and subsite's url is
http://sp:19073/subsite/_layouts/15/start.aspx#/SitePages/Home.aspx .
Let me know if you are using a different approach to configure HTTP redirect.
Regards,
Rebecca Tu
TechNet Community Support -
How do I configure ACE30 to allow server to server and server to VIP communications
I have a ACE30 with 2 client vlans and 2 server vlans in a 2-arm routed mode. I want to allow server initiated traffic from either server vlan to access both client vlans via a VIP and also allow server to server traffic between the 2 server vlans via the server IP address. This is all in a single context. Attached is a diagram of the environment. The server's gateway is the ACE interface for that particular vlan.
so servers on vlan 206 will initiate traffic to either vlan 296 or 298 and therefore load balance to servers on either vlan 206 or 216. same goes for server vlan 216.
In conjunction with that how do i configure the ACE so that the servers in one vlan can talk to the servers in the other via directly via their IP address. for instance the source would be vlan 206 and the destination would be vlan.
Thank you
Tony.Chris, does this look correct based on your description of how to configure:
class-map match-all REAL-SERVERS-VL226
2 match source-address 10.192.34.0 255.255.255.0
class-map match-all REAL-SERVERS-VL246
2 match source-address 10.192.44.0 255.255.255.0
policy-map multi-match INTRA-server_P
class LYNCP2F_C
loadbalance vip inservice
loadbalance policy LYNCP2F_P
loadbalance vip icmp-reply active
nat dynamic 5 vlan 246
class LYNCP-FE_C
loadbalance vip inservice
loadbalance policy LYNCP-FE_P
loadbalance vip icmp-reply active
class REAL-SERVERS-VL226
nat dynamic 1 vlan 226
class REAL-SERVERS-VL246
nat dynamic 2 vlan 246
interface vlan 226
description Intranet Services Server Vlan 226
ip address 10.192.34.2 255.255.255.0
alias 10.192.34.1 255.255.255.0
peer ip address 10.192.34.3 255.255.255.0
no icmp-guard
access-group input ALL-IN
nat-pool 1 10.192.34.254 10.192.34.254 netmask 255.255.255.0 pat
service-policy input INTRA-server_P
no shutdown
interface vlan 246
description Intranet Services Server Vlan 246
ip address 10.192.44.2 255.255.255.0
alias 10.192.44.1 255.255.255.0
peer ip address 10.192.44.3 255.255.255.0
no icmp-guard
access-group input ALL-IN
nat-pool 2 10.192.44.254 10.192.44.254 netmask 255.255.255.0 pat
service-policy input INTRA-server_P
no shutdown
interface vlan 292
description Intranet Services Client Vlan 292
ip address 10.192.8.4 255.255.254.0
alias 10.192.8.6 255.255.254.0
peer ip address 10.192.8.5 255.255.254.0
mac-sticky enable
no icmp-guard
access-group input ALL-IN
no shutdown
interface vlan 294
description Intranet Services Client Vlan 294
ip address 10.192.6.4 255.255.254.0
alias 10.192.6.6 255.255.254.0
peer ip address 10.192.6.5 255.255.254.0
mac-sticky enable
no icmp-guard
access-group input ALL-IN
no shutdown -
URL-Redirect configuration differences
Hi,
I'm currently in the process of configuring a pair of 11506's, as part of the installation I'd need to configure a number of URL re-directs (http to https), I (thought) I'd the configuration in place, but looking at some documentation on cisco.com there appear to be a No. of ways to re-direct traffic, the first, which I've written up, is to use content rules for the VIP termination, and for traffic requiring re-direction, point the content rule to a separate re-direct service, thus for each re-direct, we require a content rule and a re-direct service.
Looking at some documentation earlier, it appears I can also use a content rule re-direct, and simply within the content rule, apply the re-direct statement, this removing the need for a separate re-direct service for each content rule.
Whilst I'm happy to run with the original configuration I've applied, what are the differences between the 2 re-direct configurations? Are there any?
Thankshere is a link describing all the different ways
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml
for http to https you need service in order to rewrite the domain with https.
Gilles. -
Https and virtual host redirect configuration
Hello,
IAS10EE
Only one of a number of mod pl/sql applications needs to be available from the internet via https - https certificate has been installed and is working.
I've amended the default ssl.conf to try to redirect all https traffic to the one application see below
<VirtualHost *:443>
# added
ServerName portal.tw.com
ServerAlias portal.tw.com
Options +FollowSymLinks
DocumentRoot "/opt/ris/apex"
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}/pls/apex/f?p=103:101 [R=301,L]
RewriteLog /opt/ris/log/rewrite.log
## end add
Problem is that I cannot get a https://portal.tw.com to display when the rewrite rule is in
When taking out the rewrite all DADs are accessible which I do not want!
I cannot see any log entries in access_log, error_log, ssl_request_log that hints/explain the error
Has anyone any ideas how to modify above to get it working or how to troubleshoot this?
Many thanks
PeteThanks for your reply
in the access_log and ssl_request_log I can see that the page is being requested
so the redirect 301 is working but no page is sent back to the browser, the browser sort of hangs. I suspect the rewrite rule is missing something - Any ideas that I can try?
Thanks
Pete
Looking in ssl_request_log -
UNKNOWN SSL_RSA_WITH_RC4_128_MD5 "GET /pls/apex/f?p=103:101 HTTP/1.1" 395
an entry like this every second
Looking in current access_log*
[07/Nov/2006:00:12:20 -0800] "GET /pls/apex/f?p=103:101 HTTP/1.1" 301 395
an entry like this every second -
The question topic sums it up - after a recent upgrade one website stopped working properly in FF, even in Safemode, redirecting to subsection instead of opening main page. When I use IE Tab or IE, website opens fine.
No, the problem is resolved. The Spry gallery portion of
LyndaEllis.com works in IE6 and IE7 now that I've switched from my
original hosted web server at Earthlink/Mindspring (i.e. which
responded with 302 redirects on "resource not found") to my new web
hosting provider as I described in the original post. Just to be
clear, I changed nothing in Spry or in my HTML; I only had to work
around the HTTP client behavior of IE by ensuring that 302
redirects were not returned by the web server when non-existent
resources were requested by the browser.
But, I am still curious why both IE and Firefox make the
request for the unsubstituted variable in the first place. I'm also
curious as to why IE's JS engine just gives up when the 200 status
"branded error" pages are returned. I suppose it should just be
chalked up to the idiosyncrasies of Earthlink's httpd configuration
and Microsoft's screwy browser. Perhaps someone who works in the IE
JavaScript engine at Microsoft will read this and get Spry apps in
IE to work for the "302 redirect" configuration. -
Step by step to disable Folder Redirection for a single user - Windows 7 and SBS 2011 Essentials
OK...I got chewed (by someone I have a lot of respect for) for pounding on an old thread, so I'm starting a new one. I've got the Windows 7 Value Pack Plugin for SBS 2011 Essentials and Folder Redirection is working for everybody. What I'm looking for is
exactly how to go into Group Policy and disable the FD for a single user. I'm not looking for quick, incomplete answers. If you don't have time to give me the 'For Dummies' version, don't bother. Sorry, but I've done all the Googling I can stand for one day
and I'm over it! (and a little grumpy)
Thanks in advance!
Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP... I've got the Windows 7 Value Pack Plugin for SBS 2011 Essentials and Folder Redirection is working for everybody. What I'm looking for is exactly how to go into Group Policy and disable the FD for a single user. I'm not looking for quick, incomplete
answers....
Hi Wayne,
Here's what I'd do.
1) create a Security Group in your AD environment. Call it 'Folder Redirection Members' or something like that. Put all the user accounts in your AD environment who you want to have their folders continue to be redirected to the server, do not include the
one user who you wish to exclude. in other words, you're going to use a specific security group to target the Folder Redirection policy (right now, it's Domain Users, which is everyone).
2) Edit the Group Policy that the W7PP created in your AD environment. It's likely called "W7PVP Folder Redirection". Start with verification under the Settings tab, expand Folder Redirection beneath User Configuration states that
Policy Removal Behaviouris set to Restore Contents. Then proceed using the Editor, to make adjustments under the Scope tab; verify membership in Security Filtering. Remove Domain Users,
add in Folder Redirection Members (or whatever you named your group in step 1).
3) on your workstation that your user you are applying the change to disable folder redirection, Log on to the domain account while connected to your network, elevate a command prompt, and perform a 'gpupdate /force' command and then reboot your computer.
Folder redirection configuration should be removed from the system and redirected contents should be restored back to your local path. Verify with inspection of the My Documents or other folders.
Hope this helps. Keep in mind, no warranty implied or expressed in this advice.
Try not to be so darn grumpy. :-/
Jason Miller B.Comm (Hons), MCSA:Win7, MCITP, Microsoft MVP -
I configured ACE30-MOD-K9 in bridge mode and I configured a server farm with his real servers. The traffic passes and is balanced correctly between all RSERVER. But I can not contact a server that is on the same vlan of the serverpharm but doesn't belong at this serverfarm.
I Thought that the traffic directed to this "spare" server shouldn't be balanced but the bridge should permit traffic to pass. (trasperent mode) Is it correct ?
What does ACE in bridge mode with traffic directed to servers that do not belong to any server farm but are present on the same VLAN (same bridge group)?
In rispect at the following configuration 10.10.10.168 isn't reacheable
access-list INBOUND line 8 extended permit ip any any
access-list INBOUND line 16 extended permit icmp any any
probe http HTTP_PROBE1
expect status 200 200
rserver host RS_WEB1
ip address 10.10.10.163
inservice
rserver host RS_WEB2
ip address 10.10.10.164
inservice
rserver host RS_WEB3
ip address 10.10.10.165
inservice
rserver host RS_WEB4
ip address 10.10.10.167
inservice
serverfarm host SF_FIREGROUP
rserver RS_WEB1
inservice
rserver RS_WEB2
inservice
rserver RS_WEB3
inservice
rserver RS_WEB4
inservice
sticky ip-netmask 255.255.255.255 address source sticky-ip
replicate sticky
serverfarm SF_FIREGROUP
sticky http-cookie myCookie sticky-cookie
cookie insert browser-expire
serverfarm SF_FIREGROUP
class-map match-any VS_FIREGROUP
2 match virtual-address 10.10.10.169 tcp eq www
4 match virtual-address 10.10.10.169 tcp eq 8081
5 match virtual-address 10.10.10.169 tcp eq 8082
6 match virtual-address 10.10.10.169 tcp eq 8083
7 match virtual-address 10.10.10.169 tcp eq 8084
8 match virtual-address 10.10.10.169 tcp eq 8085
9 match virtual-address 10.10.10.169 tcp eq 8097
class-map match-any VS_FIREGROUP_HTTPS
2 match virtual-address 10.10.10.169 tcp eq https
policy-map type loadbalance first-match HTTP
class class-default
sticky-serverfarm sticky-cookie
policy-map type loadbalance first-match HTTPS
class class-default
sticky-serverfarm sticky-ip
policy-map multi-match HTTP_HTTPS_MULTI_MATCH
class VS_FIREGROUP
loadbalance vip inservice
loadbalance policy HTTP
loadbalance vip advertise active
class VS_FIREGROUP_HTTPS
loadbalance vip inservice
loadbalance policy HTTPS
loadbalance vip advertise active
interface vlan 4
bridge-group 1
access-group input INBOUND
service-policy input HTTP_HTTPS_MULTI_MATCH
no shutdown
interface vlan 700
bridge-group 1
access-group input INBOUND
no shutdown
interface bvi 1
ip address 10.10.10.150 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Thanks a lot
FrancescoHi Francesco,
Just to add more a bit, A bridge group is very similar to routed mode except ACE cannot NAT pass through traffic, vlan's cannot be shared and couple of other things but client's should be able to access the server as in before.
But also whether in bridge or routed mode, ACE does create flows and applies other security parameters if configured to the traffic. This is for security. Also, ACE should know the MAC of the device to forward the traffic to. Can you check if ACE has the MAC of the destination? You can also put a route for testing purpose and see if that resolves the issue. That should probably be the quickest way to check if ACE is creating any issue here.
Regards,
Kanwal -
We have a ACE redirect configured on 3 physically seperate ACE modules with the following config. It works on one ACE Module and not on the other 2.
Capture on the ACE and sniffer gives this error.R [bad tcp cksum 2d41!] ACE sends resets to the client. Anyone run into this issue?
The software version is system: Version A2(1.0a) [build 3.0(0)A2(1.0a)
rserver redirect Test
webhost-redirection http://www.test.com
inservice
serverfarm redirect Test
rserver Test
inservice
class-map match-any Test
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match Test
class class-default
serverfarm Test
class Test
loadbalance vip inservice
loadbalance policy Test
loadbalance vip icmp-reply activeSorry maybe I didn't explain what I was getting at good enough...
I guess I'm basically asking if there's potential for asymmetry at the site that's not working.
For example.
Say I have a load balanced server. It has two interfaces a "front end" and a "back end". I manage the server on the backend from my laptop, for which the server has a route. Now if I try to hit the public VIP of the LB, traffic is routed to the VIP, then to the server, but because the server already has a route to my laptop via the backend, it bypasses the load balancer on the return and replies directly to me, thus putting the flow out of sync and never completing the connection...
Not saying that's it, but I've had so many asymmetry issues that are tough to figure out that It's usually one of the first things I rule out...
It's possible if the site that's not working is local to you and the others aren't, this may be a potential issue?? -
Redirected folders show UNC path in address bar
Hi,
I'm using folder redirection for our user accounts and have redirected the Documents, Music, Pictures and Videos. The redirection process work fine apart from the fact users can go into any of these folders then click in the address bar and see and navigate
the whole UNC file path.
For example, when I logon: I can click on my name on the start menu and go into the 'My Music' folder. In the address bar I can see
Matt Courtman > My Music but if I then click into the address bar this changes to the path of the redirected folder -
\\server\usershare$\mcourtman\music this then allows them to have a look around the server, although they can't access anyone elses data.
Can this be stopped?
Many thanks, Matt
Matt Courtman, Network Manager, Cromwell Community College, UKHi,
Did this issue occur on all accounts?
I would like to suggest you re-configure folder redirection to check what the result is:
How to Configure Folder Redirection
Configuring Folder Redirection: Group Policy
Good luck.
Alex Zhao
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
hi guys:
We have firewall that connect to the internet.We also have a 6509 switch connect to the internal lan. The client PC,6509 interface and firewall are on the same subnet. Client's gateway is on 6509. When client try to access internet, the 6509 switch should send icmp redirect to client telling them to go to firewall for internet access. However,I've found that some client were not receiving icmp redirect,therefore internet traffic send to 6509 then to fireawll.From the 6509 debug we saw it sending icmp redirect once or twice per second.Is this a security feature to prevent msfc from DOS attack?If so is there any way yo override it?Thanks for help.
regardsdo you just have the pix and pc connected to the same subnet and have the pc default gateway point to the MSFC and have the MSFC default gateway point to the pix??
this would allow for the pc to get to the internet and the icmp redirect sent to the pc to inform it of the better route.
how is your icmp redirect configured? can you post configuration of switch/msfc?
do you have 'no ip redirects' command configured on the MSFC SVI for the pc vlan? if so, use the 'ip redirects' command on the MSFC SVI (vlan) that the pc connects to.
this will allow the MSFC SVI to be able to send icmp redirects.
please see the following link for more info on icmp redirects:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml -
GPO Folder redirection using Powershell
Dear,
how can i configure a gpo for Folder Redirection using powershell.
I would like to create gpo's with all kinds of folder redirection configurations using a script.
DavyHi,
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Regards, Yan Li -
Hello expert,
I'm just wondering whether we can set a maximum number of incoming connections on ACE?
In such a way, if the limit is reached, users who still trying to access the website will be prompted with some kind of warning message. like
"system is busy, try again later"
please let me know. Thanks.
Sincerely,
AndrewHello Andrew,
Mmm, maybe you can take a look of this link:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/rsrce.html
Perhaps you can assign some specific resources for connections but it will be good to check this your Cisco SE.
On the rserver level, we have the following:
Configuring Real Server Connection Limits
To prevent a real server from being overburdened, you can limit the maximum number of active connections to the server. You can set the maximum and minimum connection thresholds by using the conn-limit command in either real server host or real server redirect configuration mode. The syntax of this command is as follows:
conn-limit max maxconns min minconns
The keywords and arguments are as follows:
•max maxconns—Specifies the maximum allowable number of active connections to a real server. When the number of connections exceeds the maxconns threshold value, the ACE stops sending connections to the real server and assigns the real server a state of OUTOFSERVICE until the number of connections falls below the configured minconns value. Enter an integer from 2 to 4294967295. The default is 4294967295.
•min minconns—Specifies the minimum number of connections that the number of connections must fall below before sending more connections to a server after it has exceeded the maximum connections threshold. Enter an integer from 2 to 429496729. The default is 4294967295. The minconns value must be less than or equal to the maxconns value.
Obviously the ACE cannot send messages like that, you can combine perhaps the configuration above with a backup serverfarm or something like that.
Do not hesitate to let us know your feedback and mark it if it is useful for you
Hope these details help.
Jorge -
Guest users not getting IP address
I am setting up Cisco wireless along with ISE 1.3 for guest wireless. The client is going to use the self-registration portal for guest wireless users. I followed this Cisco doc to configure the self-registration portal:
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configure-ise-00.html
I tested this in my home lab and everything works fine. However, at the client users are not getting IP addresses from the DHCP server. This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address. I have looked what I configured at home and the client and everything looks the same. In the back of my mind, I feel something is missing, but I can't figure out what it is.
Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.
Let me know what information you need and I will post it.
TIA,
DanHello,
Some verifications below :
Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
The scenario is Local Switching or Central Switching ?
Regards
Maybe you are looking for
-
JMS JDBC store failed to open after switched to a different database machine
Hi, I'm running WebLogic 6.1 sp3/Oracle 8.1.6 and I configure the JMS JDBC store for persistent messaging. I was working fine until I switched to use a different database machine which has the same software con
-
HP Deskjet 2540 won't print in color.
I just recieved my HP Deskjet 2540 and I can not seem to print in color. I do have a MacBook Air. I am very lost and do not know where to exactly start to even attempt to try to troubleshoot it on my own. Please help!
-
Which rMBP for my needs? 13" or 15" rMBP
Hi, I've read several threads and articles and can't seem to find any reviews for folks w/ a similar setup. Most reviews are for a the laptops themselves but I'm curious if anyone can chime in on the performance when connected to a 27" Apple display
-
I wanted to buy a Dragon ,Speech Recognition Programme for Mac but it says its for OS Lion, and I have OS Snow Leopard. Would it have worked on Snow Leopard?
-
Need help hooking up an old laser printer to my wireless router
I have an old HP Laserjet4 Plus that has been a workhorse. I've had it for years and it still works great. Previously I was using it as my network printer, plugged into a WRTP54G Linksys Vonage router. That setup worked fine, but over time the router