RAID, clients, switch and LUN masking

Similar Messages

• Lun Masking

  Hello
  I have an xserve raid (firmware 1.5.1/1.5.1.c) configured with 3 slices and Lun Masking which 3 xserves connect to. They are all attached to a qlogic fc switch.
  Recently the company bought 2 more servers to support another area and they need them to mount 2 of the slices. I added the WWN to the corresponding zoneset in the switch, and added the WWN to the lun masking configuration (using raid admin 1.5) and i got the volumes mounted in the new servers.
  The next day i recieve a phone call asking me to switch the volumes from the servers, slice 2 to server 4 and slice 1 to server 5. After making the appropiate changes in server admin and rebooting the servers the volumes in both servers would not mount. In Disk Utility i can see the volume and the corresponding raid slices, however Disk Utility tells me they are degraded and that i should run first aid on the disk. The first aid does nothing to get the volume mounted on the servers.
  If i put the lun masking settings back (slice 1 to server 4) it mounts without a problem. Is there a cache on the lun masking settings? Is it the firmware version? a downgrade and upgrade perhaps?
  If anyone has encountered something similar, any help would be appreciated.
  Thanks!
  Raul Basurto Rosenzweig

  Hello William
  I did reboot the hosts. At least the 2 i'm trying to get the volume to mount. The other 3 server that also use that raid, i can't reboot them, at least not during the daytime, since they are in production.
  I did reboot the raid and the hosts.

• LUN masking and zoning question.

  Hi all,
  If my storage array presents a number of LUNs/LDEVs down two physical fibre cables which are outputs from the primary and secondary controllers, and those two cables are ports on the MDS switches, do you need to know the LUN number as it was created on the array?
  I read the Fabric Manager Configuration Guide and it talks about LUN masking at the array. It says to check the Check LUN box. I have not tried this so I was wondering if the LUNs on the array will appear for me to select. If there are say 8 LUNs presented (4 primary and 4 secondary), are they visible when using this option?
  I have a fair sized number of new blades with HBA's with dual ports that need to connect to a large HP array. The setup will be one path goes from a 9216 to a 9509 via port channels (and another path through a similiar setup) to the HP array which will be presenting LUNs through LUN masking to the individual WWN's of the blade HBAs ports. There will be literally hundreds of LUNS coming out of the array so if they are presented in Fabric Manager, it would make my life easier especially when the array is looked after by HP and they might not be around when I start configuring the SAN.
  Thats the joy of outsourcing.
  Any help would be very welcome.
  Regards
  Stephen

  Finding out what LUNs are available is done via SCSI commands INQUIRY and REPORT_LUNS. In general, having the MDS discover the luns is not done since the MDS does not need to know. The end devices that are zoned and configured in the array's LUN security will need to know and they will use the two above frames to find this info out. The check luns checkbox that you reference is when doing LUN zoning (which is part of Enterprise license). In fact, the manner in which we are able to zone based upon a LUN is by trapping and manipulating the REPORT_LUNS frame. A generic implementation is to simply zone an initiator and a target via their PWWN's. Then, in the array, there is a security mechanism that allows the PWWN of a device to access a particular LUN. That LUN is then associated with a particular volume of disk space. However, we offer the capability to zone with the granularity of the LUN/PWWN combination if you so desire it.

• LUN masking and mapping in Nexus 5548up OS 5.1(3)N2(1)

  Hi,
  I just like to know how we can do Boot LUN Masking for ESXi Host in nexus 5548 ,  that only use by specific host and other host cannot see it.

  If you are looking for MDS like LUN zoning, Nexus 5000 does not support it. You will need to configure LUN masking on your storage array

• Trying to Disable LUN Masking under 1.5.1

  Hi,
  I have an Apple XServe Raid with 7x750Gb drives. The array is configured with three slices which would mean three LUNs. Even though Lun Masking is no longer an option in 1.5.1 it still shows up as enabled on the XServe Raid. Non of the luns are visible to the connected host. There is no switch involved.
  How can I disable Lun Masking under 1.5.1?
  Thanks,
  Jason

  Hello nosajesahc, and welcome to the Appleboards,
  Do you have a copy of the the Admin Tool version 1.5? LUN Masking was present in that version of the tool and think you should be able to turn it off and the resume using the current version.
  HTH,
  =Tod
  http://www.apple.com/support/downloads/xserveraidadmintools15.html

• Xserve raid brocade switch, do I need xsan for multiple xserve raid with one gbic hba?

  So I have 3 xserve raids.  I would like to mount all 6 volumes on a single server with a 2 port hba. I have a brocade silkworm 3200, however the raid volumes will not mount.  The only thing I can think of is do i need xsan to accomplish this?  Initially I gathered it would be like additional resources on a normally data switch bu that does not seem to be the case.
  Thanks in advance for any assistance.

  No, you don't need XSAN for this. XSAN is for connecting one or more RAID units to more than one host. Since you only have one host, XSAN isn't an issue.
  You may need to look more closely at the switch configuration. Mac OS X doesn't support multipath (at least last time I checked), so you'll need to make sure that you're either using just one link from the server, or that you've setup zoning in the switch so that each link from the server sees a subset of the RAID volumes (e.g. three RAID volumes mapped to each link to the server).
  You may also need to check the RAID configurations to make sure you're not using LUN masking (a feature of earlier firmware versions).
  One test here would be to connect the server directly to each RAID controller in turn and see if you see the appropriate volumes. The chances are you do, which points back to the switch configuration being the issue.

• Replacement for LUN masking

  Hello,
  I currently have an Xserve RAID with 14x400GB drives running firmware 1.5/1.50f. Each side is a RAID5 array split into two LUNs (total four LUNs). I have a Qlogic SANbox 1400 fibre channel switch, and each LUN is attached to four computers (1 Leopard, 1 Ubuntu, 2 Windows). I use LUN masking to make sure each computer can only mount the appropriate LUN.
  Anyways, I'm considering upgrading to firmware 1.5.1 for 750GB drive support, but I understand the RAID Admin tool no longer supports LUN masking (though the firmware on the XRAID seems to).
  My question is, how do I use Zoning on the Qlogic switch as a replacement for LUN masking? I often see Zoning mentioned as a substitute for LUN masking, but I can't figure out how to zone down to the LUN level. I can create a zone that include the WWPNs of the HBA and the Xraid controller, but not down to the LUN level. The result is that the computers have access to LUNs they shouldn't.
  What am I missing? Is the Qlogic 1400 incapable of this?
  Thanks!

  I have sliced the LUNs.
  I've come across a small number of other posts suggesting the same thing - upgrade the firmware to 1.5.1 and use the old 1.5 tool for LUN masking administration. I'm OK with this if it does indeed work, I just don't want to experiment with production storage

• So, what happened to LUN Masking

  I noticed in the release notes for the new firmware update (1.5.1) for the Xserve RAID that LUN masking has been removed from the RAID Admin utility...
  And low and behold... yup... it's not in the admin utility anymore... anywhere...
  So, what's with the removing of a pretty important feature with a minor revision?
  everything...   Mac OS X (10.4.8)  

  I'm not sure what your IT background is, but LUN masking in a storage environment is NOT an advanced feature, and the concept of hardware RAID is common in any serious server platform.
  "Advanced" need not equate to complexity, enter Apple.
  Regardless, it is simply unacceptable to remove a core functionality you've provided since the inception of a product with no advance notification that said functionality is going to be removed, and no documentation other than "Removed LUN Masking from Advanced tab" when it does happen.
  So Apple needs to charge $1.99 to enable previously shipped Core 2 Macs to use Wireless-N, in order to comply with Sarbanes-Oxley. Okay, fair enough. So how much $ is Apple going to give back to me per Xserve RAID that my company has purchased, since we paid for functionality that they're now taking away? Just some food for thought.
  And yes, I have notified both my enterprise account rep and my field engineer of my disatisfaction with this issue. I'm an Apple fan-boy, and even I think this is ridiculous on Apple's part.

• LUN masking on or off?

  Hello, may be this is stupid question.
  Since yesterday, I used only one disk array on the right side of XServe Raid. I created raid5 array on left side, but this array is not visible on my xserve. New array is online and I have last firmware on both controllers also. How can I arrange this? I tried it with LUN Masking enabled and disabled on both controllers, but was not successful. XServe RAID is connected to xserveG4 only - both fiberchannel cables are connected to one machine. Enclosure is first generation XServe RAID.
  Thanks for info.
  Leos

  Have you tried shutting everything down and powering up your XServe G4 first, then once it's up powering up your RAID? Or vice versa? It tends to get moody if you don't do it in the right order.

• DHCP config in switch and router

  Hi,
  I was wondering if we can configure dhcp in switch and routers such that the IP of device assigned with IP address would change if we assign same static IP to another device in the same network. does cisco support such kind of configuration?
  Thanks,
  Vish

  Consider this (I will not use in a production network): if you statically assign the IP add 192.168.1.1. to the PC both host will detect a uplicate ip address. After this the first host (the one using DHCP)  will not renew the lease, instead it send a:
  DHCPDECLINE - Client to server indicating network address is already
  in use.
  DHCP server will  offer a new IP address and put the old one in the conflict database.
  If you set a very short lease in some way you have the desired behavior but, again, it's nothing I wolud like to use ina production network
  A little test with lease 1mnute
  *Mar  1 01:31:01.183: DHCPD: DHCPDECLINE received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  *Mar  1 01:31:01.187: DHCPD: Sending notification of TERMINATION:
  *Mar  1 01:31:01.187:  DHCPD: address 192.168.123.7 mask 255.255.255.0
  *Mar  1 01:31:01.191:  DHCPD: reason flags: DECLINE
  *Mar  1 01:31:01.191:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.195:   DHCPD: lease time remaining (secs) = 57
  *Mar  1 01:31:01.195: DHCPD: returned 192.168.123.7 to address pool DP.
  *Mar  1 01:31:01.199: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict:  client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 declined 192.168.123.7.
  *Mar  1 01:31:01.207: DHCPD: Sending notification of DISCOVER:
  *Mar  1 01:31:01.207:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.211:   DHCPD: remote id 020a0000c0a87b0100000000
  *Mar  1 01:31:01.211:   DHCPD: circuit id 00000000
  *Mar  1 01:31:01.215: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
  *Mar  1 01:31:01.219: DHCPD: Seeing if there is an internally specified pool class:
  *Mar  1 01:31:01.219:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:01.223:   DHCPD: remote id 020a0000c0a87b0100000000
  *Mar  1 01:31:01.223:   DHCPD: circuit id 00000000
  *Mar  1 01:31:01.223: DHCPD: Allocate an address without class information (192.168.123.0)
  R1#
  R1#
  *Mar  1 01:31:03.227: DHCPD: Adding binding to radix tree (192.168.123.8)
  *Mar  1 01:31:03.227: DHCPD: Adding binding to hash tree
  *Mar  1 01:31:03.231: DHCPD: assigned IP address 192.168.123.8 to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  *Mar  1 01:31:03.235: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
  *Mar  1 01:31:03.239: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.
  *Mar  1 01:31:03.267: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
  R1#
  *Mar  1 01:31:03.271: DHCPD: Sending notification of ASSIGNMENT:
  *Mar  1 01:31:03.275:  DHCPD: address 192.168.123.8 mask 255.255.255.0
  *Mar  1 01:31:03.275:   DHCPD: htype 1 chaddr c202.1d24.0000
  *Mar  1 01:31:03.279:   DHCPD: lease time remaining (secs) = 60
  *Mar  1 01:31:03.279: DHCPD: No default domain to append - abort update
  *Mar  1 01:31:03.283: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
  *Mar  1 01:31:03.283: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.

• Lun Masking limited to 8 WWWN's?

  I have a couple 7TB xServe RAIDs, with each bank of drives configured for (1) RAID 5 array (6 drives, 1 hot swap) & sliced into 6 LUNs. Everything works as expected until I reach 8 entries in the LUN Masking table. The option to add a ninth host is greyed out. If I remove any the the working 8, the options is available again. Is there any work-around for this? The docs don't indicate a restriction on the number of hosts that can be specified. With the above config, the 8 LUN per controller limit is not passed, so I don't understand why the number of hosts is giving a problem.
  thx,
  Vince

  Thanks for the reply. I am using VMware ESX server on the hosts that will be sharing LUNs. It handles the sharing natively, and also handles multi-pathing but the 8 host limit means that I can only have 4 hosts multi-pathed to the xServe.
  I'd also like some LUNs to be masked exclusively for other non-ESX servers to avoid contention but the 8 host limit is making that impossible.
  I have been very satisified with the xServe RAID so far except in the limitations (6 slices, 8 LUNs, and now 8 hosts for LUN masking). These are artificial limits that would make the xServe a better product if addressed.

• Firmware 1.5.1 + LUN Masking

  Is it possible to still use LUN masking on a controller with 1.5.1 firmware, as long as I'm using RAID Admin 1.5.0?

  I'm not sure what your IT background is, but LUN masking in a storage environment is NOT an advanced feature, and the concept of hardware RAID is common in any serious server platform.
  "Advanced" need not equate to complexity, enter Apple.
  Regardless, it is simply unacceptable to remove a core functionality you've provided since the inception of a product with no advance notification that said functionality is going to be removed, and no documentation other than "Removed LUN Masking from Advanced tab" when it does happen.
  So Apple needs to charge $1.99 to enable previously shipped Core 2 Macs to use Wireless-N, in order to comply with Sarbanes-Oxley. Okay, fair enough. So how much $ is Apple going to give back to me per Xserve RAID that my company has purchased, since we paid for functionality that they're now taking away? Just some food for thought.
  And yes, I have notified both my enterprise account rep and my field engineer of my disatisfaction with this issue. I'm an Apple fan-boy, and even I think this is ridiculous on Apple's part.

• How to change IP address and subnet mask without using the sys-unconfig ?

  I have Solaris 10 x86. I've ran into problems using the sys-unconfig command
  to change hostname and IP address.
  How to I manually change the IP address and subnet mask values on Solaris 10 manually?
  Thanks.

  We just switched over a DNS server by using ifconfig, (same subnet), and killing named. seems to be working fine, anything I should look out for ?
  steps:
  Prep -
  - change name in /etc/hostname.e1000g0
  - change name and IP in /etc/hosts and /etc/nodename
  - # uname -S dnsint02
  Activate
  - unplug old dnsint02
  # ifconfig e1000g0 192.168.2.80
  # kill -9 [PID of named]
  Cleanup
  - Remove old key on clients I SSH from.
  - reconfigure backup software for new name/server combo.
  Edited by: HarryC on Jun 25, 2009 9:29 AM

• How to get "fast user switching" and network shares playing nice

  I've been alternating between banging my head against a wall and reading every forum I could find to try and get a reasonable compromise between using "Fast user switching" and sharing a folder from a file server.  It baffles me how the network share/mount model of OSX/AFP is completely killed by fast-user-switching; this is a big problem with Apple requiring users to be actively logged in to share music/video from iTunes which therefore essentially requires fast-user-switching if anyone else wants to use the computer.  (anyone find it odd that you can share files without being logged in, but sharing songs requires an active login for each user who is sharing?  Apple: time to make iTunes sharing a service!)
  For the sake of example, lets just say I want to share my /Groups folder from my desktop and have it be accessible to my laptop.  Here are all the things that I tried:
  Apple Method 1) Share /Groups in the Server.app on the desktop (running Lion Server), use finder on the laptop and drag the share icon to "Login Items", alternative use a startup Apple script using "mount volume"  Both of the options work and will mount the /Groups folder under /Volumes/Groups, of course when the second person logs in via fast-user-switching (and occasionally the first person for no apparent reason), they will get /Volumes/Groups-1 since /Volumes/Groups is already taken.  Tomorrow we log in a different order and now the previously /Volumes/Groups-1 user has their mount at /Volumes/Group and vice versa.  Any links, aliases, finder sidebar references, and application settings which pointed to yesterday's location are now BROKEN.  Not very user friendly to my mother-in-law who is trying to find those pictures of the kids and doesn't know anything about mount points. I also can't reasonably mirror the file location structure on the desktop so that application preferences that are synced between the two (portable home directories) work.   fail.
  Apple Method 2) Use automounter and set up by hand direct maps for /Groups or an indirect maps for the children of /Groups.  Now it will automatically get mounted to /network/servers/SERVER/Groups/ on the laptop and on the desktop it will automatically create a similar symlink structure so that the same path (/network/servers/SERVER/Groups) work both on desktop and laptop.  Cool.  Except when the second person logs in, the /network/servers/SERVER/Groups/ mountpoint is already owned by the first user and they don't have any permissions to access it.  Fail.
  Apple Method 3) Use mount_afs and specify directly the mount-points.  Have each user have their own startup AppleScript which mounts /Groups to a different location (e.g. /Users/Shared/username/Groups) that way they don't conflict with multiple users.  On the desktop, set up symlinks from /Users/Shared/username/Group to /Groups so that it will be the same as the client and applications settings will work when synchronized back/forth by portable-home-directories.  Will it work, yes it does, but what a bear to maintain.  Is this really what I should expect to do just to have multiple users on my desktop and laptop (which again is essentially required now if I want to do any type of iTunes sharing).  This can't be what apple expects.
  What I ended up doing - the "not quite apple" solution.
  Non-Apple Method 4) After a read of "Autofs: Automatically Mounting Network File Shares in Mac OS X" (http://images.apple.com/business/docs/Autofs.pdf) at the very end there is a single paragraph  of "Kerberized NFS": "A Kerberized NFS mount can have multiple connections from multiple users, each using the correct user’s credentials for each transaction. This allows administrators to support multiple users, each authenticated with their own credentials to the same mount point. This is very different from AFP and SMB mounts," (emphasis mine)
  It appears that by using good 'ole NFS (abeint with Kerberos for security!) you can actually have multiple users on the same mount point.  Roughly following the guidance at https://support.apple.com/kb/TA24986?viewlocale=en_US.  What I needed to do was:
  1) create /etc/exports on my desktop and add a single line "/Groups -sec=krb5".  The existence of /etc/exports triggered a start of nfsd which no longer has any GUI options in Lion.
  2) Add a line to /etc/auto_master on my laptop "/-  auto_mymounts" to reference a new direct map.
  3) Create /etc/auto_mymounts and add a single line "/Groups         SERVER:/Groups" to create the direct map.
  THAT'S IT.  Three lines in three files.
  Now when I log into my laptop, there is a /Groups that is a network mount of my desktop's /Groups, same location AND it works for all of my users, even simultaneously. 
  In the end I'm happy with what I've got, but man was this a difficult path just to support fast-user-switching.  In Lion, Apple appears to be getting away from NFS (no longer turned on by default and remove from the GUI controls) but clearly this really useful functionality which doesn't exist in AFP. 
  I'm really curious, after all this work.  Any other ways to accomplish this?

  In my example above, yes I chose to mount the share "Groups" to the top of the root since that is where I put it on my server and I wanted to keep them similar; but that was just my preference, it isn't a requirement.  You can export and mount from other directories.

• Not Working-central web-authentication with a switch and Identity Service Engine

  on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
  I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
  The interface configuration looks like this:
  interface FastEthernet0/24
  switchport access vlan 6
  switchport mode access
  switchport voice vlan 20
  ip access-group webauth in
  authentication event fail action next-method
  authentication event server dead action authorize
  authentication event server alive action reinitialize
  authentication order mab
  authentication priority mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  spanning-tree portfast
  end
  The ACL's
  Extended IP access list webauth
      10 permit ip any any
  Extended IP access list redirect
      10 deny ip any host 172.22.2.38
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  The ISE side configuration I follow it step by step...
  When I conect the XP client, e see the following Autenthication session...
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
             Interface:  FastEthernet0/24
            MAC Address:  0015.c549.5c99
             IP Address:  172.22.3.184
              User-Name:  00-15-C5-49-5C-99
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  single-host
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
       URL Redirect ACL:  redirect
           URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC16011F000000490AC1A9E2
        Acct Session ID:  0x00000077
                 Handle:  0xB7000049
  Runnable methods list:
         Method   State
         mab      Authc Success
  But there is no redirection, and I get the the following message on switch console:
  756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
  756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  I have to mention I'm using an http proxy on port 8080...
  Any Ideas on what is going wrong?
  Regards
  Nuno

  OK, so I upgraded the IOS to version
  SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
  I tweak with ACL's to the following:
  Extended IP access list redirect
      10 permit ip any any (13 matches)
  and created a DACL that is downloaded along with the authentication
  Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
      10 permit ip any any
  I can see the epm session
  swlx0x0x#show epm session ip 172.22.3.74
       Admission feature:  DOT1X
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
  And authentication
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
       Interface:  FastEthernet0/24
       MAC Address:  0015.c549.5c99
       IP Address:  172.22.3.74
       User-Name:  00-15-C5-49-5C-99
       Status:  Authz Success
       Domain:  DATA
       Oper host mode:  multi-auth
       Oper control dir:  both
       Authorized By:  Authentication Server
       Vlan Group:  N/A
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
       Session timeout:  N/A
       Idle timeout:  N/A
       Common Session ID:  AC16011F000000160042BD98
       Acct Session ID:  0x0000001B
       Handle:  0x90000016
       Runnable methods list:
       Method   State
       mab      Authc Success
  on the logging, I get the following messages...
  017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
  017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
  017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
  017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
  017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
  017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
  What I'm I missing?