Redirecting traffic based on source address on CSS11503

Hi all,
I need to redirect HTTP traffic originating from a specific range of IPs to a specific farm of HTTP servers. More specifically, I need request comming to CSS's outside VIP address on port 80/tcp to be redirected to the HTTP farm (2 boxes with RFC1918 addresses) on port 30084/tcp.
The trick is that this rule should only apply for a certain range of source IP addresses. The rest should be content switched normally. I.e. 80/tcp -> 80/tcp, etc.
Is this possible with ACL or somthing similar?
I'm running WebNS 7.20 on a CSS11503.
Thanks,
haver

you could create a 2nd VIP like x.x.x.x:81 and
a service like
service redirect
domain x.x.x.x:81
type redirect
keepalive type none
Under the Vip x.x.x.x:81, you configure the 2 services with private ip addresses and port 30084.
Then you create an ACL
acl 10
clause 10 permit tcp destination content prefer redirect
clause 99 permit any any destination any
apply circuit-VLAN...
Don't forget you will need an ACL permit any any on all other interfaces to avoid blocking the rest of the traffic.
What this will do is tell the browser to close the current connection to vip:80 and reopen a new one to vip:81 and this will be loadbalanced to the private servers.
Gilles.

Similar Messages

  • Using OHS to redirect traffic based on intranet or internet URL

    Hello,
    we have a requirement where we have to launch our application on internet. Application is working fine on local intranet URL or internet URL but not working on both at same time.we have application developed with ADF and other fusion components.
    This is the topology we are using here :-
    SPS(secured proxy server to configure internet URL) --> OHS -> Managed server(1,2,3,4)
    We have to setup a URL redirect rule at OHS level where
    ---> if the incoming traffic is from intranet URL application work based on intranet URL's BUT
    -->if the traffic is coming from internet URL, OHS internally take care of URL redirect and work for external users too..
    Summery is, application should work for both internet and intranet URL, but pls note both the URL are different
    like
    intranet- https:\\abcd.intranet.xxx.com\abs\login
    internet - https:\\abcd.xxx.com\abs\login
    could someone pls help me on this and provide your valuable suggestion on how we can achieve this at OHS level...

    Thanks AMN,
    I was able to successfully get the redirect to work with the following Javascript code.
    In the folder: C:\OracleBI\oc4j_bi\j2ee\home\default-web-app
    I created the following OBIEE.html file
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html lang="en,us">
    <HEAD>
    <TITLE>Test OBIEE Redirect Page<TITLE>
    </HEAD>
    <BODY>
    <script type="text/javascript">
    var agent = (navigator.userAgent).toLowerCase();
    var weburl = './analytics/';
    var moburl = './analyticsMobile/';
    var reg_exp = /(ipod|iphone|android|opera mini|blackberry|palm os|palm|hiptop|avantgo|plucker|xiino|blazer|elaine|windows ce; ppc;|windows ce; smartphone;|windows ce; iemobile|up.browser|up.link|mmp|symbian|smartphone|midp|wap|vodafone|o2|pocket|kindle|mobile|pda|psp|treo)/;
    if( reg_exp.test(agent) ) {
         window.location = moburl;
    else {
         window.location = weburl;
    </script>
    </BODY></HTML>
    The javascript gets the USER agent and does a regular expression match to see if its any popular handheld device. If so, it redirects them to the mobile address. Otherwise the user is directed to the standard site.
    All I need to do is pass around the URL:
    http://localhost:9704/OBIEE.html
    And users will be dynamically sent to the correct location.
    Thanks!
    -Joe

  • How i can route the traffic based on destination address ?

    Dears,
    As you can see in the image i have two different setups.
    ISP A setup is completely dedicated for Production & ISP B setup is dedicated for whole staff internet.
    Below is the network information;
    Firewall:
    GigE0/0 - PUBLIC IP (PAT)
    GigE0/1 - 192.168.0.1/24  no dhcp
    ISP B Router:
    ATM 0 - PUBLIC IP (PAT)
    FaE0/0 - 192.168.0.2/24
    FaE0/1 - 192.168.92.1/24 dhcp
    Servers - 192.168.0.xxx/24
    Clients - 192.168.92.xxx/24
    All the clients have internet access through ISP B.
    If a client wants to connect to any of the server, what kind of configuration is required on ISP B rotuer. I though of route-maps or doing a static routing between Firewall & ISP B Router but i am not sure which is the best practice to do so.
    Kindly suggest with some suitable solutions.
    Regards
    @Mohammed

    Hi Shareef,
    Below is the example of PBR.
    ip access-list extended Redirect_PBR
    permit tcp host 192.168.92.10 host 192.168.0.10 eq 443
    permit tcp host 192.168.92.10 host 192.168.0.10 eq 21
    etc
    route-map Client_Server permit 10
     match ip address Redirect_PBR
     set ip next-hop 192.168.0.1 (Server LAN)
    int Fa E 0/1
    ip policy route-map Client_Server
    You can have the required filtered rule created as an ACL... you can restrict how ever you wan't.  Map that ACL to the route map and set a next hop to needed routing point. Then finally map that ACL to the interface of the router. In this case every traffic mentioned in route map and access-list will follow the PBR rule. All other traffic will route as usuall with the default route.
    Hope this helps
    Regards
    Karthik

  • ACE load balance based on Source IP Address

    Hi Cisco  Support,
    I have question  related to Cisco ACE behavior in term to taking a decision based on source  address
    I currently have two  servers sits behind ACE part of one server farm, these servers are load balanced  via one VIP on ACE module and every things looks fine.
    Now service  owners want to replace these old servers with new hardware hence before the  migration we need to make sure these new servers are working as required standard hence  need to create a testing scenario for new servers along with old server. The problem is that number of third party partners are accessing existing servers by hitting VIP on ace and we  can't engage all our partner to participate in this test therefore decided to  engage only one partner to carry our test with us.
    For that reason can  we some how configure the ACE so when packet arrive on ACE from one test partner  mentioned above, ACE send only that partner's traffic based on it's source address  (define via class/policy map on ACE if possible) towards new servers in the existing server  farm and not to the old server in the same server farm.
    Thanks for your  support

    Hi,
    Just to put some config sample that might help you to get this done.
    First create the new rservers and include them under a new serverfarm (New-APP)/
    serverfarm host Webfarm
      rserver SVR1
        inservice
      rserver SVR2
        inservice
    serverfarm host New-APP
      rserver New-1
        inservice
      rserver New-2
        inservice
    - Same VIP already working.
    class-map match-all VIP-HTTP
      2 match virtual-address 10.10.10.10 tcp eq www
    - Create a new class that will include your partner's IP(s).
    class-map type http loadbalance match-any 3rd-Party
      2 match source-address 200.200.200.1 255.255.255.255 
      3 match source-address 200.200.200.10 255.255.255.255 
    Modify your current first-match policy to put the new class on top so that all the traffic matched by the statement above (IP) will be redirected to the new farm with the new APP, any other traffic that does not match the "rule" will be sent to the old serverfam with the old app.
    policy-map type loadbalance first-match L7-SLB
      class 3rd-Party
        serverfarm New-APP
      class class-default
        serverfarm Webfarm
    Since you already have LB working then this is it, nothing needs to be added under the multi-match policy nor interface.
    HTH
    Pablo

  • Load balancing based on source IP address

    Hi,
    I configured a CSS to balance the load depending on source IP address to suppport a application feature in the server.
    We have two firewalls and behind we have different users. We have also two servers behind the CSS.
    Firewalls perform NAT with a unique outside IP address. So, for example, in these conditions the CSS balances requests coming from FW 1 to server 1 and requests coming from FW 2 to server 2. Is it correct this scenario?
    Is it possible that requests coming from FW 1 could be forwarded to Server 2 and viceversa?
    Could anyone answer me?
    Thanks in advance.
    Best regards.
    Giuseppe.

    Giuseppe,
    it all depends on how you configured your CSS.
    Did you use an ACL to force traffic from SRC1 to server1 and traffic from SRC2 to server2 ?
    Or did you simply configure sticky based on source ip or a source ip hash loadbalancing ?
    Except the ACL, all other methods do not guarantee that the traffic will be splitted in 2.
    Gilles.

  • Route call based on source IP address

    Hello Guys,
    Is there a way to route calls based on source IP address?
    I want to redirect calls to specific queues based on the ip of the phone who's starting it.
    Any ideas?
    Thanks in advance.
    Filipe Leite                  

    Hi Filipe
    I'm assuming here that you are using CallManager rather than CME?
    One option might be to use the 'device mobility' feature to assign a specific CSS to devices based on their IP subnet. That CSS could have the appropriate partitions to route to a seperate trigger that directs calls to a separate CSQ.
    Of course, whether you can do this depends on whether it would be appropriate to override the device CSS in this way.
    Aaron

  • Bandwidth Limit based on Source IP?

    Hi
    I am trying to think of a way to apply a bandwidth limit based upon Source IP subnet.
    I need to have the ability to limit both the outbound and inbound traffic.
    So I created the following config:
    policy-map bw-limit-inbound
     class bw-limit-class
      police 10000
    class-map match-any bw-limit-class
     match access-group 150
    access-list 150 permit ip 172.16.99.0 0.0.0.255 any
    If I apply the Service Policy inbound, it does police the upload to 100Kbps.
    If I apply it outbound, it does nothing to the download.
    Any reason for this?
    I am applying this to an SVI
    Thanks

    Hi Guys
    Just to update this thread, I figured out where I was going wrong!
    As mentioned by Mikael, the ACL only shows traffic one way, hence why it was not applying the service policy to the download.
    I have three subnets I want to Police both outbound and inbound so I started with Three ACLs:
    access-list 197 permit ip 172.16.97.0 0.0.0.255 any
    access-list 197 permit ip any 172.16.97.0 0.0.0.255
    access-list 198 permit ip 172.16.98.0 0.0.0.255 any
    access-list 198 permit ip any 172.16.98.0 0.0.0.255
    access-list 199 permit ip 172.16.99.0 0.0.0.255 any
    access-list 199 permit ip any 172.16.99.0 0.0.0.255
    I then created the relevant class maps:
    class-map match-all vlan998-download
     match access-group 198
    class-map match-all vlan999-download
     match access-group 199
    class-map match-all vlan997-download
     match access-group 197
    class-map match-all vlan998-upload
     match access-group 198
    class-map match-all vlan999-upload
     match access-group 199
    class-map match-all vlan997-upload
     match access-group 197
    Then the service policies:
    policy-map download-limit
     class vlan997-download
      police 2000000
     class vlan998-download
      police 3000000
     class vlan999-download
      police 4000000
    policy-map upload-limit
     class vlan997-upload
      police 200000
     class vlan998-upload
      police 300000
     class vlan999-upload
      police 400000
    Then finally applied those to the relevant SVI:
    interface Vlan102
     ip vrf forwarding WAN2
     ip address 10.20.2.2 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     service-policy output download-limit
     service-policy input upload-limit

  • Routing RTSP though Ace but keeping source address information

    Hello
    I am trying to set up load balancing for a Wowza streaming media server.  The problem I have is that some of the media that we will be on the server is not allowed to be watched from other countries.  The server has a modification that can sort this based on the IP address, our ACE is in Routed Mode, so the source address is replaced with a internal one which means that they will be allowed to watch whatever they like. 
    I have tried to look into injecting the original source address in to RTSP but as far as I can see you cant.
    Can anyone help with making the connections from other countries readable thought the ACE?

    Ricardo,
    What is this route ??
    ip route 0.0.0.0 255.255.255.0 10.0.0.1 (VIP address)
    You can't have 0.0.0.0/24.
    You must be missing something ?
    Also, since the vip is part of a vlan with subnet 10.0.0.0/24 you don't need to add a static route to reach that vip.
    It should normally be directly connected to your router.
    With the static route, do you see traffic coming to the ACE module ?
    Does it loadbalance to the server ?
    'show service-policy detail' check the packet counters
    Gilles.

  • How is NTP reply routed when requesting router uses loopback as source address

    The Cisco NTP Best Practices White Paper and DISA STIGs recommend setting the NTP source address to a loopback interface (e.g. "ntp source loopback0").
    But this only seems to work if the requesting (NTP client) router is the default gateway for the NTP server. 
    Specifically, the NTP server will attempt to reply to the requesting router's loopback-based source address (taken from the NTP request packet).  Since that address will always be non-local from the perspective of the NTP server, the NTP server will encapsulate the reply in a Layer 2 frame addressed to its default gateway.  If the gateway was the source of the original NTP request, that should work.  But in most other situations that gateway won't know how to reach a loopback-based address, and will discard the reply.
    I have verified this in tests with routers running both 12.4 and 15.1 releases (and NTP debugging enabled).  When the NTP source is a loopback address, NTP replies never reach the requesting router.  With the default NTP source address (i.e. based on the exit interface) everything works fine.
    Obviously, you could employ workarounds, such as static routes or injecting loopback addresses into your routing protocols.  But that seems uglier than leaving NTP source addresses at their defaults.
    Why is this "best practice" so commonly advocated without mention of some significant caveats regarding routing?  Am I missing something? 
    Thanks,
      Mark

    Michel:
    Thanks for the response.  Actually, I understand what kind of routing workarounds could allow NTP to function in spite of this "best practice."  But I am mystified as to why a Cisco "NTP best practice" paper (http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a0080117070.shtml) and various security policies would call for setting a loopback address as the NTP source when that practice will often cause more problems than it solves.
    The stability of a loopback address is nice when that address is used to uniquely identify the platform for a routing protocol or syslog.  A loopback-based source address can also simplify ACL management, since that address won't change if an interface or link failure forces the router to send traffic from a different interface.  But I keep seeing security configuration guides/policies that call for also using a loopback address as the source for two-way protocols, such as FTP and NTP. That just doesn't make sense to me when you balance the routing implications against the limited security benefits (stable device identification, simplified ACL maintenance, and obfuscation of device addresses).
    I was hoping to learn that some obscure command might allow me to control which NTP exchanges use the loopback-based source address.  For example, the loopback source address would work fine on outgoing NTP broadcasts (and probably in replies from NTP servers).  But I would prefer that NTP client requests use a source address based on the exit interface. That way replies can be routed back to the client without cluttering up routing tables with routes to loopback addresses.
    So far, it looks like I'll need to chalk this up to poor coordination between the network security and network administration communities.
    Thanks again,
      Mark

  • ASA 5510 Firewall internet Restriction based on IP address and block rest users excluding Mails

    Hi,
    As i have assignment to create access list based on IP address like we have to allow internet access this IP range 192.168.172.201 to 212.
    And rest users we have to block excluding Mails.
    Please help.
    Thanks,
    Regards,
    Hemant Yadav 

    login as: Rakh
    [email protected]'s
    password:
    Type help or '?' for a list of available commands.
    FAST-HQ-ASA> en
    Password:
    Invalid password
    Password: ***********
    FAST-HQ-ASA# show rum
                        ^
    ERROR: % Invalid input detected at '^' marker.
    FAST-HQ-ASA# show run
    : Saved
    ASA Version 8.3(1)
    hostname FAST-HQ-ASA
    enable password 7tt1ICjiO2a2/Hn2 encrypted
    passwd U8oee3lIrDCUmSK2 encrypted
    names
    interface Ethernet0/0
    description ASA Outside segment
    speed 100
    duplex full
    nameif OUTSIDE
    security-level 0
    ip address 62.173.33.67 255.255.255.240
    interface Ethernet0/1
    description VLAN AGGREGATION point
    no nameif
    no security-level
    no ip address
    interface Ethernet0/1.2
    description INSIDE segment (User)
    vlan 2
    nameif INSIDE
    security-level 100
    ip address 192.168.172.1 255.255.255.0
    interface Ethernet0/1.3
    description LAN
    vlan 3
    nameif LAN
    security-level 100
    ip address 192.168.173.1 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    ftp mode passive
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network INSIDE
    subnet 192.168.172.0 255.255.255.0
    object network LAN
    subnet 192.168.173.0 255.255.255.0
    object network MAIL-SERVER
    host 192.168.172.32
    object network DENY-IP-INTERNET
    range 192.168.172.121 192.168.172.200
    object-group service serBLOCK-INTERNET tcp
    port-object eq www
    object-group network BLOCK-IP-INTERNET
    network-object object DENY-IP-INTERNET
    access-list 102 extended permit icmp any any time-exceeded
    access-list 102 extended permit icmp any any echo-reply
    access-list OUTSIDE-IN extended permit tcp any host 192.168.172.32 eq smtp
    access-list OUTSIDE-IN extended permit tcp any host 192.168.172.32 eq https
    access-list BLOCK-WWW extended deny tcp object-group BLOCK-IP-INTERNET any object-group serBLOCK-INTERNET
    access-list BLOCK-WWW extended permit ip any any
    pager lines 24
    logging asdm informational
    mtu OUTSIDE 1500
    mtu INSIDE 1500
    mtu LAN 1500
    mtu management 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    object network INSIDE
    nat (INSIDE,OUTSIDE) dynamic interface
    object network LAN
    nat (LAN,OUTSIDE) dynamic interface
    object network MAIL-SERVER
    nat (INSIDE,OUTSIDE) static 62.173.33.70
    access-group OUTSIDE-IN in interface OUTSIDE
    access-group BLOCK-WWW out interface OUTSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 62.173.33.65 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    vpn-addr-assign local reuse-delay 5
    telnet timeout 5
    ssh 192.168.172.37 255.255.255.255 INSIDE
    ssh 192.168.173.10 255.255.255.255 LAN
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username Rakh password EV9pEo1UkhHJSbIW encrypted
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    call-home
    profile CiscoTAC-1
      no active
      destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email
    [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:1ee78d19f958efc6fd95f5e9d4e97b8d
    : end
    FAST-HQ-ASA#

  • Configuring ISE to proxy Authentications based on email address

    Hi
    I'm looking for a little help configuring ISE to proxy requests to external radius servers based on email address and password. I want to configure eduroam on our WLAN. Eduroam allows students connect to the WIFI of other Campuses using their local credentials
    Workflow:
    User associates to SSID (eduroamTest)
    Prompted for username & password (802.1x)
    User puts in username and password in the form [email protected] (UPN)
    If the user is part of our local institution they are authenticated using our local radius server (ISE)
    If the user is a  member of a partner institution the request is proxied to an external radius server (National Gateways).
    The National Gateways  passes the request to the relevant institution based on the UPN (eg @ucd.ie will be passed to ucd radius servers)
    The institution authenticates the user and passes the  request back to the National Gateways
    The National Gateways passes this request back to our ISE server and the external user is authenticated
    The user can browse the web
    What I have done:
    Setup the National Gateways as external proxy servers
    Created firewall rules to allow the traffic
    Configured the proxy sequence with these servers
    Created a policy to proxy requests to the proxy sequence
    What I need to figure out:
    How to get ISE to authenticate/proxy requests, for the SSID eduroamTest, based on UPN eg (if username = *@rcsi.ie then use local ISE otherwise use proxy service)
    Any help with this configuration would be greatly appreciated as I am new to ISE.
    If you need any more info please let know.
    Kind regards
    John

    Sounds like you did most of the work already. To get ISE to direct certain requests based on attributes in the request to another radius server, all you need to do, is create a new authentication rule, where you check for the following attributes ;
    radius/called-station-id contains "eduroam"
    and
    radius/username ends with "rcsi.ie"
    Then you can select the radius server sequence you created instead of the normal "Allowed protocols" list.
    If you want to be in control of the authorization, there is a flag you must set in the radius server sequence in ISE, this will let you control what rights the client is given locally, while still authenticating the user remotely.

  • Possible to Route Traffic Based on AVC?

    Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

    Hello.
    Yes, it's possible and, actually, you have 2 ways.
    1. use manual load-balanace between links.
    2. use PfR to load-balance traffic automatically.
    PS: you also will need NAT with route-map.

  • Match source-address and url

    I have an existing policy-map with vip and port 80. Now I need to do:
    1. Match pool of ip address and url /abc then redirect to url /abc1
    2. If url is ok but ip is out of the pool then redirect to url /abc2
    It's probably possible to achieve but I have problem with mixing class maps (L4 and L7). Please advice how to do it.
    Thank you.

    HI Kamil,
    Something like below. Please try and let me know if it helps.
    rserver redirect red
      webhost-redirection www.abc1.com
      inservice
    rserver redirect red1
      webhost-redirection www.abc2.com
      inservice
    serverfarm redirect red
      rserver red
        inservice
    serverfarm redirect red1
      rserver red1
        inservice
    class-map type http loadbalance match-all url
      2 match http url abc
      4 match source-address 2.2.2.2 255.255.255.0
    class-map type http loadbalance match-all url1
      2 match http url abc
     policy-map type loadbalance first-match url
      class url
        serverfarm red
      class url1
        serverfarm red1
      class class-default
        serverfarm xxxx
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful

  • Redirect traffic destined for an IP on Server 1 to go to Server 2 at DR Site?

    DNS is what I'm using for most of my subnets. The problem is that I have a handful of subnets that have devices that are under the control of an outside agency. Those devices access a server in my DC by pointing to the IP Address.
    If I performed a failover test to Server 2 at a DR Site, how can I redirect traffic from those subnets to Server 2 if they are still pointing at the IP on Server 1? In the DC, a 6509 sits between Server 1 and the subnets in question. To get to Server 2 at the DR site, I have an FWSM in the DC and an ASA5585 at the DR site.

    If your route point is a router or L3 switch then you could configure a route-map with an ACL that is used to change the next hop ip for the servers in the DC to the DRC. This will be a lot of manual configuration and testing but it maybe a viable solution.
    Sent from Cisco Technical Support iPad App

  • NI XNET in LabView: Transmitting source address along with signal

    Hi all!
    Does anyone know a way to transmit a user-determined source address along with a specific signal (J1939)?  I'm outputting a signal from CVI with nxWriteSignalSinglePoint and reading it with CANalyzer, which says that the source address is NULL (254).  Is there a way to set this or would I have to transmit the whole frame (maybe doing the raw bits format)?  Thanks in advance!

    Hey BLowery,
    Given that this is a more XNET-oriented question, I would recommend asking this type of question on the Embedded Networks forum page rather than the CVI Forum since that's where user dealing with CAN and J1939 reside.
    Embedded Networks Forum:
    http://forums.ni.com/t5/Automotive-and-Embedded-Networks/bd-p/30
    However, if you are wanting to be able to specify the source address manually in the 29-bit extended arbitration ID, as J1939 requires, it wouldn't be too hard, but you can't do it with Signal session. A Signal session uses the CAN database file to determine the ID and parameters of the frame to be sent automatically, and you simply provide the signal data. To be able to edit the ID yourself, a Frame Stream session that doesn't rely on a database would be required, since it would allow you to provide the ID manually.
    I recommend taking a look a this white paper, which shows how to use XNET with the J1939 standard. In the sample code that they provide, there is an example using a Frame Out Stream session which edits the ID manually based on the user's input.
    http://www.ni.com/example/31215/en/
    Regards,
    Ryan

Maybe you are looking for