Sample config
So I have been trying to setup trunking (got that done and tested) on a pair of CSS 11503's and now i would like to setup ASR, vr and vip redudnacy to failover between them. Does anyone have any samples of how to do this with all public ips, all the cisco docs are for nat'd configuration which we do not run, everything would be public.
right now management of the css is done over vlan100 but the servers are in vlan150, different subnet's obviously however what is messing me up is the docs are all saying to use outside public ips and inside for the servers. I only have public ips and don't have time to change anything to a nat...any help would be great
actually let me append my previous comment with a question..
since I am trunking up (to my 6509s) and down (to various switches)...what should my default route be on the CSS's
i have 2 vlan's right now
vlan 10
ip address 192.168.10.10 255.255.255.240
vlan 20
ip address 192.168.11.11 255.255.255.224
in my global however I am using
ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
10.1 btw is a virtual (HSRP address) on my 6509's
11.1 would be the virtual (HSRP address) on my 6509's for vlan20 etc..
so yes my previous statement about the gateways for my web servers pointing to the CSS is true (redudant int), however if I have other servers on my switches that are not in the lb's groups and I point it those servers to my HSRP virtual for vlan20's 11.1 i cannot ping it... so what are my options cause I would rather not change gateways on some of the other machines that won't be load balancing.
I noticed in the trunking sample config the global had no route, but when i removed it, i couldn't get to anything (of course).
thanks again
Similar Messages
-
Revision: 13477
Revision: 13477
Author: [email protected]
Date: 2010-01-13 05:17:10 -0800 (Wed, 13 Jan 2010)
Log Message:
Bug: BLZ-455 - Document client-load-balancing property in the sample config
QA: No
Doc: No
Ticket Links:
http://bugs.adobe.com/jira/browse/BLZ-455
Modified Paths:
blazeds/trunk/resources/config/services-config.xml -
Hi
Does anyone have a sample config for standalone Cisco AP1252 (Cisco IOS) for AD Authentication for wireless ?
Appreciated your kind reply.The short version :
in config terminal mode :
-radius-server host auth-port 1812 acct-port 1813 key 0
-aaa authentication dot1x eap_methods group radiusThen you need to configure your ssid for dot1x :-dot11 ssid -authentication open eap eap_methods-authentication network-eap eap_methodsThis is only the part needed for radius interaction. This assumes that you already configured your SSID with according WPA settings.that's about it I think.If you want info about more commands or so, just check out this link :http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap11-authtypes.html#wp1002608 -
I'm looking for a sample config for a IPS IDSM-2. I've been reviewing the configuration manual and love the excruciating detail, but would like to work from a sample config. Maybe just the basics to get started and then I can add stuff in later.
Any samples would be most appreciated.
Thanks,
MikeYou need to decide the mode you want to run your IPS in? Promiscuous, Inline (VLAN/Interface pair) ?
Here are two examples from CCO:
https://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_example09186a0080876d9f.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml
Regards
Farrukh -
Hi,
Can some one help me with a sample configuration for ACE20?
Rgds....Partha Acharyahere is a copy of my lab config.
switch/User1# sho run
Generating configuration....
logging enable
logging buffered 7
access-list PERMIT_ANY line 10 extended permit ip any any
access-list app line 10 extended permit ip host 192.168.20.41 any
probe http ACECFG-http
interval 5
faildetect 2
passdetect interval 10
request method get url /index.html
expect status 200 299
probe ftp ftp_probe
interval 10
passdetect interval 10
expect status 0 999
open 5
parameter-map type connection REPL
parameter-map type connection TCP
rserver host 20.20.20.20
ip address 20.20.20.20
inservice
rserver host REFLECTOR-10
ip address 192.168.60.10
inservice
rserver host REFLECTOR-11
ip address 192.168.60.11
inservice
rserver host REFLECTOR-12
ip address 192.168.60.12
inservice
rserver host REFLECTOR-13
ip address 192.168.60.13
inservice
rserver host REFLECTOR-14
ip address 192.168.60.14
inservice
rserver host REFLECTOR-15
ip address 192.168.60.15
inservice
rserver host linux1-48
ip address 192.168.30.48
rserver host linux2
ip address 192.168.20.41
inservice
serverfarm host 20.20.20.20
rserver 20.20.20.20
inservice
serverfarm host REFLECTOR
predictor leastconns
rserver REFLECTOR-10
weight 1
inservice
rserver REFLECTOR-11
weight 1
inservice
rserver REFLECTOR-12
weight 1
inservice
rserver REFLECTOR-13
weight 1
inservice
rserver REFLECTOR-14
weight 1
inservice
rserver REFLECTOR-15
weight 1
inservice
rserver linux1-48
inservice
serverfarm host linux2
failaction purge
probe ACECFG-http
rserver linux2
inservice
serverfarm host linux2-ftp
probe ftp_probe
rserver linux2 21
inservice
sticky ip-netmask 255.255.255.255 address source STICKY-REFLECTOR
replicate sticky
serverfarm REFLECTOR
class-map match-all NAT
2 match access-list app
class-map type http loadbalance match-all URL
2 match http url .*
class-map match-all VIP-250-80
2 match virtual-address 192.168.100.250 tcp eq www
class-map match-all VIP-250-ftp
2 match virtual-address 192.168.100.250 tcp eq ftp
class-map match-any VIP-REFLECTOR-254
2 match virtual-address 192.168.100.254 tcp eq www
policy-map type management first-match ALLOW
class class-default
permit
policy-map type loadbalance first-match 20.20.20.20
class class-default
serverfarm 20.20.20.20
policy-map type loadbalance first-match LB_linux2
class class-default
serverfarm linux2
policy-map type loadbalance first-match REFLECTOR
class class-default
sticky-serverfarm STICKY-REFLECTOR
policy-map type loadbalance first-match ftp-linux2
class class-default
serverfarm linux2-ftp
policy-map multi-match NAT1
class NAT
nat dynamic 1 vlan 100
policy-map multi-match SLB-REFLECTOR
class VIP-REFLECTOR-254
loadbalance vip inservice
loadbalance policy REFLECTOR
loadbalance vip icmp-reply
policy-map multi-match SLB1
class VIP-250-80
loadbalance vip inservice
loadbalance policy 20.20.20.20
loadbalance vip icmp-reply
class VIP-250-ftp
loadbalance vip inservice
loadbalance policy ftp-linux2
loadbalance vip icmp-reply
inspect ftp
service-policy input ALLOW
interface vlan 20
ip address 192.168.20.253 255.255.255.0
mac-sticky enable
access-group input PERMIT_ANY
service-policy input SLB1
no shutdown
interface vlan 100
ip address 192.168.100.2 255.255.255.0
alias 192.168.100.1 255.255.255.0
peer ip address 192.168.100.3 255.255.255.0
access-group input PERMIT_ANY
nat-pool 1 192.168.100.240 192.168.100.245 netmask 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.100.9
ip route 192.168.100.4 255.255.255.255 192.168.100.9
ip route 171.69.146.79 255.255.255.255 192.168.20.41
ip route 192.168.30.0 255.255.255.0 192.168.20.37
ip route 20.20.20.20 255.255.255.255 192.168.20.41 -
MPLS over GRE sample config....
can any body paste a working of MPLS over GRE....
i am looking for tunnel config and any related global config...
thanks
UmarYou can try this link for GRE configuration
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml -
Sample config requested: IOS AP with WPAv2 with PEAPv0 aka EAP-MSCHAPv2
Would someone be kind enough to share a sanitized config with me for the following:
AIR-LAP1131AG-A-K9 LWAP converted to autonomous mode running IOS v12.3(8)JEA
WPAv2 with PEAPv0 aka EAP-MSCHAPv2.
Thanks,
RichardHello,
Here's what I would use. The AP is actually unaware of the EAP type:
aaa group server radius rad_eap
server RADIUS_IP auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa session-id common
dot11 ssid SSID_PRIVATE
VLAN X
authentication open eap eap_methods
authentication key-management wpa
guest-mode
username cisco password 0 cisco
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan x mode ciphers aes-ccm
broadcast-key vlan x change 360
ssid SSID_PRIVATE
interface Dot11Radio0.x
encapsulation dot1Q x
interface FastEthernet0.x
encapsulation dot1Q x
radius-server attribute 32 include-in-access-req format %h
radius-server host RADIUS_IP auth-port 1812 acct-port 1813 key 0 RADIUS_KEY
radius-server timeout 30
radius-server vsa send accounting
Serge -
Sample config for TACCAS+ on ASA 8.22
I am looking for a sample configuration for doing TACCAS+ on ACS 5.2 with an ASA 8.2.2.
Any help would be appreciated.I think the following should just about do it - However it is MUCH simpler to do this in the GUI
aaa-server TACACS protocol tacacs+
aaa-server TACACS (management) host x.x.x.x key ****
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication serial console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa accounting ssh console TACACS
aaa accounting telnet console TACACS
aaa accounting serial console TACACS
aaa accounting enable console TACACS
aaa accounting command TACACS
Remember you need to create the network device in ACS with the same shared key.
Paul -
Hi
We have one pair of CSM confiugred in bridge mode.
The user wants the servers to be able to access the VIP also.
Understand one solution is to use NAT client.
Anyone got a working config on NAT client for bridge mode?
Thanks!natpool ....
serverfarm from-server2server
nat server
nat client
real x.x.x.x
ins
real x.x.x.x
ins
vserver from-server2server
vip x.x.x.x tcp
vlan
serverfarm from-server2server
ins
That's it.
Any question, let me know.
Regards,
Gilles.
Thanks for rating this answer. -
Looking for sample config.xml
After some changes config.xml is corrupted. Need a config.xml with following descriptors -
<admin-server-name>
<app-deployment>
<jms-server>
<mail-session>
<jms-system-resource>
<jdbc-system-resource>If you had configuration auditing enabled, you'd have backup copies in a configArchive folder. You should enable this; by default it is not.
You can create a configuration quickly by just using the configuration builder script in linux ( common/bin/config.sh ) or the configuration wizard in windows. -
Sample config for local switching of QLLC to Ethernet?
is it possible to switch a serial attached controller (PU2.0/2.1) over X.25 QLLC to a local attached Mainframe by ethernet?
We used Frame Relay across the WAN instead of X.25 and there were no problems with the implemetation. Guess it would work with X.25 too. The following doc gives you the configuration.
http://www.cisco.com/warp/customer/488/48.html -
1750v & AS5350 VoIP config sample
Im trying to set up a demo VoIP network between my offices in 2 location using an AS5350 (FXS) at the central site and 1750V (FXS) at a branch for now. They will both be linked by VSAT(fastEthernet output). Basically i just want to be able to make calls accross. Can someone help me with a sample config to lead me.
If you are using the 5350, that has no analog ports, i am assuming you are using a T1 and doing fxo on the individual t1 channels.
You will need to set up your controller as :
controller t1 1/0
framing esf
linecode b8zs
ds0-group 0 timeslots 1-24 type fxo-ground-start
which will create a voice port :
voice-port 1/0:0
then you will need two dail peers each on the routers :
one to send the voip call to the other side
dial-peer voice 1 voip
destination pattern 1234 <--- number of remote side
session target ipv4:10.1.1.1 <--- ip address of remote side
and one to terminate the call on this router
dial-peer voice 2 pots
destination-pattern 5678 <--- local number
port 1/0:0 <--- local port
no digit-strip
On the analog side you will have two ports already associated and you should congiure them under the appropriate dial peers.
You can also take a look at :
http://www.cisco.com/warp/customer/788/voip/dialpeer_call_leg.html
http://www.cisco.com/warp/customer/788/voip/in_dial_peer_match.html
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080080aec.html
Regards,
Taimoor -
Dear Sir,
I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server(10.106.13.20 & 21). The external vip is 10.106.13.224.
I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?
ssl-proxy-list PIS-SSL-LIST
backend-server 1
backend-server 1 type backend-ssl
backend-server 1 ip address 10.106.13.224
backend-server 1 server-ip 10.106.13.20
backend-server 1 version ssl3
backend-server 1 session-cache 300
backend-server 1 tcp virtual ack-delay 0
backend-server 2
backend-server 2 type backend-ssl
backend-server 2 ip address 10.106.13.224
backend-server 2 server-ip 10.106.13.21
backend-server 2 version ssl3
backend-server 2 session-cache 300
backend-server 2 tcp virtual ack-delay 0
active
service PIS-SSL-SERVICE
type ssl-accel-backend
ip address 10.106.13.224
add ssl-proxy-lit PIS-SSL-LIST
active
owner PIS-SSL-OWNER
content PIS-SSL-VIP-1
vip adddress 10.106.13.224
port 80
advanced-balance arrowpoint-cookie
url "/*"
add service PIS-SSL-SERVICE
active
Thanksthis is totally wrong unfortunately.
What are you trying to achieve here ?
Normally the connection between CSS and server does not need to be encrypted because they are close to each other.
You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.
Is this what you need ?
Here are sample configs:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp999094
backend-ssl is @
SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers
You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.
Gilles. -
Please gives sample configure VPN site to site on ASA 5512-x v.9.1!
Dear All,
Could you gave sample configer ASA 5512-x v.9.1 for VPN site to Site, i use to configure on ASA 5510 V.8.2 but on ver 9.1 i never configure.
my is use that i dont know to how to configure nonat.
i saw some configration as in the attach file they just to show configure VPN but we did not see nonot on command.
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_site2site.html
Best Regards,
HKHi,
The new configuration format for NAT0 / NAT Exemption / Identity NAT is the following
object network SOURCE-NETWORK
subnet
object network DESTINATION-NETWORK
subnet
nat (inside,outside) source static SOURCE-NETWORK SOURCE-NETWORK destination static DESTINATION-NETWORK DESTINATION-NETWORK
In the above
SOURCE-NETWORK contains the network on your side of the network
DESTINATION-NETWORK contains the network on the remote side of the L2L VPN
The NAT configuration presumes that you are using interfaces with the name of "inside" and "outside"
The reason you see 2 of each "object" in the NAT configuration is that there is no NAT performed for them. You would have option to do NAT for both source and destination but in this case we dont want that.
Depending how many source and destination networks we are talking about, this might need some modifying.
Hopefully this helps
- Jouni -
Plz help:[unable to deploy sample content]
please help me ,i want to deploy sample content for portal but following error arise
C:\Program Files\Sun\JavaES5\share\ant\bin>ant -buildfile "C:\Program Files\Sun\
JavaES5\portal\samples\portals\build.xml"
Buildfile: C:\Program Files\Sun\JavaES5\portal\samples\portals\build.xml
community:
getConfigLocation:
[echo]
[echo] Please enter the directory where the following files will be fou
nd:
[echo]
[echo] input.properties
[echo] password.properties
[echo] comms.properties (optional: required only when configuring com
munications channels)
[echo]
[echo] For example on solaris: /var/opt/SUNWportal/tmp
[echo]
[echo]
[input] Please enter the samples configuration location:
C:\Program Files\Sun\JavaES5\temp
setInstallationProperties:
[echo] Setting installation properties
setOS:
setSparcProperties:
setLinuxProperties:
setHpuxProperties:
setUNIXProperties:
setWindowsProperties:
[echo] Setting properties specific to Windows platform
checkForUpgrade:
checkForNoUpgrade:
[echo] am.request.portal.id: portal1
setUpgradeProperties:
setProperties:
setLocalUNIXProperties:
setLocalWindowsProperties:
setLocalProperties:
init:
BUILD FAILED
C:\Program Files\Sun\JavaES5\portal\samples\portals\build.xml:16: The following
error occurred while executing this line:
C:\Program Files\Sun\JavaES5\portal\samples\portals\community\build.xml:48: java
.io.FileNotFoundException: C:\Program Files\Sun\JavaES5\portal\samples\portals\c
ommunity\${ps.data.location}\tmp\password869091403 (The system cannot find the p
ath specified)Hi Shailendra,
Please make sure the "ps.config.location" setting in your C:\Program Files\Sun\JavaES5\temp\input.properties file is correct. On Solaris, this setting defaults to /etc/opt/SUNWportal and on Windows it will need to be changed to the appropriate directory.
The error you are seeing is most likely caused by the "ps.config.location" being inaccurate and the sample config is not finding the PSConfig.properties file.
Hope that helps. thanks ,dean.
Maybe you are looking for
-
I updated Firefox yesterday to 3.6.9. When I receive a URL link in an email within Outlook, I cannot open the link in Firefox. As I said in the question, when I click on the link, a Microsoft Office Outlook error message appears which states that a G
-
My iMovie crashes everytime I try to open a project!
My iMovie crashes everytime I try to open a project (which is quite big, about 24 minutes long). I've literally tried everything, from removing the imovie.plist file, searching for other files that could damage the project, doing a safe boot etc. Not
-
PSE 7.0 on Windows 7 RC
Has anyone tested PSE 7.0 on Windows 7 RC yet? Does it work? Thanks.
-
Query using Union All and CTEs is slow
TypePatient [ednum] int NOT NULL, PK [BackgroundID] int NOT NULL, FK [Patient_No] varchar(50) NULL, FK [Last_Name] varchar(30) NULL, [First_Name] varchar(30) NULL, [ADateTime] datetime NULL, Treat [ID] int NOT NULL, PK [Ednum] numeric(10, 0) NOT NUL
-
Payment Method while manually entering Receipt
Hi, I am not getting any payment method in the LOV for Payment Method while manually entering the receipt information. Receipt class and Payment method is defined in the system. Do I need to do any other setting so that the defined Payment method wil