VLAN Tagging on the ACE 4710 Appliance

Hello all,
I have a quick question. How does the ACE 4710 Appliance works with VLAN tagging? I have virtual servers that I am trying to configure behind ACE. The VMs support VLAN tagging. Can I just trunk to link to my core switch and allow the ACE vlans to pass through?
Your help is greatly appreciated.

ACE 4710 support dot1q trunkning.
Configure the interface between 4710 and core switch as a trunk.
Same between your VMS and core switch.
Gilles

Similar Messages

  • ACE 4710 Appliance: init: failed to initialize modlock_init(): No such file or directo

    Hi,
    I have ACE 4710 Appliance, but it is failed and giving following error while login at console.....
    I am suspecting hardware issue..most probably with harddrive.... Please let me know if it can be recoverable of only replacement is the solution..
    switch login: init: failed to initialize modlock_init(): No such file or directo                                                                             ry
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    init: failed to initialize modlock_init(): No such file or directory
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    init: failed to initialize modlock_init(): No such file or directory
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    /isan/sbin/sysmgr: symbol lookup error: /isan/lib/libutils.so: undefined symbol:                                                                              tftp_callback_fn
    Regards
    Nadeem

    Hi,
    I RMAed the appliace, i think it was hardware failure which casue this issue.
    If some one face this issue please let me know...Thanks!
    Regards
    Nad

  • Alias vlan interfaces on the ACE

    I am getting up to speed the ACE module and seeing lots of cases where an alias is configured on both, the client and server side vlan interfaces. Is this a requirement?
    Thanks..

    Hi,
    Yes it is. If you have a pair of ACEs in routed mode, you should use aliases on your VLAN interfaces.
    This VLAN address should then be used by your servers as default-gateway on the server side, and as next-hop for you upstream routers on client-side.
    This way, if the primary ACE fails, the next-hop address and default-gateway of your upstream routers and servers don't have to be changed because the IP Address remains the same.
    Take a look at following doc for configuration guidelines: http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/rtg_brdg/guide/vlansif.html#wp1034811
    HTH,
    Dario

  • Schedule reload on ACE 4710 appliance?

    Is it possible to schedule a reload of an ACE appliance? Can yuo advise cmd's if so. Regards William

    Finally found it in the command reference guide too.
    reload
    To reload the configuration on the ACE, use the reload command.
    reload
    Syntax Description
    This command has no keywords or arguments.
    Command Modes
    Exec
    Admin context only
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/command/reference/execmds.html#wp1361286

  • ACE 4710 Appliance GUI configuration

    I am having an issue with configuration of the GUI for the 4710. If I am using local authentication, the GUI works fine. However when I turn on aaa and use radius to authenticate, I am unable to log into the GUI.
    When I place the 4710 into debug for aaa, I am sucessfully authenticating. My radius server's logs state the same.
    Has anyone run across this?

    Are you able to login to the CLI using AAA? Have you configued the role and domain for the user on your AAA server? Here is some documenation on configuring the role and domain for a use on the AAA server:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/aaa.html#wp1321891

  • ACE 4710 Appliance end-to-end SSL

    Hello,
    Am I able to use a port other than 443 to the servers in a end to end SSL config?  For example, 443 to the users and 8443 to the servers?
    Thanks,
    Dave

    Hi Dave,
    Sure that's not a problem at all.  Just make sure you add the 8443 after the rserver name in the serverfarm configuration
    serverfarm host REAL_SERVERS
      probe HTTPS-KEEPALIVE
      rserver SERVER_01 8443
        inservice
      rserver SERVER_02 8443
        inservice
    Hope this helps,
    Sean

  • ACE 4710 Appliance action list

    Hello,
    I am running an action-list for an SSL rewite and need to configure another SSL rewrite for a different VIP/site.  Can I add to that same action-list and reference in a different policy-map?  Or, do I need to create a new action-list for each VIP?
    Thanks,
    Dave

    I guess you'd better define a separate action-list for each site/VIP as it usually (always (-: ) contains the site name/IP:
    action-list type modify http SSL_ACTLIST
      ssl url rewrite location sysanlbs|sysanlbs\.sysa\.acme\.hu|10\.222\.6\.[148]

  • ACE30 - Accessing the ACE Applicance Device Manager

    Hi...
    I've got basic connectivty to our ACE30 module and when I try connecting to the management IP address (attached to the Admin context), I see a very basic GUI which only lists the CSM to ACE config conversion tool.  I don't see a GUI as detailed in the document:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/device_manager/guide/UG_over.html#wp1072950
    How do I get the ACE Applicance Device Manager GUI working so that I can then configure real servers, serverfarms etc rather than via the GUI?
    Having read through copious amount of documentation I can't seem to find a refrence that would help here.  This should be a fairly straight forward exercise - do I need to install some other software to get the full fledged GUI working?
    thanks
    Sheldon

    Only the ACE 4710 appliances have the GUI.   If you are looking for a GUI for the ACE30 module you will need to use Cisco Application Network Manager (ANM)   It will provide the GUI for the ACE30 to be able to configure it.   As you have seen, only the conversion tool is available on the module.

  • ACE 4710 Active/Active using virtual partitions

    Hi
    I am completely new to the Cisco ACE devices but have been asked to look at deploying them.  I have read the ACE virtual partioning paper which covers the ACE module, and it mentions the following;
    "In an active/active high-availability design, both the primary and backup Cisco ACE modules are active simultaneously. The active virtual partitions are distributed across both modules, such that approximately half are active on the primary module and the remaining are active on the backup module."
    My question is - does the same resilience model work the same using the Cisco 4710 appliances?  I.e. can we split virtual partions across two physical devices thereby having an active/active scenario.
    Apologies if this seems a very basic question.
    Cheers
    TS

    Hi Tony
    Yes, you can do the same on Appliance. One point which can be important for A/A implementation is that it's a good practice to have shared-vlan-hostid configured on ACEs.
    Briefly - When ACE boots it randomly picks up a one out of 16 pools of MAC addresses and use them on interfaces. So, if you have contexts which are sharing the same VLAN on different ACEs , there is a possibility that both of ACEs pick up the same pool and you will have duplicated MAC addresses.
    So you should configure something like this in Admin context (only on ACE which has Admin context active, configuration starts working only after reload of both devices) :
    shared-vlan-hostid 1
    peer shared-vlan-hostid 2
    More detailed abou this quesiton you can see here :
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_2_0/configuration/administration/guide/redundcy.html#wp1076704

  • ACE 4710 FT failover failure

    Hello,
    I am running redundant ACE 4710 appliances running A3(2.7).  I have five FT groups configured along with FT Tracking and when the vlans fail due to physical links being down, the contexts to do not failover.  If one of the ACE boxes fail completely, failover works fine.  I have included the FT config from one of the contexts below.  I have a case open with TAC and the Engineer is suggesting the use of a query interface in additon to FT Tracking.  We have had two incidents on separate contexts where we lost a physical interface on the primary ACE, one for the maintenance of the core switch, the other was a cable disconnect and we are unable to understand why the indivdual context didn't failover.  Any ideas would be much appreciated.  Let me know if more info/configs are needed.
    Dave
    ft interface vlan 900
      ip address 10.10.10.1 255.255.255.0
      peer ip address 10.10.10.2 255.255.255.0
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 20
      ft-interface vlan 900
    ft group 3
      peer 1
      no preempt
      priority 210
      peer priority 120
      associate-context XYZ
      inservice
    FT Group                     : 3
    No. of Contexts             : 1
    Context Name                 : XYZ
    Context Id                   : 2
    Configured Status           : in-service
    Maintenance mode             : MAINT_MODE_OFF
    My State                   : FSM_FT_STATE_ACTIVE
    My Config Priority           : 210
    My Net Priority             : 210
    My Preempt                   : Disabled
    Peer State                   : FSM_FT_STATE_STANDBY_HOT
    Peer Config Priority         : 120
    Peer Net Priority           : 120
    Peer Preempt                 : Disabled
    Peer Id                     : 1
    Last State Change time       : Wed Jan 11 13:14:16 2012
    Running cfg sync enabled     : Enabled
    Running cfg sync status     : Running configuration sync has completed
    Startup cfg sync enabled     : Enabled
    Startup cfg sync status     : Startup configuration sync has completed
    Bulk sync done for ARP: 0
    Bulk sync done for LB: 0
    Bulk sync done for ICM: 0
    show int
    vlan424 is up, VLAN up on the physical port
    Hardware type is VLAN
    MAC address is 00:1e:68:1e:ba:b7
    Virtual MAC address is 00:0b:fc:fe:1b:03
    Mode : routed
    IP address is 10.104.224.6 netmask is 255.255.255.0
    FT status is active
    Description:"New Server VIP and real"
    MTU: 1500 bytes
    Last cleared: never
    Last Changed: Sun Mar 11 01:13:12 2012
    No of transitions: 3
    Alias IP address is 10.104.224.5 netmask is 255.255.255.0
    Peer IP address is 10.104.224.7 Peer IP netmask is 255.255.255.0
    Assigned on the physical port, up on the physical port
    Previous State: Sun Mar 11 00:04:57 2012, VLAN not up on the physical port
    Previous State: Sun Sep 18 10:21:15 2011, administratively up
         3991888419 unicast packets input, 23734607976687 bytes
         20246934 multicast, 174801 broadcast
         0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
         1609345958 unicast packets output, 23690663385228 bytes
         7 multicast, 55807 broadcast
         0 output errors, 0 ignored

    Dave,
    For tracking to work you need to have preempt enabled. Can you try enabling preempt under the ft group and test your tracking again? Another potential issue you may run into is if your tracking is not lowering the priority enough when it fails. The difference between the active and standby device is 100. If you are not decrementing the priority greater than this value even if priority is enabled it will not lower it enough to force the failover. If after enabling preempt on this group the tracking still does not work as expected send you whole config for us to look at.
    Regarding the query interface; This is not a bad idea. It will help prevent an active active situation if there is a problem with the ft link between the two modules.
    Thanks
    Jim

  • ACE 4710 Connectivity help?

    I'm using an ACE 4710 in a new datacenter, with the following setup:
    2/4 physical ethernet interfaces port channeled into port-channel 1
    2/4 physical ethernet interfaces port channeled into port-channel 2
    I have the following vlans defined:
    1001 - admin     - interface ip: 10.53.136.70
    400 - client side - interface ip: 10.53.136.100
    500 - server side - interface ip: 192.168.128.1
    999 - fault tolerance - interface ip: 192.168.11.2
    My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server.  For example, if I ssh to 10.53.136.102, it times out.  (10.53.136.102 should get nat'd to 192.168.128.2)
    Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
    I'm thinking there is either something wrong with the port-channels, or the access lists.  On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
    Any thoughts?
    Thanks,
    Brent

    I've attached the two contexts which we are using.  The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
    From the load balancer, I am able to ping the real server ips in the 192.168. ip range.  The 4710 recognizes that they are in service.
    I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
    Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going.  Once I accomplish that, I will work on high availability.  I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
    Thanks,
    Brent

  • ACE 4710: No image in GRUB loader

    I have an ACE 4710 appliance that has only a Linux kernel in its GRUB loader, no ACE image.  Is anyone aware of how I could copy the image to the ACE via TFTP, USB drive, etc.?

    Hi Joe,
    Take a look at this link.  It will show you how to copy and image to the ACE using the ACE-APPLIANCE-RECOVERY-IMAGE.bin.  If it can't find this, then you may need to RMA the device.
    Reformatting the Flash Memory
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_2_x/configuration/admin/guide/managesw.html#wp1069378
    Hope this helps,
    Sean

  • ANM 5.2 unable to import ACE 4710

    Good day,
    I am currently experiencing a problem while trying to import multiple 4710 ACE Appliances into ANM. ANM version is 5.2 and ACE 4710 Appliances version is 5.1.2. The error message is the same for all Appliances (currently 14, more to be deployed this year, another 12 this year). The management class, policy-map and servcie policy are all in place.
    The error message is below:
    Any assistance would be greatly appreiated.
    Thank you.
    Paul

    Paul,
    Can you get a show tech-support?
    After that, can you do the following:
    1. "dm status"
    2. "dm reload"
    3. "dm status"
    I think you probably may require to reboot the box but it will be better to open a TAC case for that and check deeper.
    Hope this helps!
    Jorge

  • ACE 4710 or CSS11501

    I will buy an appliance with the main funcionality or idea of load balancing of web servers.
    I heard that CSS is an obsolete hardware than goes to EOL and the new hardware is the ACE4710. Is it?
    Could someone tell me the pricipal differences? Or could someone recomend me some of them?

    The CSS was created more than 10 years ago. It does a great job but we have stopped adding new features to it for some time now.
    The Ace 4710 is the new product, designed 2 years ago and with a huge team of developpers still adding new features to it...like ipv6 support coming soon.
    Gilles.

  • Server-conn reuse stats on ACE 4710?

    Hi,
    Does anyone know if it's possible to get the server-conn reuse stats on an ACE 4710 appliance?  I'd like to confirm that it's working and ideally see the number of resued connections.
    Thanks,
    Jim

    Scimitar1/Admin# show np 1 me-stats "-socm -v" | i [uU][sS][eE]
    Reuse retrieve link update conn invalid           0             0
    Reuse retrieve link update conn not on r          0             0
    Reuse retrieve success but conn invalid:          0             0
    Reuse retrieve miss:                              0             0
    Reuse conns retrieved:                            0             0
    Scimitar1/Admin#
    The last 2 indicates if a new connection is needed (miss) or if we could retrieve an existing one.
    Gilles.

Maybe you are looking for