Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1499
Views
0
Helpful
3
Replies

ACE: parse length-exceed action

Go to solution
gavin han
Level 1
Level 1

‎04-19-2012 05:42 PM

Hi,

I've to configure following:

Cisco ACE is dropping the TCP connection between client and Server because the  login HTTP request exceeds a Cisco length limit. The  authentication request sent by the client which includes the Kerberos token is much larger than most HTTP requests.

Setting the Cisco parse length-exceed action to "continue" resolved the issue in the case recorded.

=

where and how do I configure it?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ciscocsoc
Level 4
Level 4

‎04-20-2012 01:29 AM

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ciscocsoc
Level 4
Level 4

‎04-20-2012 01:29 AM

Hi,

The following config snippet should point you in the right direction:

parameter-map type http SomeRandomName

  length-exceed continue

policy-map multi-match L4POLICY

  class L4VIPCLASS

    loadbalance vip inservice

    loadbalance policy LB-POLICY-Web

    loadbalance vip icmp-reply active

    loadbalance vip advertise

    appl-parameter http advanced-options SomeRandomName

HTH

Cathy

0 Helpful

Go to solution
mateja.jovanovic
Level 1
Level 1
In response to ciscocsoc

‎04-16-2013 07:31 AM

Hello,

Is there a difference between the command you´re proposing, and this:

parameter-map type http PARAM-SSO

  set header-maxparse-length 8192

  length-exceed continue

Should be the same from how I see it... is it?

0 Helpful

Go to solution
ciscocsoc
Level 4
Level 4
In response to mateja.jovanovic

‎04-16-2013 07:42 AM

There is a small difference.

The default max-parse-length is 2048 bytes, so the snippet presented in the update of 20/04/12 will parse 2048 bytes for whatever it was looking for and then continue with load-balancing. The snippet you propose will parse 8192 bytes and then continue if the object isn't found.

It will make a difference in the case of the URL/Cookie being in bytes 2049-8192 of the header.

HTH

Cathy

0 Helpful
Customers Also Viewed These Support Documents