cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

618
Views
0
Helpful
1
Replies
chaoping chen
Beginner

Is't Single-VLAN One-Armed Mode let the pop-ups error?

Dear all

  In my network I deployed Single-VLAN One-Armed Mode In this mode,the real server’s default gateway is the upstream router. To ensure the return

flow traverses back through the load balancer, the IP address of the client isrewritten to that of the load balancer.

  Direct access web was fine ,however when open Pop-ups website will appear error Example, the figure-1 :1.png

  figure-1

  When I used real Server IP address not through ACE anything will be fine. Example, the figure-2 :

2.png

figure-2

The Web's Code

<%@ page language="java" pageEncoding="UTF-8"%>

<%@ taglib uri="/WEB-INF/hnisi.tld" prefix="hnisi"%>

<%@ include file="/jsp/framework/head.jsp"%>

<%@ page import="cn.sinobest.framework.util.DTOUtil,cn.sinobest.framework.util.Util,cn.sinobest.framework.util.ConfUtil" %>

<%

    //当前登录用户 所属系统机构

    String orgCode = DTOUtil.getUserInfo().getBAE001();

    //操作员ID

    String operId = DTOUtil.getValue("OPERID");

    //角色类型

    String roleType = DTOUtil.getValue("ROLETYPE");

        String fromFuncDesc = DTOUtil.getValue("fromFuncDesc");

    //所选操作员的姓名

    String sOperatorName = DTOUtil.getValue("SOPERATORNAME");

    //权限树 where 条件

    String whereClsTree = " rightid in (  select distinct B.RIGHTID "+

                " from FW_RIGHT B"+

                " left join FW_OPERATOR2RIGHT A on LOCATE(B.RIGHTID,A.RIGHTID) = 1"+

                 " where A.AAE100 ='1'"+

                 " and B.AAE100 ='1' and A.operid = '"+operId+"' ";

    //条件:有效角色,当前登录用户只能操作用户所属系统机构及下级机构的角色,以及上级机构的共享角色

    String whereCls =" AAE100 ='1' and (BAE001 like '"+orgCode+"%' or ( IFSHARED = '1' and LOCATE(BAE001,'"+orgCode+"') = 1))";

    if(!Util.isEmpty(roleType)){//角色类型

             whereClsTree +=" and AUTHTYPE='"+roleType+"' ";

             String roleType_zdfpzj = ConfUtil.getDict("ROLETYPE", "13");//最大分配角色

        if("2".equals(roleType)){//分配角色包括:分配角色、最大分配角色

                 whereCls += " and ROLETYPE in('"+roleType+"','"+roleType_zdfpzj+"') ";             

        }else{

                       whereCls += " and ROLETYPE='"+roleType+"' ";

        }

    }

    whereClsTree +=" )";

%>

<%-- 导航栏标签 --%>

<hnisi:gNavStr />

    <legend style="cursor:hand;" >

        <span>

            <img id="img_fw_authmngr_geneauth_list_grid" src="${ctx}/themes/default/images/query_icon_right.gif">

        </span>

        <span title="单击展开或收缩">

            <b><%=sOperatorName%></b>已拥有的权限树

            <hnisi:tree id="menus" type="1" whereCls="<%=whereClsTree %>"/>

        </span>

    </legend>

    <form name="roleListForm" method="post">

        <%-- 角色列表--%>

        <hnisi:glt id="fw_authmngr_geneauth_role" whereCls="<%=whereCls %>" />

        <p align="center">

            <%-- 确定按钮 --%>

            <hnisi:btn name="btnQuery" onclick="roleAutoOk()" value="保存" href="javascript:void(0)"/>

            <%-- 清除按钮 --%>

            <hnisi:btn name="btnCls" onclick="cls()" value="清除" href="javascript:void(0)"/>

            <%-- 关闭按钮 --%>

            <hnisi:btn name="btnClose" onclick="winClose()" value="关闭" href="javascript:void(0)"/>

        </p>

    </form>

    <form name="roleForm">

        <input type="hidden" name="OPERID" value="<%=operId %>"/>

        <input type="hidden" name="ROLEIDS">

    </form>

    <script type="text/javascript">

    <!--

    var orgCode ="<%=orgCode%>";

    var operId ="<%=operId%>";

    var roleType ="<%=roleType%>";

    /**

     * 权限列表窗口

     * @param roleId:角色ID

     */

    function winRight(roleId){

        var eventId="1";//授权事件(1 查询、2 授权)

             //弹出模态对话框,并加上时间戳以防止缓存

             window.showModalDialog("right!left.do?EVENTID=" + eventId+"&ROLETYPE="+roleType+"&ROLEID=" + roleId+"&_t="+new Date().getTime());

    }

    /**

     * 确定-保存授权信息

     */

         function roleAutoOk(){

                   $(function(){

                       var roleIds = "";

                       $.each($("input[name='checkbox']:checked"),function(i,o){

                           roleIds += (i==0 ? "" : ",")+o.value;                 

                       });                  

                       if (roleIds == ""){

                                FWalert("请选择要操作的角色!");                          

                                return;

                       }

                       roleForm.ROLEIDS.value  = roleIds;

                       var params = FWGetForm(roleForm);

                       if(params.ROLEIDS ==""){

                           FWalert("请选择要操作的角色!");

                       }else {

                                var fromFuncDesc = "<%=fromFuncDesc%>";

                                //先进入本次权限变更列表页面,确认后再保存

                                var title = encodeURIComponent('授权确认');//对话框的标题

                           var url = "right!list.do?OPERID="+operId+"&fromFuncDesc="+fromFuncDesc+"&ROLETYPE="+roleType+"&ROLEIDS="+roleIds+"&title="+title+"&_t="+new Date().getTime();

                                var position="resizable:1;status:0;help:0;scroll:1;center:1;dialogWidth:800px;dialogHeight:500px";

                                window.showModalDialog(url,window,position);

                       }

                   });

    }

    /**

     * 直接授权:弹出权限树窗口

     */

    function directAuto(){

        var eventId="2";//授权事件(1 查询、2 授权)

                   //弹出模态对话框,并加上时间戳以防止缓存

             window.showModalDialog("right!left.do?EVENTID=" + eventId+"&ROLETYPE="+roleType+"&OPERID=" + operId+"&_t="+new Date().getTime());

    }

    /**

     * 清除:清除已选择的角色 checkbox

     */

    function cls(){

        var c_checkbox=document.getElementsByName('checkbox');

                   for (i=0;i<c_checkbox.length;i++){

            c_checkbox[i].checked=false;

        }

    }

    /**

     * 关闭窗口

     */

    function winClose(){

             window.close();

    }

    //-->

    </script>

</body>

</html>



The ACE's config

`show running-config`

Generating configuration....

boot system image:c4710ace-mz.A4_2_0.bin

interface gigabitEthernet 1/1

  switchport access vlan 100

  no shutdown

interface gigabitEthernet 1/2

  shutdown

interface gigabitEthernet 1/3

  shutdown

interface gigabitEthernet 1/4

  switchport access vlan 3

  no shutdown

access-list ALL line 8 extended permit ip any any

access-list allowany line 8 extended permit ip any any

access-list allowany line 16 extended permit icmp any any

probe icmp Ping

  interval 2

  faildetect 2

  passdetect interval 2

  passdetect count 1

  receive 2

probe tcp TCP6666

  description RPC Client Access

  port 6666

  interval 30

  passdetect interval 60

  connection term forced

  open 10

probe tcp TCP8888

  description RPC Client Access

  port 8888

  interval 30

  passdetect interval 60

  connection term forced

  open 1

rserver host YB1

  ip address 110.43.102.241

  inservice

rserver host YB2

  ip address 110.43.102.245

  inservice

rserver host YB3

  ip address 110.43.102.246

  inservice

rserver host YB4

  ip address 110.43.102.247

  inservice

rserver host YB5

  ip address 110.43.102.248

  inservice

rserver host YB6

  ip address 110.43.102.242

  inservice

serverfarm host YB01farm

  predictor leastconns

  probe TCP6666

  rserver YB2

    inservice

  rserver YB3

    inservice

  rserver YB4

    inservice

  rserver YB5

    inservice

serverfarm host YB02farm

  predictor leastconns

  probe TCP8888

  rserver YB2

    inservice

  rserver YB3

    inservice

  rserver YB4

    inservice

  rserver YB5

    inservice

parameter-map type http PRESIST-REBALANCE

  persistence-rebalance

sticky ip-netmask 255.255.255.255 address source YB01-GRP

  timeout 60

  replicate sticky

  serverfarm YB01farm

sticky ip-netmask 255.255.255.255 address source YB02-GRP

  timeout 60

  replicate sticky

  serverfarm YB02farm

sticky http-cookie COOKIE1 STICKYYB01

  cookie insert browser-expire

  timeout 3600

  replicate sticky

  serverfarm YB01farm

action-list type modify http IP-header

  header insert request X-Forwarded-For header-value "%is"

class-map match-all YB01-slb-vip

  2 match virtual-address 110.43.102.251 any

class-map match-all YB02-slb-vip

  2 match virtual-address 110.43.102.252 any

class-map type management match-any remote_access

  description remote-access-traffic-match

  2 match protocol xml-https any

  3 match protocol icmp any

  4 match protocol telnet any

  5 match protocol ssh any

  6 match protocol http any

  7 match protocol https any

  8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

  class remote_access

    permit

policy-map type loadbalance http first-match YB01-slb

  class class-default

    sticky-serverfarm STICKYYB01

    action IP-header

policy-map type loadbalance http first-match YB02-slb

  class class-default

    sticky-serverfarm YB02-GRP

    action IP-header

policy-map type loadbalance first-match YB6666

  class class-default

    sticky-serverfarm STICKYYB01

    action IP-header

    insert-http https header-value "on"

policy-map multi-match client-vips

  class YB01-slb-vip

    loadbalance vip inservice

    loadbalance policy YB6666

    loadbalance vip icmp-reply active

    nat dynamic 100 vlan 100

    appl-parameter http advanced-options PRESIST-REBALANCE

  class YB02-slb-vip

    loadbalance vip inservice

    loadbalance policy YB02-slb

    loadbalance vip icmp-reply active

    nat dynamic 100 vlan 100

interface vlan 3

  ip address 192.168.50.2 255.255.255.240

  access-group input ALL

  service-policy input remote_mgmt_allow_policy

  no shutdown

interface vlan 100

  ip address 110.43.102.238 255.255.255.0

  access-group input allowany

  nat-pool 100 110.43.102.239 110.43.102.239 netmask 255.255.255.255 pat

  service-policy input remote_mgmt_allow_policy

  service-policy input client-vips

  no shutdown

ip route 0.0.0.0 0.0.0.0 110.43.102.112

1 REPLY 1
Kanwaljeet Singh
Cisco Employee

Hi,

The error comes when accessing the website through LB. The error is thrown by the server. Do  we know what does that error indicate and will be thrown by server under what circumstances?

Can you just try with one server in the serverfarm and check if it works fine?

Does it load initial page at all or throws error right away.

What do you see in show conn output? Which VIP is in question here?

Regards,

Kanwal