10-03-2012 11:20 PM
Hello ,
Kindly any one help to configure Cisco Ace 4710 , I am new in LB so plz guide to Configure ACE with my scenario which is given by my boss.
Note :- Just a testing face I need to access my one server(192.168.1.11 : 80) through VIP :- 10.13.77.10 , I have only one Cisco Router 2800 and One L2 Cisco Switch 2960 and Cisco Ace 4710 . So I already configured 2 Different VLANS in Switch (Vlan 10 & Vlan 100) and by router I given the ip address of that Vlans with Inter Routing Vlan.
My Connectivity is like this :-- Router Ethernet 0/0 --- 10.13.77.1/24 with vlan 10) & Router Ethernet 0/1 ---- 192.168.1.1/24 with vlan 100 ) connected with switch after that I configured ACE LB and connect the ACE interface with switch Like that ---- Connect to ACE Interface 2/3 vlan10 with switch vlan10(Ethernet port 2-12) and
Connect to ACE Interface 3/3 vlan100 with switch vlan100(Ethernet port 13-24) .
Testing to access server from Switch Vlan10 to Vlan 100 where my server is there.
Configuration :--- ACE> client side Vlan10 (10.13.77.4/24) , VIP :- 10.13.77.10, SM-- 255.255.255.255
ACE> server side Vlan100 (192.168.1.5/24), Web server -- 192.168.1.11 with 80 port
ACE> Managment Vlan 1000 (172.16.6.5/24) ,
ip route 0.0.0.0 0.0.0.0 10.13.77.1
I already Configured in Routed mode but From Vlan10 ip subnet example like 10.13.77.12(Client or User PC) tried to access server 192.168.1.11 with VIP http://10.13.77.10 but not responding , if i access server with real IP then accessible (why boz there is inter vlan routing) , PLZ Guide.
Regards,
Prem
10-11-2012 04:34 AM
Hi,
Is this possible to configure ACE 4710 bridge mode in two different ip subnet boz earliar I configured in same ip subnet worked on Router one side interface and ACE's bridge-group 3 (bvi 3)(two different VLAN). Plz guide
prem
10-12-2012 01:59 PM
Hi Prem,
Yes, you can configure more than one BVI group per Context
---------------------
Cesar R
ANS Team
10-12-2012 10:49 PM
Hi,
Plz guide to configure Probe bcoz I configured Routed Mode but when I apply the Probe on rserver or serverfarm then VIP did't responding, without probe working fine... also check sticky configuration and maintanence_page as well not working...
Kindly reply soon..... find my Sh run status...
LB/Admin# sh prob
probe : probe1
type : HTTP
state : ACTIVE
----------------------------------------------
port : 80 address : 0.0.0.0 addr type : -
interval : 5 pass intvl : 10 pass count : 3
fail count: 3 recv timeout: 10
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
rserver : web1
192.168.10.3 80 -- 106 106 0 FAILED
LB/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
resource-class RC1
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-mz.A4_2_0.bin
hostname LB
interface gigabitEthernet 1/1
description Management
speed 1000M
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description clientside
switchport access vlan 30
no shutdown
interface gigabitEthernet 1/3
description serverside
switchport access vlan 31
no shutdown
interface gigabitEthernet 1/4
no shutdown
context Admin
description Management
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe http probe1
description health check
interval 5
passdetect interval 10
request method head
expect status 200 200
open 1
rserver redirect https_redirect
description redirect traffic to https
webhost-redirection / 302
inservice
rserver redirect maintenance_page
description maintenance page displayed
webhost-redirection /sry.html 301
inservice
rserver host web1
ip address 192.168.10.3
probe probe1
inservice
rserver host web2
ip address 192.168.10.4
inservice
rserver host web3
ip address 192.168.10.5
inservice
serverfarm host http
rserver web1
inservice
rserver web2
inservice
--More--
rserver web3
inservice
serverfarm redirect https_redirect_farm
description Redirect traffic to https
serverfarm redirect maintenance_farm
description send user to maintenance page
sticky http-cookie Cookie1 StickyGroup1
cookie insert browser-expire
serverfarm http backup maintenance_farm
class-map match-all REMOTE-ACCESS
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
class-map match-all slb-vip
--More--
2 match virtual-address 172.16.15.50 tcp eq www
policy-map type management first-match remote_access
class class-default
permit
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm http
policy-map type inspect http all-match slb-vip-http
class class-default
permit
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply active
inspect http policy slb-vip-http
interface vlan 30
description "Client Side"
ip address 172.16.15.10 255.255.255.0
access-group input everyone
service-policy input client-vips
no shutdown
interface vlan 31
description "Server Side"
ip address 192.168.10.1 255.255.255.0
service-policy input remote_access
no shutdown
interface vlan 1000
description managment
ip address 172.29.91.110 255.255.255.0
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.15.8
snmp-server contact "PHQ"
snmp-server community phq group Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$b2txbc5U$TA74D920oSdd2eOZ4hSFe/ role Admin domain
default-domain
username www password 5 $1$.GuWwQEK$r8Ub4OcE3l190d5GA4kvR. role Admin domain de
fault-domain
username prem password 5 $1$8C7eRKrI$it3UV4URZ26X4S/Bh6OEr0 role Admin domain d
efault-domain
ssh key rsa 1024 force
Regards,
Prem
10-17-2012 10:11 PM
Hi,
I configured ACE in routed mode but probe is not working without probe working but accessing server is very slow so plz guide.. I configured interface Giga 2 for client and interface Giga 3 for server side and two interface 1 for management & 4 is free. Also check above my Sh Run status for real configuration.
Note :-- is there required Parameter map and sticky configuration for this issue (very slow access server),,,,,Reply soon plz
Regards,
Prem
10-18-2012 03:14 PM
Hi Prem,
Please paste or send me the new configuration and let me know VIP address
---------------------
Cesar R
ANS Team
10-18-2012 10:19 PM
Hi Cesar,
Kindly Help .....Accessing the server very slow.., Plz check my real configuration... this configuration is for application server and after this i have to configure more serverfarm for different server like webmail etc. in this ACE 4710. I have only one ACE 4710 .
ACE Version A4(2.0) = is there supports Probe with this version.??? without probe server will work but very slow.
VIP :-- 172.16.15.8
LB/Admin# sh run
Generating configuration....
no ft auto-sync startup-config
logging enable
logging host 172.29.91.112 udp/514
resource-class RC1
limit-resource all minimum 10.00 maximum unlimited
boot system image:c4710ace-mz.A4_2_0.bin
hostname LB
interface gigabitEthernet 1/1
description Management
speed 1000M
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
description clientside
switchport access vlan 30
no shutdown
interface gigabitEthernet 1/3
description serverside
switchport access vlan 31
no shutdown
interface gigabitEthernet 1/4
no shutdown
context Admin
description Management
member RC1
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
probe http probe1
description health check
interval 5
passdetect interval 10
request method head
expect status 200 200
open 1
rserver redirect https_redirect
description redirect traffic to https
webhost-redirection / 302
inservice
rserver redirect maintenance_page
description maintenance page displayed
webhost-redirection /sry.html 301
inservice
rserver host web1
ip address 192.168.10.3
inservice
rserver host web2
ip address 192.168.10.4
inservice
rserver host web3
ip address 192.168.10.5
inservice
serverfarm host http
rserver web1
inservice
rserver web2
inservice
rserver web3
inservice
serverfarm redirect https_redirect_farm
description Redirect traffic to https
serverfarm redirect maintenance_farm
description send user to maintenance page
parameter-map type connection paramap_http
description parameter connection tcp
exceed-mss allow
sticky ip-netmask 255.255.255.0 address source Sticky_http
timeout activeconns
serverfarm http
class-map match-all REMOTE-ACCESS
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
class-map match-all slb-vip
2 match virtual-address 172.16.15.8 tcp eq www
policy-map type management first-match remote_access
class class-default
permit
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm http
policy-map type inspect http all-match slb-vip-http
class class-default
permit
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply active
inspect http policy slb-vip-http
connection advanced-options paramap_http
interface vlan 30
description "Client Side"
ip address 172.16.15.24 255.255.255.0
access-group input everyone
service-policy input client-vips
no shutdown
interface vlan 31
description "Server Side"
ip address 192.168.10.1 255.255.255.0
service-policy input remote_access
no shutdown
interface vlan 1000
description managment
ip address 172.29.91.110 255.255.255.0
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.15.1
snmp-server contact "PHQ"
snmp-server community phq group Network-Monitor
snmp-server trap-source vlan 1000
username admin password 5 $1$b2txbc5U$TA74D920oSdd2eOZ4hSFe/ role Admin domain
default-domain
username www password 5 $1$.GuWwQEK$r8Ub4OcE3l190d5GA4kvR. role Admin domain de
fault-domain
username prem password 5 $1$8C7eRKrI$it3UV4URZ26X4S/Bh6OEr0 role Admin domain d
efault-domain
ssh key rsa 1024 force
banner motd # "ro" #
Regards,
Prem
10-24-2012 06:10 AM
Hi Prem,
What is the current behavior? You say you see some slowness.
What are the specific affected rservers?
Additionally, those redirects do not look well.
Probe are supported in this version.
What is the output which you got with #show probe probe1 detail?( I assume you are using probe1)
Additionally, I would remove this line from your config: inspect http policy slb-vip-http, for testing purposes
Jorge
10-24-2012 06:35 AM
Can you shows us the following outputs?
#show service-policy client-vips class-map slb-vip detail?
For now, you can test with your configuration like this:
policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
policy-map type loadbalance first-match slb
class class-default
serverfarm http
serverfarm host http
rserver web1
inservice
rserver web2
inservice
rserver web3
inservice
rserver host web1
ip address 192.168.10.3
inservice
rserver host web2
ip address 192.168.10.4
inservice
rserver host web3
ip address 192.168.10.5
inservice
Once you test it like this and everything works good then we can include probes, parameters, etc...
Now in regards to the redirect configuration, here you have a sample of a redirect from one site to another:
policy-map multi-match WEB-TRAFFIC
class HTTP-VIP
loadbalance vip inservice
loadbalance policy REDIRECT-PM
class-map match-all HTTP-VIP
2 match virtual-address 172.21.162.178 tcp eq http
policy-map type loadbalance first-match REDIRECT-PM
class class-default
serverfarm REDIRECT-SERVERFARM
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-CISCO
inservice
rserver redirect REDIRECT-TO-CISCO
webhost-redirection http://www.cisco.com 301
inservice
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide