RE: Css 15101

From: Abdullah, Yasser (Yasser.Abdullah@getronics.com)
Date: Sat Sep 11 2004 - 03:28:19 GMT-3

• Next message: Taiyi Sun: "about CB policing"
• Previous message: hcb@gettcomm.com: "RE: Failed RS lab [7:92677]"
• Maybe in reply to: Cocimano, Francesco: "Css 15101"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've never used the CSS (only Foundry ServerIron) but I believe that by
default, it is normal for the switch to not to change the source IP address
of the client.

 What you need to ensure is that the traffic going back from the server to
the client must go through the CSS (no asymmetric routes).

You might be able to use NAT to modify this behavior. Check if this document
is of any help:

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps789/products_confi
guration_example09186a008009470e.shtml

Brgds,
 
Yasser

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Cocimano, Francesco
Sent: Friday, September 10, 2004 1:06 PM
To: ccielab@groupstudy.com
Subject: Css 15101

Hi,
our customer has a problem with a CSS 11501. Details, network picture and
configurations follow:
If we open a telnet port 80 connection from switch with IP address
213.175.28.5 to virtual IP addess of CSS 213.175.28.19, the CSS forwards the
connection to one of two servers ( for example the 213.175.28.143 ) but the
response from the server has as destination IP address 213.175.28.5 and not
the virtual IP address of CSS, so it is impossible to get a connection.
The CSS doesn`t replace the source IP address with the virtual IP address.
Is it a problem of design not supported to CSS or is a software bug?
Many thanks
Francesco
PINLD001-a# show run
!Generated on 09/09/2004 10:01:28
!Active version: sg0720405

configure

!*************************** GLOBAL ***************************
  setspan src_port e1 dest_port e2 copyBoth
  no restrict web-mgmt
  sntp server 213.175.2.7 version 2
  sntp poll-interval 90
  username ******** des-password zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser
  restrict ssh
  no restrict xml
  idle timeout 1
  idle timeout web-mgmt 1

  snmp trap-type enterprise

  snmp trap-host 10.253.8.13 ++++++++
  snmp community +++++++ read-only
  snmp trap-host 10.253.8.10 ++++++
  snmp trap-type generic
  snmp auth-traps
  snmp location "La rustica"
  snmp trap-type enterprise login-failure
  snmp trap-type enterprise redundancy-transition
  snmp trap-type enterprise service-transition
  snmp trap-type enterprise reload
  snmp trap-type enterprise chmgr-ps-transition
  snmp trap-type enterprise chmgr-module-transition
  snmp trap-type enterprise isc-lifetick-failure
  snmp name "PINLD001-a"

  logging buffer 50000

  ip route 0.0.0.0 0.0.0.0 10.253.18.249 1

!************************* INTERFACE *************************
interface e1
  phy 100Mbits-FD
  description "Collegamento al PIX"

interface e2
  phy 100Mbits-FD
  description "Porta Di Monitoring"

interface e3
  phy 100Mbits-FD
  description "Collegamento tra CSS"

interface e4
  admin-shutdown

interface e5
  bridge vlan 2
  description "PDPDC001 eth1"

interface e6
  admin-shutdown

interface e7
  admin-shutdown

interface e8
  admin-shutdown

interface e9
  admin-shutdown

!************************** CIRCUIT **************************
circuit VLAN1
         
  ip address 10.253.18.253 255.255.255.248
    ip virtual-router 1 priority 200 preempt
    ip redundant-interface 1 10.253.18.252

circuit VLAN2

  ip address 213.175.28.2 255.255.255.128
    ip virtual-router 2 priority 200 preempt
    ip redundant-interface 2 213.175.28.1

!************************** SERVICE **************************
service PDPAS003
  keepalive port 80
  ip address 213.175.28.143
  active

service PDPAS004
  keepalive port 80
  ip address 213.175.28.144
  active

service PDPWB001
  ip address 213.175.28.21
  keepalive type ssl
  active

service PDPWB002
  ip address 213.175.28.22
  keepalive type ssl
  active

!*************************** OWNER ***************************
owner Protocollo

  content E-learning
    add service PDPAS003
    add service PDPAS004
    vip address 213.175.28.19
    balance srcip
    active

  content PDPWB000Virtuale
    add service PDPWB002
    add service PDPWB001
    vip address 213.175.28.20
    sticky-inact-timeout 30
    balance srcip
    active

  content Prova_SSL
    port 443
    protocol tcp
    add service PDPWB001
    add service PDPWB002
    vip address 213.175.28.20
    advanced-balance ssl
    sticky-inact-timeout 10
    param-bypass enable

PINLD001-a#
PINLD001-b# show run
!Generated on 09/09/2004 10:05:24
!Active version: sg0720405

configure

!*************************** GLOBAL ***************************
  setspan src_port e1 dest_port e2 copyBoth
  no restrict xml
  no restrict web-mgmt
  restrict ssh
  sntp server 213.175.2.7 version 2
  sntp poll-interval 90
  username +++++++++ des-password zfyc4bfgtaxdxfqasewe4fcbmeaabcgd superuser

  snmp trap-type enterprise

  snmp trap-host 10.253.8.13 ++++++++
  snmp trap-type generic
  snmp auth-traps
  snmp location "La rustica"
  snmp name "PINLD001-b"
  snmp trap-type enterprise login-failure
  snmp trap-type enterprise redundancy-transition
  snmp trap-type enterprise service-transition
  snmp trap-type enterprise reload
  snmp trap-type enterprise chmgr-ps-transition
  snmp trap-type enterprise chmgr-module-transition
  snmp trap-type enterprise isc-lifetick-failure
  snmp trap-host 10.253.8.10 ++++++++
  snmp community ++++++ read-only

  logging buffer 50000

  ip route 0.0.0.0 0.0.0.0 10.253.18.249 1

!************************* INTERFACE *************************
interface e1
  description "Porta di coll. PIX-b"
  phy 100Mbits-FD

interface e2
  description "Porta di Monitoring"
  phy 100Mbits-FD

interface e3
  description "Collegamento tra CSS"
  phy 100Mbits-FD
         
interface e4
  phy 100Mbits-FD

interface e5
  bridge vlan 2
  description "PDPDC001 eth2"

interface e6
  bridge vlan 2
  description "PDPDC002 eth2"

interface e7
  bridge vlan 2
  description "PDPWB001 eth2"

interface e8
  bridge vlan 2
  description "PDPWB002 eth2"

interface e9
  bridge vlan 2

!************************** CIRCUIT **************************
circuit VLAN1

  ip address 10.253.18.254 255.255.255.248
    ip virtual-router 1
    ip redundant-interface 1 10.253.18.252

circuit VLAN2

  ip address 213.175.28.3 255.255.255.128
    ip virtual-router 2
    ip redundant-interface 2 213.175.28.1

!************************** SERVICE **************************
service PDPAS003
  keepalive port 80
  ip address 10.253.18.251
  active

service PDPAS004
  keepalive port 80
  ip address 213.175.28.144
  active

service PDPWB001
  ip address 213.175.28.21
  keepalive type ssl
  active

service PDPWB002
  ip address 213.175.28.22
  keepalive type ssl
  active

!*************************** OWNER ***************************
owner Protocollo

  content E-learning
    add service PDPAS003
    add service PDPAS004
    vip address 213.175.28.19
    balance srcip
    active

  content PDPWB000Virtuale
    add service PDPWB002
    add service PDPWB001
    vip address 213.175.28.20
    sticky-inact-timeout 30
    balance srcip
    active

  content Prova_SSL
    add service PDPWB001
    add service PDPWB002
    protocol tcp
    port 443
    vip address 213.175.28.20
    balance srcip
    advanced-balance ssl
    sticky-inact-timeout 10
    param-bypass enable

[GroupStudy removed an attachment of type application/octet-stream which had
a name of schema.vsd]

• Next message: Taiyi Sun: "about CB policing"
• Previous message: hcb@gettcomm.com: "RE: Failed RS lab [7:92677]"
• Maybe in reply to: Cocimano, Francesco: "Css 15101"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:41 GMT-3