Cisco

You are viewing all the Cisco related articles. These articles are from my own experience and knowledge. For training material please check out:

CCNA ICND1
CCNA ICND2
Trainsignal Video Training

Understanding ACE Concepts Part I

Virtualize while you virtualize

Just to warn you, these concepts are from my own knowledge and how I came to understand how the ACE understands load balancing. Please refer to the full documentation on Cisco’s website.

To fully understand how the ACE works there are core areas to be familiar with:

  • Virtualization
  • Server load balancing
  • Security

The ACE works in terms of virtualization. Within virtualization you have different areas:

  • Contexts
  • Domains
  • Role-based access control
  • Resource Classes

Contexts

A context is an actual virtualized environment in the ACE. You can configure multiple contexts which are all divided and act as a single ACE appliance. Within each context you can apply policies, servers, serverfarms, interfaces and even different administration rules.

Cisco ACE Contexts

Domains

Within each context you can create multiple domains. Domains allow you to control user access to objects in a context. A user is an account you create to allow administration to resources defined within the domain which is associated to a context.

Role-based Access Control

Otherwise known as RBAC. A set of permissions assigned to users which gives them predefined roles for access.

Resource Classes

You create resource classes and associate contexts to a resource class to manage access to ACE resources. This is useful for controlling how much resources can be used per context so that one context does not utilize all resources on the ACE. When all resources are exhausted you will have performance issues.

Diving In

Define a resource class. When configuring an ACE you will start off in the Admin context. From there you will create a Resource Class for the virtual context(s) you will create to load balance your website.

Create a context. After a Resource Class is created and configured you create a Context and associate it with a Resource Class. This context will serve as the virtual ACE which will manage traffic to the site you want load balanced.

By default, traffic to the newly created context is denied so you will have to create an access list to allow traffic. (Later described)

To begin configuring load balancing you will have to define an rserver. An rserver is a “Real Server”. This maps back to your web server. rservers host the same content which is why we’re load balancing, right?

Those rservers will be associated with a serverfarm. A server farm is a group of networked real servers (rservers).

So in summary and for simplicity, you would configure the ACE in this manner:

  1. Resource Class
  2. Context
  3. Access-lists
  4. Real Servers
  5. Server Farm

That’s just a quick rundown on configuring an ACE. Also, when configuring Contexts, you must specify how traffic will exit so a default route will need to be configured.

{ 0 comments }

Cisco LWAPP AP Controller Joining Issues

I’ve been having one hell of a time with a Cisco AP in one of our remote offices. Randomly, it will just fall off the face of the Earth and lose connection with our Controller at HQ. It started off as one of those mysterious issues where the cliche “reboot” would do the trick. While this may be okay for the first time it gets quite annoying if you have to do it multiple times thereafter.

Even TAC had a shot at it and while I can’t remember what they did the end result was still the same. I connected to the AP using a console cable to see if there were any log messages displaying. Yes there were!

Here’s what caught my eye:

AP resolving cisco-lwapp-controller to 10.39.39.19

Not okay with me because our controller is not located at 10.39.39.19. I know I specifically created a DNS entry for cisco-lwapp-controller and it was there. But why on Earth would it resolve to 10.39.39.19? I found that it was resolving the controller to cisco-lwapp-controller.cisco.com.

What I decided to do is manually set the configuration for the AP since it wasn’t getting the correct settings. I started by removing the ip helper-address on vlan with the AP. Then on the controller I performed the commands:

configured static ip addr to RemoteAP
config ap static-ip add domain RemoteAP localdomain.com
config ap static-ip add nameserver RemoteAP 5.10.50.10

Then verify settings on controller:

show ap config general ap-name

[click to continue…]

{ 0 comments }

EIGRP Notes – Overview and Neighbors

I’m back to studying for my CCNP R&S. I’m going back with a new mindset. I want to read to understand and do a lot of labs that will help make me understand the concepts.

What is the basic EIGRP configuration command?

router eigrp asn
network net-id wildcard-mask

What is the concept of the router EIGRP configuration commands?

For routers to become neighbors they must be configured with the same ASN number. Enabled interfaces are matched by the network command. Those interfaces enabled will attempt to discover neighbors on that interface by sending EIGRP multicast hello messages. Advertisements are also made to neighbors on the enabled interface about the connected subnet.

If no wildcard mask is configured with the network command then it will use the classful network number. The wildcard mask acts like an ACL by applying a logic comparing the network id with each interface’s IP address.

What are some key EIGRP verification commands?

  • show ip eigrp interfaces
  • show ip protocols
  • show ip eigrp neighbors
  • show ip eigrp topology
  • show ip route

What command is used to verify EIGRP enabled interfaces?

  • show ip eigrp interfaces
  • show ip protocols

What steps does EIGRP follow to add routes to the IP routing table?

1. Neighbor discovery via Hello messages

2. Topology exchange – Full updates then partial updates

3. Choosing routes – lowest-metric routes

How does EIGRP exchange topology information?

1. EIGRP router sends neighbor discovery Hello message

2. Router sends full routing update

3. Router’s continue to send Hello messages

4. Changes are sent using Partial Updates

[click to continue…]

{ 0 comments }

← Previous Entries