Modify a tcp idle time-out on ACE

Answered Question
Mar 2nd, 2008
User Badges:

Hi.

I have a question about tcp idle-time out on ace.

I configured like below


set timeout inactivity 600000


class-map match-any TCP_Connection_IP

2 match virtual-address 100.254.130.0 255.255.255.0 tcp any


policy-map multi-match TCP_Connection_Policy

class TCP_Connection_IP

connection advanced-options TCP_Connection_Timer


interface vlan 30(Client Vlan)

service-policy input TCP_Connection_Policy


interface vlan 330(Server Vlan)

service-policy input TCP_Connection_Policy


Is it a correct?,

If ok, How can I check the tcp-idle?

as show command,


Correct Answer by Gilles Dufour about 9 years 4 months ago

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.


ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0


class-map net1

match access-list net1


policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer



Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.


There is no command to see if a connection has the right idle timeout.


All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Mon, 03/03/2008 - 01:59
User Badges:
  • Cisco Employee,

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.


ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0


class-map net1

match access-list net1


policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer



Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.


There is no command to see if a connection has the right idle timeout.


All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.


Gilles.

Actions

This Discussion