Cisco Ace - Gracefully shut down rserver with SSL connections

Unanswered Question
Nov 26th, 2008
User Badges:


I run a ace module in a 6509

Version A2(1.2) [build 3.0(0)A2(1.2)

How do i gracefully shut down a rserver with current ssl connections?

In this dokument it says that the: no inservice command resets all ssl connections. I want to let clients finish their ssl connections, then take the server out of service.

Does it let the clients finish their ssl sessions, if i take the rserver out of service with the: inservice standby command under serverfarm > rserver instead?

as in:

If it does, I have another problem, i want do restrict what commands my webmasters can run, and they need to shut down a server grecefully but limit other commands. If i give there users any of the predefined roles or try to make a own role, a can't make them gain access to take a rserver out of service (no inservice or inservice standby command i missing) in a serverfarm...? but my admin user can run those commands.

Does anyone have a idea what role that work or if i make my own role what rules i should use?

Appreciate any help!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ciscocsoc Wed, 11/26/2008 - 07:57
User Badges:
  • Silver, 250 points or more

Hi Kristoffer,

The minimum required access is modify to real-inservice.

ace1/Test(config)# role SCOPED1

ace1/Test(config-role)# description Allow control of servers

ace1/Test(config-role)# rule 1 permit modify feature real-inservice

ace1/Test(config-role)# rule 2 permit create feature config-copy

ace1/Test(config-role)# exit

ace1/Test(config)# exit

Then create a user and associate it with the scope.

ace1/Test(config)# username adminScoped password ReallySecret role SCOPED1 domain default-domain

Roles are documented in the Virtualisation Guide and in the Command Reference.



krilleorg Wed, 11/26/2008 - 23:40
User Badges:

doesn't seem to have that command:

rule 1 permit modify feature real-inservice

do you know what relese it is supported in?

or any other useful page a can look at the software releses or development train?



This Discussion