04-19-2012 05:42 PM
Hi,
I've to configure following:
Cisco ACE is dropping the TCP connection between client and Server because the login HTTP request exceeds a Cisco length limit. The authentication request sent by the client which includes the Kerberos token is much larger than most HTTP requests.
Setting the Cisco parse length-exceed action to "continue" resolved the issue in the case recorded.
=
where and how do I configure it?
Thanks in advance.
Solved! Go to Solution.
04-20-2012 01:29 AM
Hi,
The following config snippet should point you in the right direction:
parameter-map type http SomeRandomName
length-exceed continue
policy-map multi-match L4POLICY
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy LB-POLICY-Web
loadbalance vip icmp-reply active
loadbalance vip advertise
appl-parameter http advanced-options SomeRandomName
HTH
Cathy
04-20-2012 01:29 AM
Hi,
The following config snippet should point you in the right direction:
parameter-map type http SomeRandomName
length-exceed continue
policy-map multi-match L4POLICY
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy LB-POLICY-Web
loadbalance vip icmp-reply active
loadbalance vip advertise
appl-parameter http advanced-options SomeRandomName
HTH
Cathy
04-16-2013 07:31 AM
Hello,
Is there a difference between the command you´re proposing, and this:
parameter-map type http PARAM-SSO
set header-maxparse-length 8192
length-exceed continue
Should be the same from how I see it... is it?
04-16-2013 07:42 AM
There is a small difference.
The default max-parse-length is 2048 bytes, so the snippet presented in the update of 20/04/12 will parse 2048 bytes for whatever it was looking for and then continue with load-balancing. The snippet you propose will parse 8192 bytes and then continue if the object isn't found.
It will make a difference in the case of the URL/Cookie being in bytes 2049-8192 of the header.
HTH
Cathy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: