Cisco Support Community
Community Member

CSS and Extended Passive FTP problem.

Hi everyone.

I'm having a problem setting up a load balanced cluster of FTP servers behind a CSS 11506.

I can FTP into the cluster fine. I am redirected to one of the machines in a round robin fashion and can log in. The problem arises on mac's where typing in an ls command returns this:

ftp> ls

229 Entering Extended Passive Mode (|||32999|)

200 EPRT command successful

421 Service not available, remote server timed out. Connection closed

Now, if I type in the EPSV command and disable Extended Passive Mode prior to connecting to it, it works fine.

Also, connecting to any of the servers directly with epsv enabled works fine as well.

We have over 800k hits per month and telling everyone to disable epsv will be a problem. Is there a way to enable extended passive mode through the css?

Here is my config:

Group: ftpServers1 - Active ( Not Redundant)

Session Redundancy: Disabled

Last Clearing of Stats Counters: 03/20/2007 14:28:25

Associated ACLs: NONE

Source Services:


Name: Hits: State: Load: Trans: Keepalive: Conn:

----- ----- ------ ----- ------ ---------- -----

rem_ftp1 19857 Alive 44 6 FTP 0

rem_ftp2 38175 Alive 87 0 FTP 0

Destination Services:


Group Service Total Counters:

Hits/Frames/Bytes: 58032/58339/4277264

Connections Total/Current: 25/0

FTP Control Total/Current: 0/0

CSS11506# show rule pdb ftp-rule1

Name: ftp-rule1 Owner: pdb

State: Active Type: FTP

Balance: Round Robin Failover: N/A

Persistence: Enabled Param-Bypass: Disabled

Session Redundancy: Disabled

IP Redundancy: Not Redundant


L4: TCP/21


Redirect: ""

TCP RST client if service unreachable: Disabled

Rule Services & Weights:

1: rem_ftp1-Alive, S-1

2: rem_ftp2-Alive, S-1




Re: CSS and Extended Passive FTP problem.

EPSV is not supported.

The only workaround available to load balance passive ftp servers is to use "PASV" command instead of "EPSV" on clients.

Syed Iftekhar Ahmed

CreatePlease to create content