Is it possible to get a CSS switch to load balance servers that are not directly connected. I have tried to do this for Web servers but without success. If the servers are directly connected it works fine, but if they are connected to a layer 2 switch, the CSS sees the services as alive, but no connection is established.
Yes, it is possible to have the servers not connected to the CSS itself. The important thing here is that depending on your desing this may cause an asymetric floe, since the server response will bypass the CSS.
If you are not doing source NATing on the CSS, then the server is seeing the real client?s IP as the source IP, so it will try to respond directly to the client and will do it thru the layer 2 switch.
Since the client sent a request to the VIP on the CSS, when sees the response from the server will drop the packets.
You can configure source NATing on the CSS to prevent this issue.
Configure a group and use add destination service to add the servers, like this
vip address 192.168.1.1
add destination service server1
add destiantion service server2
If you do not want the source NATing option, you can configure the servers to point to the CSS as their default gateway, that should prevent the asymmetric flow as well.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...