Hi,

I'm trying to get a configuration working for our CSS11503 and I'm pretty lost on what I need to do. I'm primarily a application developer/WebLogic admin so I have some understanding of networking but general at best.

What we're trying to accomplish is to establish connectivity through the CSS to a WebLogic cluster. Currently it doesn't look like anything is going through the CSS at all. So, how do I diagnose traffic coming into the CSS? I've turned logging levels to debug-7 and do see some traffic coming in from the outside interface but it shows it as a DOS attack?

Here is our current configuration:

CSS11503(config)# show running-config

!Generated on 04/08/2004 07:51:38

!Active version: sg0710405

configure

!*************************** GLOBAL ***************************

no restrict web-mgmt

sntp server 149.83.131.15 version 1

cdp run

logging subsystem ipv4 level debug-7

logging subsystem syssoft level debug-7

logging subsystem buffer level debug-7

logging subsystem flowmgr level debug-7

logging subsystem radius level debug-7

logging subsystem wcc level debug-7

logging subsystem chassis level debug-7

logging subsystem vlanmgr level debug-7

logging subsystem netman level debug-7

logging subsystem app level debug-7

logging subsystem rip level debug-7

logging subsystem ospf level debug-7

logging subsystem sntp level debug-7

logging subsystem dhcp level debug-7

logging subsystem vrrp level debug-7

logging subsystem redundancy level debug-7

logging subsystem csdpeer level debug-7

logging subsystem portmapper level debug-7

logging subsystem acl level debug-7

logging subsystem circuit level debug-7

logging subsystem security level debug-7

logging subsystem fac level debug-7

logging subsystem vpm level debug-7

logging subsystem publish level debug-7

logging subsystem keepalive level debug-7

logging subsystem urql level debug-7

logging subsystem nql level debug-7

logging subsystem dql level debug-7

logging subsystem pcm level debug-7

logging subsystem proximity level debug-7

logging subsystem hfg level debug-7

logging subsystem replicate level debug-7

logging subsystem boomerang level debug-7

logging subsystem fp-driver level debug-7

logging subsystem flowagent level debug-7

logging subsystem cdp level debug-7

logging subsystem slr level debug-7

logging subsystem natmgr level debug-7

logging subsystem ssl-accel level debug-7

ip route 0.0.0.0 0.0.0.0 206.88.44.254 1

!************************* INTERFACE *************************

interface Ethernet-Mgmt

description "Management Access"

interface 2/1

description "web-cluster-server1"

bridge vlan 10

interface 2/2

description "web-cluster-server2"

bridge vlan 10

interface 2/8

description "Outside-DMZ...206.88.44.225"

bridge vlan 11

!************************** CIRCUIT **************************

circuit VLAN1

ip address 206.88.45.225 255.255.255.0

circuit VLAN10

description "web-cluster"

ip address 10.1.1.254 255.255.255.0

circuit VLAN11

description "Outside-DMZ"

ip address 206.88.44.225 255.255.255.0

ip virtual-router 1 priority 110 preempt

ip redundant-vip 1 206.88.44.226

ip critical-service 1 upstream

ip critical-service 1 webserver1

ip critical-service 1 webserver2

!************************** SERVICE **************************

service upstream

ip address 206.88.44.254

type redundancy-up

active

service webserver1

ip address 10.1.1.1

active

service webserver2

ip address 10.1.1.2

active

!*************************** OWNER ***************************

owner ADP

content RuleForVIP1

vip address 206.88.44.226

balance leastconn

add service webserver1

add service webserver2

active

I should be able to talk to the two servers listening on 10.1.1.1:7003 and 10.1.1.2:7003.

Thanks,

-Brett