Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP issue across ACE context

Hi Sir,

I'm performing basic testing of ACE (ACE20-MOD-K9) on a Catalyst 6509 switch with redundant Supervisor Engine 720.

The switch runs Native IOS version 12.2(18)SXF12a. ACE software Version is 3.0(0)A1(4a).

I'm testing an ACE context. Its config is as attached.

Client IP : 172.16.20.100

VIP : 172.16.10.100 tcp eq ftp & 172.16.10.100 tcp eq ftp-data

Real Server : 172.16.30.100

The client can establish FTP connection to the VIP 172.16.10.100. But when it tries to execute the "ls" command, the files were not listed and I received the following error:

C:\>ftp 172.16.10.100

Connected to 172.16.10.100.

220 3Com 3CDaemon FTP Server Version 2.0

User (172.16.10.100:(none)): testuser

331 User name ok, need password

Password:

230 User logged in

ftp> ls

200 PORT command successful.

226 Closing data connection

ftp>

Also attached is the output of "show conn" on the ACE. It looks like Active FTP to me. Can you explain why the FTP data connection cannot be established successfully across the ACE context? What did I miss in my config? Since it is Active FTP, as far as I know the server initiates the data connection. Does the issue have anything to do with the fact that real servers can't initiate outbound connection unless NAT is configured?

Please help.

Thank you.

B.Rgds,

Lim TS

4 REPLIES
Cisco Employee

Re: FTP issue across ACE context

Add the command 'inspect ftp' under your policy-map

policy-map multi-match lb-vip

class VIP-FTP-100

inspect ftp

Also, since you are in test mode, you should upgrade asap to A1(6.3)

Gilles.

New Member

Re: FTP issue across ACE context

Hi Gilles,

Thanks for your reply.

I will try the "inspect ftp" command and upgrade the ACE to 3.0(0)A1(6.3) asap.

By the way, do I need the command "match virtual-address 172.16.10.100 tcp eq ftp-data" under "class-map match-any VIP-FTP-100" ?

One more question: What's the difference in terms of L4-L7 load balancing functionality between a context in routed mode and a context in bridge mode?

Thank you.

B.Rgds,

Lim TS

Cisco Employee

Re: FTP issue across ACE context

you don't need to match the ftp-data port traffic.

If you apply inspect ftp, the data port will be open automatically but this can only be done with inspect ftp configured.

There is no difference between bridge mode and routed mode.

Gilles.

New Member

Re: FTP issue across ACE context

Hi Gilles,

Thanks for your solution. It solves my issue.

I posted a question about the availability of any CSM to ACE conversion tool to which you replied. However I don't get what you mean. Can you kindly advise me again?

Thank you.

B.Rgds,

Lim TS

185
Views
0
Helpful
4
Replies
CreatePlease login to create content