I recently had to diagnose a problem with an LD. A percentage of people trying to connect to a website being loadbalanced by a LD430 could not connect to it. I finally tracked it down to synguard being active on the virtual ip. shutting down synguard resolved this issue, but, I could not find a good explaination of:
1. How does synguard actually operates
2. Why a certain number of users could not connect at all, while others could.
The users are running 2000, xp, and in one case server 2003.
The site from my laptop was always available, but operated slowly.
I have attached a trace from linux that shows the first syn packet either being dropped or delayed by more than 3 seconds.
[root@linus root]# tcpdump src or dst virtual-web-site-ip
The synguard command provides limited protection against SYN attacks on the virtual IP address. Once the number of unanswered SYNs set with the synguard command is reached, LocalDirector starts to protect the real network and servers from a SYN attack. A syslog message is sent when LocalDirector enters synguard mode. When synguard is on telnet does not work. For a more secure mode of operating Local Director, enable synguard protection.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...