Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
1
Replies

Modify a tcp idle time-out on ACE

Go to solution
syjeon
Level 1
Level 1

‎03-02-2008 09:48 PM

Hi.

I have a question about tcp idle-time out on ace.

I configured like below

set timeout inactivity 600000

class-map match-any TCP_Connection_IP

2 match virtual-address 100.254.130.0 255.255.255.0 tcp any

policy-map multi-match TCP_Connection_Policy

class TCP_Connection_IP

connection advanced-options TCP_Connection_Timer

interface vlan 30(Client Vlan)

service-policy input TCP_Connection_Policy

interface vlan 330(Server Vlan)

service-policy input TCP_Connection_Policy

Is it a correct?,

If ok, How can I check the tcp-idle?

as show command,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎03-03-2008 01:59 AM

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎03-03-2008 01:59 AM

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents