Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Modify a tcp idle time-out on ACE

Hi.

I have a question about tcp idle-time out on ace.

I configured like below

set timeout inactivity 600000

class-map match-any TCP_Connection_IP

2 match virtual-address 100.254.130.0 255.255.255.0 tcp any

policy-map multi-match TCP_Connection_Policy

class TCP_Connection_IP

connection advanced-options TCP_Connection_Timer

interface vlan 30(Client Vlan)

service-policy input TCP_Connection_Policy

interface vlan 330(Server Vlan)

service-policy input TCP_Connection_Policy

Is it a correct?,

If ok, How can I check the tcp-idle?

as show command,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Modify a tcp idle time-out on ACE

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

1 REPLY
Cisco Employee

Re: Modify a tcp idle time-out on ACE

You can't use the virtual-address keyword if you don't want to loadbalance the traffic.

If you just want to the timeout for traffic routed, you need to use a class-map with an acl.

ie:

access-list net1 extended permit tcp any 100.254.130.0 255.255.255.0

class-map net1

match access-list net1

policy-map multimatch TCP_Connection_Policy

class net1

connection advanced-options TCP_Connection_Timer

Now, if you have multiple virtual ip address and want to set the timeout for this virtual ip, you have to assign the connection timeout to all individual virtual ip.

You can't do it in one shot like you did.

There is no command to see if a connection has the right idle timeout.

All you can do is a 'show conn detail' and see if the idle timeout increases up to your configured value.

Gilles.

229
Views
0
Helpful
1
Replies