We have been getting conflicting information for resolving an ongoing problem with Local Director and SSL ID "sticky." We have been plagued by dropped sessions because of the SSL ID configuration problem. CISCO documentation for release notes 4.1.1 recommends HTTP Redirection, and another recommendation from this forum recommends 23-bit stickymask. However, our network support people have been told by CISCO that 23-bit stickymask doesn't work with Local Director, and apparently not that many support people are familiar enough with Local Director to resolve this ongoing problem. Given the fact that MS IE 5 and above holds the market share for browsers, and it is known that IE randomly changes the SSL key (sesison id), it would seem that configuring LD for sticky using SSL ID is a bad solution. Are there real differences between Local Director and CSS? Please help - this is quite annoying.
Re: Should we dump Local Director and upgrade to CSS?
Reading through the release notes for 4.2.4, there seems to be a few open caveats with SSL sticky. One is that SSL sticky only works with IE 5.5. Another is that when each real server has the same IP address but different ports - LD will send SSL packets from originating client with same Session ID to a different real server.
In any event, it does seem that HTTP Redirect is the way to go to get around the problems with SSL sticky.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...