policy-map type loadbalance first-match vip-https_POLICY class class-default sticky-serverfarm vip-https_STICKY
policy-map multimatch POLICY class vip-https_CLASS loadbalance vip inservice loadbalance policy vip-https_POLICY loadbalance vip icmp-reply active nat dynamic 2 vlan 2
interface vlan 2 ip address 10.12.13.217 255.255.252.0 peer ip address 10.12.13.216 255.255.252.0 mtu 1500 no normalization no icmp-guard access-group input ALL nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat service-policy input remote_mgmt_allow_policy service-policy input POLICY no shutdown
you can start with checking the status of serverfarm "vip-https" and also check the position of class map "vip-https_CLASS" in polic map "POLICY". Ideally it should be before the class map "vip_1-CLASS" as the later one is hitting port any, and earlier one is designated for TCP port 11443. So if position of class map matching VIP any is above the "VIP 11443", you will never get HIT on this VIP.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...