Cisco Support Community
Community Member

vip not responding to client requests on ACE

client is unable to establish a connection to the backend servers via the vip on port 389 ,636 configured that servers are listening on these ports .

even the probe is successful on port 389

but not getting any response back from the servers

below is the config and output of service-policy

probe scripted PROBE_LDAP_389
  description This is a scripted Probe for LDAP
  interval 60
  passdetect interval 60
  receive 20
  script LDAP_PROBE

serverfarm host S1
  probe PROBE_LDAP_389
  rserver s01
  rserver s02

sticky ip-netmask address source S1_STICKY
  replicate sticky
  serverfarm S1

class-map match-all S1_CLASS
  2 match virtual-address tcp any

policy-map type loadbalance first-match S1_POLICY
  class class-default
    sticky-serverfarm S1_STICKY

policy-map multi-match POLICY
class S1_CLASS
loadbalance vip inservice
loadbalance policy S1_POLICY
loadbalance vip icmp-reply active

production# sh service-policy POLICY class-map S1_CLASS detail

service-policy: POLICY

    class: S1_CLASS

     VIP Address:                              Protocol:  Port:                               tcp    any           


        L7 loadbalance policy: S1_POLICY

        VIP ICMP Reply       : ENABLED-WHEN-ACTIVE

        VIP State: INSERVICE

        VIP DWS state: DWS_DISABLED

        Persistence Rebalance: DISABLED

        curr conns       : 1         , hit count        : 12       

        dropped conns    : 0        

        client pkt count : 33        , client byte count: 1728               

        server pkt count : 0         , server byte count: 0                  

        conn-rate-limit      : 0         , drop-count : 0        

        bandwidth-rate-limit : 0         , drop-count : 0        

        L7 Loadbalance policy : S1_POLICY

          class/match : class-default

            LB action: :

               sticky group: S1_STICKY

                  primary serverfarm: S1


                  backup serverfarm : -

            hit count        : 12       

            dropped conns    : 0        

            compression      : off


        bytes_in  : 0                          bytes_out : 0                  

        Compression ratio : 0.00%

                Gzip: 0               Deflate: 0        

      compression errors:

        User-Agent  : 0               Accept-Encoding    : 0        

        Content size: 0               Content type       : 0        

        Not HTTP 1.1: 0               HTTP response error: 0        

        Others      : 0        


vip not responding to client requests on ACE


Based on the output, it seems the traffic is reaching the ACE but the communications between the servers and the ACE is not properly done. Then we should make sure about some details here:

Do you have any device in between of the ace and servers?

What type of design do you have?(bridge mode, routed mode, one arm mode)

what is the default gateway of the servers?

Could you show us the configuration of the interface where you have configured service-policy input POLICY?

Could you show #show probe PROBE_LDAP_389 detail?


CreatePlease to create content