-
Catalyst 4840G Software Feature and Configuration Guide, Software Release 12.0(13)WT6(1)
-
Preface
-
Overview of Layer 3 Switching and Software Features
-
Before You Begin
-
Configuring the Router Processor
-
Configuring Interfaces
-
Server Load Balancing
-
Firewall Load Balancing
-
Configuring SLB Redundancy
-
Configuring Networking Protocols
-
Configuring Bridging
-
Configuring EtherChannel
-
Configuring NTP
-
Command Reference
-
Cisco IOS Commands Not Supported in Layer 3 Switching Software
-
Using Technical Support
-
Glossary
-
Table Of Contents
delay (firewall farm TCP protocol)
idle (firewall farm TCP protocol)
idle (firewall farm UDP protocol)
inservice (firewall farm real server)
inservice (server farm real server)
inservice (server farm virtual server)
maxconns (firewall farm TCP protocol)
maxconns (firewall farm UDP protocol)
predictor hash address (firewall farm)
probe (firewall farm real server)
replicate casa (firewall farm)
replicate casa (http redirect)
replicate casa (virtual server)
show ip slb fast-ethernet client
sticky (firewall farm TCP protocol)
sticky (firewall farm UDP protocol)
weight (firewall farm real firewall)
Command Reference
This appendix describes the Cisco IOS commands, or aspects of the commands, that are unique to Server Load Balancing (SLB), Firewall Load Balancing (FWLB) and Layer 3 switching.
Other commands used with this feature are documented in the Cisco IOS Release 12.0 and 12.0(5)T command reference publications.
The following commands allow you to set up and monitor SLB and FWLB:
•
delay (firewall farm TCP protocol)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
access
Use the access command to route specific flows to a firewall farm. To restore the default settings, use the no form of this command.
access [source source-ip-address network-mask] [destination destination-ip-address network-mask]
no access [source source-ip-address network-mask] [destination destination-ip-address network-mask]
Syntax Description
Defaults
The default source IP address is 0.0.0.0 (route flows from all sources to this firewall farm).
The default source IP network mask is 0.0.0.0 (route flows from all source subnets to this firewall farm).
The default destination IP address is 0.0.0.0 (route flows from all destinations to this firewall farm).
The default destination IP network mask is 0.0.0.0 (route flows from all destination subnets to this firewall farm).
Command Modes
Firewall farm configuration
Command History
Usage Guidelines
You can specify more than one source or destination for each firewall farm. To do so, create multiple access statements, making sure the network masks do not overlap each other.
Examples
The following example routes flows with a destination IP address of 10.1.6.0 to firewall farm FIRE1:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# access destination 10.1.6.0 255.255.255.0Related Commands
address (http probe)
Use the address command to specify that an HTTP probe is to receive responses from an IP address. To restore the default settings, use the no form of this command.
address [ip-address]
no address [ip-address]
Syntax Description
Defaults
This command has no default setting.
Command Modes
HTTP probe configuration
Command History
Usage Guidelines
If the HTTP probe is associated with a firewall farm, you must specify an IP address.
If the HTTP probe is associated with a server farm and you do not specify an IP address, the address is inherited from a server farm in the real servers.
Examples
The following example configures an HTTP probe named TREADER, changes the CLI to IOS SLB HTTP probe submode, and configures the probe to receive responses from IP address 13.13.13.13:
SLB-Switch(config)# ip slb probe TREADER httpSLB-Switch(config-slb-probe)# address 13.13.13.13Related Commands
Configures the IP IOS server load balancing HTTP probe name.
Displays the configuration of an IOS SLB HTTP or ping probe configuration.
address (ping probe)
Use the address command to specify that a ping probe is to receive responses from an IP address. To restore the default settings, use the no form of this command.
address [ip-address]
no address [ip-address]
Syntax Description
Defaults
This command has no default setting.
Command Modes
Ping probe configuration
Command History
Usage Guidelines
If the ping probe is associated with a firewall farm, you must specify an IP address.
If the ping probe is associated with a server farm and you do not specify an IP address, the address is inherited from a server farm in the real servers.
Examples
The following example configures a ping probe named TREADER, changes the CLI to IOS SLB HTTP probe submode, and configures the probe to receive responses from IP address 13.13.13.13:
SLB-Switch(config)# ip slb probe TREADER pingSLB-Switch(config-slb-probe)# address 13.13.13.13Related Commands
Configures the IP IOS server load balancing ping probe name.
Displays the configuration of an IOS SLB HTTP or ping probe configuration.
advertise
Use the advertise command to control the installation of a static route to the Null0 interface for a virtual server address. To prevent installation of a static route for the virtual server IP address, use the no form of this command.
advertise
no advertise
Syntax Description
This command has no arguments or keywords.
Defaults
The virtual server IP address is added to the routing table.
Command Modes
Virtual server configuration
Usage Guidelines
Advertisement of a static route using the routing protocol requires that you configure redistribution of static routes for the routing protocol.
Command History
Examples
The following example prevents advertisement of the virtual server's IP address in routing protocol updates:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# no advertiseRelated Commands
agent
Use the agent command to configure a DFP agent. To remove an agent definition from the DFP configuration, use the no form of this command.
agent ip-address port [timeout [retry_count [retry_interval]]] [scale scaling_factor]
no agent ip-address port
Syntax Description
Defaults
Timeout default: 0 seconds (no timeout)
Retry_count default: 0 (infinite retries)
Retry_interval default: 180 seconds
Command Modes
DFP configuration
Command History
Usage Guidelines
A DFP agent collects status information about a server's load capability and reports that information to a load manager. The DFP agent might reside on the server, or it might be a separate device that collects and consolidates the information from several servers before reporting to the load manager.
You can configure up to 1024 agents.
Examples
The following example initiates DFP configuration mode and configures a DFP agent with the IP address of 17.17.17.17 at port number 4321:
SLB-Switch(config)# ip slb dfpSLB-Switch(config-slb-dfp)# agent 17.17.17.17 4321Related Commands
bindid
Use the bindid command to configure a bind ID. To remove a bind ID from the server farm configuration, use the no form of this command.
bindid [bind_id] [value]
no bindid [bind_id] [value]
Syntax Description
bind_id
(Optional) Bind ID number of a real server for use by DFP.
value
(Optional) Value that identifies a virtual server instance.
Defaults
Bind_id default: 0
Command Modes
Server farm configuration
Command History
Usage Guidelines
You can configure one bind ID with each bindid command.
Examples
The following example configures bind ID 309 on a server farm named PUBLIC:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# bindid 309Related Commands
Configures the IOS SLB DFP.
Displays information about the server farm configuration.
clear ip slb
Use the clear ip slb command to clear IP SLB connections or counters.
clear ip slb {connections [serverfarm farm_name | vserver server_name] | counters}
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example clears the connection database of a server farm named FARM1:
SLB-Switch# clear ip slb connections serverfarm FARM1
SLB-Switch#
The following example clears the connection database of a virtual server named VSERVER1:
SLB-Switch# clear ip slb connections vserver VSERVER1
SLB-Switch#
The following example clears the SLB counters:
SLB-Switch# clear ip slb counters
SLB-Switch#
Related Commands
Displays information about the SLB server farms.
Displays information about the SLB virtual servers.
Displays information about the SLB connections.
client
Use the client command to define which clients are allowed to use a virtual server. To remove a client definition from the IOS SLB configuration, use the no form of this command.
client ip-address network-mask
no client ip-address network-mask
Syntax Description
Defaults
Default ip-address: 0.0.0.0 (all clients)
Default network-mask: 0.0.0.0 (all subnetworks)
The two defaults combined: client 0.0.0.0 0.0.0.0 (allow all clients on all subnetworks to use the virtual server).
Command Modes
Virtual server configuration
Usage Guidelines
You can use more than one client command to define more than one client.
Command History
Usage Guidelines
The network-mask value is applied to the source IP address of incoming connections. The result must match the ip-address value for the client to be allowed to use the virtual server.
Examples
The following example allows only clients from 10.4.4.0 access to a virtual server named PUBLIC_HTTP:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# client 10.4.4.0 255.255.255.0SLB-Switch(config-slb-vserver)#Related Commands
Configures the virtual server attributes.
Displays information about the virtual servers.
credentials
Use the credentials command to configure basic authentication values for a SLB HTTP probe. To remove a credentials configuration, use the no form of this command.
credentials {username} [password]
no credentials {username} [password]
Syntax Description
Defaults
No default behavior or values
Command Modes
HTTP probe configuration
Command History
Examples
The following example configures an HTTP probe named DOGULA changing the CLI to HTTP SLB probe submode, configures the HTTP authentication to username, chris, and configures the password as develop:
SLB-Switch(config)# ip slb probe DOGULA http
SLB-Switch(config-slb-probe)# credentials chris develop
SLB-Switch(config-slb-probe)#
Related Commands
debug ip slb
Use the debug ip slb command to display debug messages for IOS SLB. To stop debug output, use the no form of this command.
[no] debug ip slb {conns | dfp | firewallfarm | icmp | natpool | probe | reals | replication | all}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC configuration
Command History
12.0(7)XE
This command was introduced.
12.1(2)E
The natpool and replication keywords were added.
12.1(3)E
The firewallfarm keyword was added.
Usage Guidelines
Before using debug commands, read this Caution:
Caution
Examples
The following example configures a debug session to check all IP SLB parameters:
SLB-Switch# debug ip slb allSLB All debugging is onSLB-Switch#The following example stops all debugging:
SLB-Switch# no debug ip slb allAll possible debugging has been turned offSLB-Switch#The following example configures debugging to check IP SLB replication used with stateful backup and displays the output from the send or transmit virtual server:
SLB-Switch# debug ip slb replication*Mar 2 08:02:38.019: SLB Replicate: (send) update vs: VS1 update_count 42SLB-Switch#delay (firewall farm TCP protocol)
Use the delay (firewall farm TCP protocol) command to change the amount of time SLB maintains TCP connection context after a connection has terminated. To restore the default delay timer, use the no form of this command.
delay duration
no delay
Syntax Description
Defaults
Duration default: 10 seconds
Command Modes
Firewall farm TCP protocol configuration
Command History
Usage Guidelines
The delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends.
Do not set the duration value to zero (0).
If you are configuring a delay timer for HTTP traffic, choose a low number (such as 5 seconds) as a starting point.
Examples
The following example shows that SLB maintains TCP connection context for 30 seconds after a connection has terminated:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# tcpSLB-Switch(config-slb-fw-tcp)# delay 30SLB-Switch(config-slb-fw-tcp)#Related Commands
Displays information about the firewall farm configuration.
Initiates TCP protocol configuration mode.
delay (virtual server)
Use the delay (virtual server) command to change the amount of time IOS SLB maintains TCP connection context after a connection has terminated. To restore the default delay timer, use the no form of this command.
delay duration
no delay
Syntax Description
Defaults
Duration default: 10 seconds
Command Modes
Virtual server configuration
Command History
Usage Guidelines
The delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends.
Do not set the duration value to zero (0).
If you are configuring a delay timer for HTTP traffic, choose a low number (such as 5 seconds) as a starting point.
Examples
The following example shows that IOS SLB maintains TCP connection context for 30 seconds after a connection has terminated:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# delay 30SLB-Switch(config-slb-vserver)#Related Commands
Displays information about the virtual servers.
Configures the virtual server attributes.
expect
Use the expect command to configure a status code or regular expression to be expected from an HTTP probe. To restore the default settings, use the no form of this command.
expect [status status-code] [regex regular-expression]
no expect [status status-code] [regex regular-expression]
Syntax Description
Defaults
The default expected status code is 200.
There is no default expected regular expression.
Command Modes
HTTP probe configuration
Command History
12.1(2)E
This command was introduced.
12.1(3)E
The regex keyword and regular-expression variable were added.
Usage Guidelines
The expect command configures the expected status code or regular expression to be received from a server.
A real server is considered to have failed and is taken out of service if any of the following events occurs:
•
•
•
For IOS SLB firewall load balancing, configure the HTTP probe to expect status code 40l.
Examples
The following example initiates HTTP probe configuration mode and configures an HTTP probe named TREADER that expects the status code 40l and the regular expression Copyright:
SLB-Switch(config)# ip slb probe TREADER httpSLB-Switch(config-slb-probe)# expect status 401 regex CopyrightSLB-Switch(config-slb-probe)#Related Commands
Configures the IP IOS SLB HTTP probe name.
Displays an IOS SLB HTTP or ping probe configuration.
faildetect (ping probe)
Use the faildetect (ping probe) command to specify the conditions that indicate a server failure. To restore the default values that indicate a server failure, use the no form of this command.
faildetect number-of-pings
no faildetect
Syntax Description
number-of-pings
Number of consecutive unanswered pings allowed before a real server is considered to have failed. Valid range is 1 to 255.
Defaults
The default value is 3 unanswered pings.
Command Modes
Ping probe configuration
Command History
Examples
The following example shows that the unanswered ping threshold is 16:
SLB-Switch(config)# ip slb probe TREADER pingSLB-Switch(config-slb-probe)# faildetect 16SLB-Switch(config-slb-probe)#Related Commands
faildetect (real server)
Use the faildetect (real server) command to specify the conditions that indicate a server failure. To restore the default values that indicate a server failure, use the no form of this command.
faildetect numconns number-conns [numclients number-clients]
no faildetect
Syntax Description
Defaults
If you do not specify the numconns keyword, the default value of the connection reassignment threshold is 8.
If you do not specify the numclients keyword, the default value of the unique client connection failure threshold is 2.
Command Modes
Real server configuration
Command History
Examples
The following example sets the connection reassignment threshold to 16 and, because the numclients keyword is not configured, the threshold for unique client connection failure is set to the default value 8. The real server is therefore considered to have failed when 8 unique clients have had connection failures and there have been 16 connection reassignments.
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.10.1.1SLB-Switch(config-slb-real)# faildetect numconns 16SLB-Switch(config-slb-real)#Related Commands
header
Use the header command to configure the basic authentication values for an HTTP probe. To remove a header HTTP probe configuration, use the no form of this command.
header field-name
no header field-name
Syntax Description
Defaults
No default behavior or values
Command Modes
HTTP probe configuration
Command History
Usage Guidelines
The header HTTP probe command configures authentication parameters of the CGI header.
The following headers are inserted in the server CGI script by default:
Accept: */*Connection: closeUser-Agent: cisco-slb-probe/1.0Host: virtual IP address
Note
Examples
The following example configures an HTTP probe named DOGULA, changes the CLI to HTTP submode, and configures HTTP probe header name as Cookie:
SLB-Switch(config)# ip slb probe DOGULA http
SLB-Switch(config-slb-probe)# header Cookie
SLB-Switch(config-slb-probe)#
Related Commands
idle (firewall farm TCP protocol)
Use the idle (firewall farm TCP protocol) command to specify the minimum amount of time IOS SLB maintains connection information in the absence of packet activity. To restore the default idle duration value, use the no form of this command.
idle duration
no idle
Syntax Description
Defaults
Duration default: 3600 seconds
Command Modes
Firewall farm TCP protocol configuration
Command History
Usage Guidelines
TCP connections that do not send traffic or keepalive signals before the idle timer expires are assumed to be inactive and are reset (RST).
If you are configuring an idle timer for HTTP traffic, choose a low number such as 120 seconds as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds; such a low value can reduce the efficiency of IOS SLB.
Examples
The following example instructs IOS SLB to maintain connection information for an idle connection for 120 seconds:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# tcpSLB-Switch(config-slb-fw-tcp)# idle 120SLB-Switch(config-slb-fw-tcp)#Related Commands
Displays information about the firewall farm configuration.
Initiates TCP protocol configuration mode.
idle (firewall farm UDP protocol)
Use the idle (firewall farm UDP protocol) command to specify the minimum amount of time IOS SLB maintains connection information in the absence of packet activity. To restore the default idle duration value, use the no form of this command.
idle duration
no idle
Syntax Description
Defaults
Duration default: 3600 seconds
Command Modes
Firewall farm UDP protocol configuration
Command History
Usage Guidelines
UDP connections that do not send traffic or keepalive signals before the idle timer expires are assumed to be inactive and are reset (RST).
If you are configuring an idle timer for HTTP traffic, choose a low number (such as 120 seconds) as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds; such a low value can reduce the efficiency of IOS SLB.
Examples
The following example instructs IOS SLB to maintain connection information for an idle connection for 120 seconds:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# udpSLB-Switch(config-slb-fw-udp)# idle 120SLB-Switch(config-slb-fw-udp)#Related Commands
Displays information about the firewall farm configuration.
Initiates UDP protocol configuration mode.
idle (virtual server)
Use the idle (virtual server) command to specify the minimum amount of time IOS SLB maintains connection information in the absence of packet activity. To restore the default idle duration value, use the no form of this command.
idle duration
no idle
Syntax Description
Defaults
Duration default: 3600 seconds
Command Modes
Virtual server configuration
Command History
Usage Guidelines
TCP connections that do not send traffic or keepalive signals before the idle timer expires are assumed to be inactive and are reset (RST).
If you are configuring an idle timer for HTTP traffic, choose a low number (such as 120 seconds) as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds; such a low value can reduce the efficiency of IOS SLB.
Examples
The following example instructs IOS SLB to maintain connection information for an idle connection for 120 seconds:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# idle 120SLB-Switch(config-slb-vserver)#Related Commands
Displays information about the virtual servers.
Configures the virtual server attributes.
inservice (firewall farm)
Use the inservice (firewall farm) command to enable a firewall farm for use by FWLB. To remove the firewall farm from service, use the no form of this command.
inservice [standby group-name]
no inservice [standby group-name]
Syntax Description
standby
(Optional) Keyword that specifies an HSRP standby firewall farm for use with stateless and stateful backup.
groupname
(Optional) HSRP group name with which the firewall farm is associated.
Defaults
If the inservice command is not specified, the firewall farm is defined to FWLB but is not used.
Command Modes
Firewall farm configuration
Command History
Examples
The following example enables the firewall farm for use by the FWLB feature:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# inserviceSLB-Switch(config-slb-fw)#Related Commands
Identifies a firewall farm and initiates firewall farm configuration mode.
Displays information about the firewall farm configuration.
inservice (firewall farm real server)
Use the inservice (firewall farm real server) command to enable the firewall for use by IOS SLB. To remove the firewall from service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
If the inservice command is not specified, the firewall is defined to IOS SLB but is not used.
Command Modes
Firewall farm real server configuration
Command History
Usage Guidelines
IOS SLB Firewall Load Balancing uses probes to detect failures. If you have not configured a probe, the firewall does not function.
Examples
The following example enables the firewall for use by the IOS SLB feature:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# real 10.10.1.1SLB-Switch(config-slb-fw-real)# inserviceSLB-Switch(config-slb-fw-real)#Related Commands
inservice (server farm real server)
Use the inservice (server farm real server) command to enable the real server for use by IOS SLB. To remove the real server from service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
If the inservice command is not specified, the real server is defined to IOS SLB but is not used.
Command Modes
Server farm real server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(1)E
The standby keyword and group-name variable were added.
Examples
The following example enables the real server for use by the IOS SLB feature:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-sfarm)# real 10.10.1.1SLB-Switch(config-slb-sfarm-real)# inserviceSLB-Switch(config-slb-sfarm-real)#Related Commands
inservice (server farm virtual server)
Use the inservice (server farm virtual server) command to enable the virtual server for use by IOS SLB. To remove the virtual server from service, use the no form of this command.
inservice [standby group-name]
no inservice [standby group-name]
Syntax Description
Defaults
If the inservice command is not specified, the virtual server is defined as IOS SLB but is not used.
Command Modes
Server farm virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(1)E
The standby keyword and group-name variable were added.
Examples
The following example enables a virtual server named PUBLIC_HTTP for use by the IOS SLB feature:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# inserviceSLB-Switch(config-slb-vserver)#Related Commands
Configures information about the virtual servers.
Displays information about the virtual servers.
Configures the virtual server attributes.
interval (http probe)
Use the interval (HTTP probe) command to configure an HTTP probe interval. To remove an HTTP probe interval configuration, use the no form of this command.
interval seconds
no interval seconds
Syntax Description
seconds
Number of seconds to wait before reattempting the probe. Valid values range from 1 to65535 seconds.
Defaults
The default seconds value is 8 seconds.
Command Modes
HTTP probe configuration
Command History
Examples
The following example configures an HTTP probe named TREADER, changes the CLI to HTTP submode, and configures the HTTP probe timer interval to transmit every 11 seconds:
SLB-Switch(config)# ip slb probe TREADER httpSLB-Switch(config-slb-probe)# interval 11SLB-Switch(config-slb-probe)#Related Commands
interval (ping probe)
Use the interval (ping probe) command to configure a ping probe interval. To remove a ping probe interval configuration, use the no form of this command.
interval seconds
no interval seconds
Syntax Description
seconds
Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds.
Defaults
The default seconds value is 8 seconds.
Command Modes
Ping probe configuration
Command History
Examples
The following example configures a ping probe named TREADER, changes the CLI to ping submode, and configures the ping probe timer interval to transmit every 11 seconds:
SLB-Switch(config)# ip slb probe TREADER pingSLB-Switch(config-slb-probe)# interval 11SLB-Switch(config-slb-probe)#Related Commands
ip slb dfp
Use the ip slb dfp command to configure DFP and supply an optional password. To remove the DFP configuration, use the no form of this command.
ip slb dfp [password [0 | 7] password [timeout]]
no ip slb dfp
Syntax Description
Defaults
The password encryption default is 0 (unencrypted).
Timeout default: 180 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.
During the timeout the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets with only the new password; received packets that use the old password are discarded.
If you are changing the password for an entire load-balanced environment, set a longer timeout. The extended timeout will allow enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have begun running the new password, and agents and servers on which you have not yet changed the old password.
Examples
The following example initiates DFP agent configuration mode, configures DFP, sets the password to flounder, and configures a timeout period of 60 seconds:
SLB-Switch(config)# ip slb dfp flounder 60SLB-Switch(config-slb-dfp)#Related Commands
ip slb entries
Use the ip slb entries command to configure an initial allocation and a maximum value for IOS SLB database entries. To restore the default values, use the no form of this command.
ip slb entries [conn [init-conn [max-conn]] | frag [init-frag [max-frag]] | sticky [init-sticky [max-sticky]] ]
no ip slb entries [conn | frag | sticky]
Syntax Description
Defaults
For connections the default initial allocation is 8000 connections and the default maximum is 8000000 connections.
For fragments the default initial allocation is 2000 fragments and the default maximum is 32000 fragments.
For sticky connections the default initial allocation is 4000 sticky connections and the default maximum is 8000000 sticky connections.
Command Modes
Global configuration
Command History
Usage Guidelines
If you configure an initial allocation value that exceeds the amount of available memory, memory might not be available for other features. In extreme cases the router or switch might not boot properly. Use caution when you configure initial allocation values.
Examples
The following example configures an initial allocation of 128000 connections, which can grow dynamically to a limit of 512000 connections:
SLB-Switch(config)# ip slb entries conn 128000 512000SLB-Switch(config-slb)#Related Commands
Displays all connections handled by IOS SLB or, optionally, only those connections associated with a particular virtual server or client.
ip slb fast-ethernet client
Use the ip slb fast-ethernet client command to enable FastEthernet 10/100BASE-T ports 37 through 40 for client connections. To enable the ports for server connections, use the no form of this command.
ip slb fast-ethernet client
no ip slb fast-ethernet client
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Examples
The following example enables ports 37 through 40 for client connections:
SLB-Switch(config)# ip slb fast-ethernet clientSLB-Switch(config-slb)#Related Commands
ip slb firewallfarm
Use the ip slb firewallfarm command to identify a firewall farm. To remove the firewall farm from the IOS SLB configuration, use the no form of this command.
ip slb firewallfarm firewallfarm-name
no ip slb firewallfarm firewallfarm-name
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
Grouping real firewalls into firewall farms is an essential part of FWLB. Using firewall farms enables FWLB to assign new connections to the real firewalls, based on their weighted capacities.
Examples
The following example identifies a firewall farm named FIRE1 and changes the CLI to firewall farm configuration mode:
FWLB-Switch(config)# ip slb firewallfarm FIRE1FWLB-Switch(config-slb-fw)Related Commands
Identifies a real firewall as a member of a firewall farm and initiates firewall farm configuration mode.
ip slb http11
Use the ip slb http11 command to manage cache and chunk encoding. To disable HTTP11, use the no form of this command.
ip slb http11 enable
no ip slb http11
Syntax Description
Defaults
The default is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
For HTTP 1.1 to be enabled, URL-based SLB must be configured. The minimum configuration required to enable HTTP 1.1 on the Catalyst 4840G SLB switch is:
•
•
•
•
Examples
The following example shows how to enable HTTP 1.1:
FWLB-Switch(config)# ip slb http11 enableFWLB-Switch(config-slb-fw)#ip slb map
Use the ip slb map command to identify a URL map. To remove the URL map from the IOS SLB configuration, use the no form of this command.
ip slb map url-map-name
no ip slb map url-map-name
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
A maximum of four URLs can be configured to a map. The URL configured as part of a URL map is a string containing a sequence of directories, which may terminate with a filename. Within this string the character ''/'' is the delimiter for each level of a directory.
You can configure URLs for longest match, exact match, prefix match, and suffix match.
Examples
The following example shows how to group URLs and associate them with a content switching policy.
SLB-Switch(config)# ip slb map m1SLB-Switch(config-slb-map)# match protocol http url /index.htmlSLB-Switch(config-slb-map)# match protocol http url /stocks/csco/SLB-Switch(config-slb-map)# match protocol http url *gifSLB-Switch(config-slb-map)# match protocol http url /st*SLB-Switch(config-slb-map)# exitSLB-Switch(config)Related Commands
ip slb natpool
Use the ip slb natpool command to configure a NAT and create a client address pool. To remove an ip slb natpool configuration, use the no form of this command.
ip slb natpool pool-name start-ip end-ip [netmask netmask | prefix-length leading_1_bits] [entries init-addr [max-addr]]
no ip slb natpool pool-name
Syntax Description
Defaults
The default initial allocation is 8000 client NAT address entries.
The default maximum number of client NAT address entries that can be allocated is the maximum number of ports that can be allocated within the IP address range.
Command Modes
Global configuration
Command History
Usage Guidelines
If you want to use client NAT, you must create at least one client address pool.
When the number of available client NAT address entries is less than half of the init-addr value, IOS SLB allocates additional client NAT address entries.
Examples
The following example configures an IOS SLB NAT server farm pool of addresses with the name web-clients, an IP address range from 128.3.0.1 through 128.3.0.254, and a subnet mask of 255.255.0.0:
SLB-Switch(config)# ip slb natpool web-clients 128.3.0.1 128.3.0.254 netmask 255.255.0.0SLB-Switch(config-slb)#The following example configures a default max-addr value of (3.3.3.1-3.3.3.5)*54535, or 4*54535, or 218140:
SLB-Switch(config)# ip slb natpool 3.3.3.1 3.3.3.5 prefix-length 24 entries 8000SLB-Switch(config-slb)#Related Commands
ip slb policy
Use the ip slb policy command to configure policies and associate attributes to a policy. To remove an ip slb policy, use the no form of this command.
ip slb policy policy-name
no ip slb policy policy-name
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
Policies link a URL map to a server farm. The order in which policies are linked to a virtual server determines the precedence of the policy. When two or more policies match a requested URL, the policy with the highest precedence is selected.
There are no restrictions to the number of policies that can be created on the Catalyst 4840G SLB switch.
Note
Examples
The following example shows how configure a URL-based SLB policy named policy_content:
SLB-Switch(config)# ip slb policy policy_contentSLB-Switch(config-slb-policy)# serverfarm new_serverfarmSLB-Switch(config-slb-policy)# url-map url_map_1SLB-Switch(config-slb-policy)# exitSLB-Switch(config)Related Commands
ip slb probe (http probe)
Use the ip slb probe (HTTP probe) command to configure an HTTP SLB and its probe name. To remove an ip slb probe, use the no form of this command.
ip slb probe name http
no ip slb probe name
Syntax Description
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
The HTTP probe cannot be deconfigured while it is being used by the server farm or firewall farm.
You can configure more than one probe for each real server in a server farm. You can configure only one HTTP probe for each firewall farm.
Examples
The following example configures an HTTP probe named TREADER, and then changes the CLI to HTTP configuration submode:
SLB-Switch(config)# ip slb probe TREADER httpSLB-Switch(config-slb-probe)#Related Commands
ip slb probe (ping probe)
Use the ip slb probe (ping probe) command to configure a ping probe name. To remove a ping probe, use the no form of this command.
ip slb probe name ping
no ip slb probe name
Syntax Description
name
Name for the ping probe. The character string is limited to 15 characters.
ping
Keyword that specifies to ping the probe.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Usage Guidelines
The ping probe cannot be deconfigured while it is being used by the server farm or firewall farm.
You can configure more than one probe for each real server in a server farm. You can configure only one ping probe for a firewall farm.
Examples
The following example configures an IOS SLB probe named READER and then changes the CLI to ping configuration submode:
SLB-Switch(config)# ip slb probe READER pingSLB-Switch(config-slb-probe)#Related Commands
ip slb serverfarm
Use the ip slb serverfarm command to identify a server farm. To remove the server farm from the IOS SLB configuration, use the no form of this command.
ip slb serverfarm serverfarm-name
no ip slb serverfarm serverfarm-name
Syntax Description
serverfarm-name
Character string used to identify the server farm. The character string is limited to 15 characters.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Examples
The following example identifies a server farm named PUBLIC and changes the CLI to server farm configuration mode:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)#Related Commands
Identifies a real server.
Displays information about the server farm configuration.
ip slb url
Use the ip slb url command to enable URL load balancing for all 10/100 FE ports. To disable URL load balancing for all 10/100 FE ports, use the no form of this command.
ip slb url
no ip slb url
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Examples
The following example enables URL load balancing for all 10/100 FE ports:
SLB-Switch(config)# ip slb url1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet2]1d00h:Downloading micro code on [FastEthernet4].1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet6]1d00h:Downloading micro code on [FastEthernet8].1d00h:%LINK-5-CHANGED:Interface FastEthernet2, changed state toadministratively down1d00h:%LINK-3-UPDOWN:Interface FastEthernet1, changed state to up1d00h:%LINK-5-CHANGED:Interface FastEthernet4, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet3, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet10]1d00h:Downloading micro code on [FastEthernet12].1d00h:%LINK-3-UPDOWN:Interface FastEthernet1, changed state to up1d00h:%LINK-5-CHANGED:Interface FastEthernet6, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet5, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet8, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet7, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet14]1d00h:Downloading micro code on [FastEthernet16].1d00h:%LINK-5-CHANGED:Interface FastEthernet10, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet9, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet12, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet11, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet18]1d00h:Downloading micro code on [FastEthernet20].1d00h:%LINK-5-CHANGED:Interface FastEthernet14, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet13, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet16, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet15, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet22]1d00h:Downloading micro code on [FastEthernet24].1d00h:%LINK-5-CHANGED:Interface FastEthernet18, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet17, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet20, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet19, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet26]1d00h:Downloading micro code on [FastEthernet28].1d00h:%LINK-5-CHANGED:Interface FastEthernet22, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet21, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet24, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet23, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet30]1d00h:Downloading micro code on [FastEthernet32].1d00h:%LINK-5-CHANGED:Interface FastEthernet26, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet25, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet28, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet27, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet34]1d00h:Downloading micro code on [FastEthernet36].1d00h:%LINK-5-CHANGED:Interface FastEthernet30, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet29, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet32, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet31, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet38]1d00h:Downloading micro code on [FastEthernet40].Ports 1-40 are enabled for URL load balancingSLB-Switch(config)#1d00h:%LINK-5-CHANGED:Interface FastEthernet34, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet33, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet36, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet35, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet38, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet37, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet40, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet39, changed state toadministratively downSLB-Switch(config-slb)#The following example disables URL load balancing for all 10/100 FE ports:
SLB-Switch(config)# no ip slb url1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet2]1d00h:Downloading micro code on [FastEthernet4].1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet6]1d00h:Downloading micro code on [FastEthernet8].1d00h:%LINK-5-CHANGED:Interface FastEthernet2, changed state toadministratively down1d00h:%LINK-3-UPDOWN:Interface FastEthernet1, changed state to up1d00h:%LINK-5-CHANGED:Interface FastEthernet4, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet3, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet10]1d00h:Downloading micro code on [FastEthernet12].1d00h:%LINK-5-CHANGED:Interface FastEthernet6, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet5, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet8, changed state toadministratively down1d00h:%LINK-3-UPDOWN:Interface FastEthernet1, changed state to up1d00h:%LINK-5-CHANGED:Interface FastEthernet7, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet14]1d00h:Downloading micro code on [FastEthernet16].1d00h:%LINK-5-CHANGED:Interface FastEthernet10, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet9, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet12, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet11, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet18]1d00h:Downloading micro code on [FastEthernet20].1d00h:%LINK-5-CHANGED:Interface FastEthernet14, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet13, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet16, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet15, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet22]1d00h:Downloading micro code on [FastEthernet24].1d00h:%LINK-5-CHANGED:Interface FastEthernet18, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet17, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet20, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet19, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet26]1d00h:Downloading micro code on [FastEthernet28].1d00h:%LINK-5-CHANGED:Interface FastEthernet22, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet21, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet24, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet23, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet30]1d00h:Downloading micro code on [FastEthernet32].1d00h:%LINK-5-CHANGED:Interface FastEthernet26, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet25, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet28, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet27, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet34]1d00h:Downloading micro code on [FastEthernet36].1d00h:%LINK-5-CHANGED:Interface FastEthernet30, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet29, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet32, changed state toadministratively down1d00h:%LINK-5-CHANGED:Interface FastEthernet31, changed state toadministratively down1d00h:Loading Shared CAM DOT1Q ucode image on [FastEthernet38]1d00h:Downloading micro code on [FastEthernet40].Ports 1-40 are disabled for URL load balancingSLB-Switch(config-slb)#Related Commands
ip slb vserver
Use the ip slb vserver command to identify a virtual server. To remove a virtual server from the IOS SLB configuration, use the no form of this command.
ip slb vserver virtserver-name
no ip slb vserver virtserver-name
Syntax Description
virtserver-name
Character string used to identify the virtual server. The character string is limited to 15 characters.
Defaults
No default behavior or values
Command Modes
Global configuration
Command History
Examples
The following example identifies a virtual server named PUBLIC_HTTP and changes the CLI to virtual server configuration mode:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)#Related Commands
Associates a real server farm with a virtual server.
Displays information about the virtual servers.
manager
Use the manager command to configure the port that DFP managers can connect to. To remove a port from the DFP configuration, use the no form of this command.
manager port
no manager port
Syntax Description
Defaults
No default behavior or values
Command Modes
DFP configuration
Command History
Examples
The following example configures a DFP manager to port 17:
SLB-Switch(config)# ip slb dfpSLB-Switch(config-slb-dfp)# manager 17SLB-Switch(config-slb-dfp)#Related Commands
maxconns (firewall farm TCP protocol)
Use the maxconns (firewall farm TCP protocol) command to limit the number of active connections to the firewall farm. To restore the default of no limit, use the no form of this command.
maxconns maximum-number
no maxconns
Syntax Description
maximum-number
Maximum number of simultaneous active connections on the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295.
Defaults
Maximum_number default: 4294967295
Command Modes
Firewall farm TCP protocol configuration
Command History
Examples
The following example identifies a firewall farm named FIRE1, initiates TCP configuration mode, and then limits the real server to a maximum of 1000 simultaneous active connections:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# tcpSLB-Switch(config-slb-fw-tcp)# maxconns 1000SLB-Switch(config-slb-fw-tcp)#Related Commands
maxconns (firewall farm UDP protocol)
Use the maxconns (firewall farm UDP protocol) command to limit the number of active connections to the firewall farm. To restore the default of no limit, use the no form of this command.
maxconns maximum-number
no maxconns
Syntax Description
maximum-number
Maximum number of simultaneous active connections on the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295.
Defaults
Maximum_number default: 4294967295
Command Modes
Firewall farm UDP protocol configuration
Command History
Examples
The following example identifies a firewall farm named FIRE2, initiates UDP configuration mode, and then limits the firewall farm to a maximum of 1000 simultaneous active connections:
SLB-Switch(config)# ip slb firewallfarm FIRE2SLB-Switch(config-slb-fw)# udpSLB-Switch(config-slb-fw-udp)# maxconns 1000SLB-Switch(config-slb-fw-udp)#Related Commands
maxconns (server farm)
Use the maxconns (server farm) command to limit the number of active connections to the real server. To restore the default of no limit, use the no form of this command.
maxconns maximum-number
no maxconns
Syntax Description
maximum-number
Maximum number of simultaneous active connections on the real server. Valid values range from 1 to 4294967295. The default is 4294967295.
Defaults
Maximum_number default: 4294967295
Command Modes
Real server configuration
Command History
Examples
The following example identifies a server farm named PUBLIC, initiates real server configuration mode, identifies the IP address of the real server 10.10.1.1, and then limits the real server to a maximum of 1000 simultaneous active connections:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.10.1.1SLB-Switch(config-slb-real)# maxconns 1000SLB-Switch(config-slb-real)#Related Commands
nat
Use the nat command to configure IOS SLB NAT. To remove a NAT configuration, use the no form of this command.
nat {server | client pool-name}
no nat {server | client}
Syntax Description
server
Keyword that specifies the destination address in load-balanced packets sent to the real server as the address of the real server chosen by the server farm load-balancing algorithm.
client
Keyword that specifies the client address in load-balanced packets using addresses from the client address pool.
pool-name
Pool name. Must match the pool-name parameter from a previous ip slb probe (http probe) command.
Defaults
No default behavior or values
Command Modes
Server farm configuration
Command History
12.1(1)E
This command was introduced.
12.1(2)E
The client keyword and pool-name variable were added.
Usage Guidelines
The no nat command is allowed only if the virtual server was removed from service with the no inservice command.
Examples
The following example identifies a server farm named FARM2, initiates server farm configuration mode, and then configures NAT mode as server address translation on server farm FARM2:
SLB-Switch# ip slb serverfarm FARM2SLB-Switch(config-slb-sfarm)# nat serverSLB-Switch(config-slb-sfarm)#The following example configures the NAT mode on server farm FARM2 to client translation mode and, using the real (server farm) command, configures the real server IP address as 10.3.1.1:
SLB-Switch(config-slb-sfarm)# nat client web-clientsSLB-Switch(config-slb-sfarm)# real 10.3.1.1SLB-Switch(config-slb-sfarm)#Related Commands
port
Use the port command to specify the port to which an HTTP probe is to connect. To restore the default settings, use the no form of this command.
port port
no port port
Syntax Description
Defaults
No default behavior or values
Command Modes
HTTP probe configuration
Command History
Examples
The following example configures an HTTP probe named TREADER, changes the CLI to HTTP probe submode, and configures the probe to connect to port number 8:
SLB-Switch(config)# ip slb probe TREADER httpSLB-Switch(config-slb-probe)# port 8SLB-Switch(config-slb-probe)#Related Commands
Configures the IP IOS SLB probe name.
Displays an IOS SLB HTTP or ping probe configuration.
predictor (server farm)
Use the predictor (server farm) command to specify the load-balancing algorithm for selecting a real server in the server farm. To restore the default load-balancing algorithm of weighted round robin, use the no form of this command.
predictor [roundrobin | leastconns]
no predictor
Syntax Description
Defaults
Weighted round robin
Command Modes
Server farm configuration
Command History
Examples
The following example identifies a server farm named PUBLIC, changes the CLI to server farm configuration mode, and then specifies the weighted least-connections algorithm:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# predictor leastconnsSLB-Switch(config-slb-sfarm)#Related Commands
Displays information about the server farm configuration.
Specifies the capacity of a real server relative to other real servers in the server farm.
predictor hash address (firewall farm)
Use the predictor hash address (firewall farm) command to specify the load-balancing algorithm for selecting a real firewall in the firewall farm. To restore the default load-balancing algorithm, use the no form of this command.
predictor hash address [port]
no predictor
Syntax Description
Defaults
Layer 3 source and destination IP addresses in the hash algorithm
Command Modes
Firewall farm configuration
Command History
Examples
The following example identifies a firewall farm named FIRE1, changes the CLI to firewall farm configuration mode, and then configures the hash algorithm to use the source and destination IP addresses:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# predictor hash addressSLB-Switch(config-slb-fw)#Related Commands
Displays information about the firewall farm configuration.
Specifies the capacity of a real firewall relative to other real firewalls in the firewall farm.
probe (firewall farm real server)
Use the probe (firewall farm real server) command to associate a probe with a firewall farm. To remove the association, use the no form of this command.
probe name
no probe name
Syntax Description
Defaults
No default behavior or values
Command Modes
Firewall farm real server configuration
Command History
Usage Guidelines
You can configure more than one probe for each firewall in a firewall farm.
Examples
The following example associates a probe named DAWN with a firewall farm named FIRE1:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw-real)# probe DAWNSLB-Switch(config-slb-fw-real)#Related Commands
probe (server farm)
Use the probe (server farm) command to associate a probe with a server farm. To remove the association, use the no form of this command.
probe name
no probe name
Syntax Description
Defaults
No default behavior or values
Command Modes
Server farm configuration
Command History
Usage Guidelines
You can configure more than one probe for each server farm.
Examples
The following example associates a probe named TREADER with a server farm named PUBLIC:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# probe TREADERSLB-Switch(config-slb-sfarm)#Related Commands
real (firewall farm)
Use the real (firewall farm) command to identify a real firewall as a member of a firewall farm. To remove the real firewall from the IOS FWLB configuration, use the no form of this command.
real ip-address
no real ip-address
Syntax Description
Defaults
No default behavior or values
Command Modes
Firewall farm configuration
Command History
Usage Guidelines
A firewall farm consists of a number of real firewalls. The real firewalls are the physical devices that provide the load-balancing services.
Examples
The following example identifies the real firewall 10.1.1.1 as a member of a firewall farm named FIRE1:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# real 10.1.1.1SLB-Switch(config-slb-fw)#Related Commands
Displays information about a firewall farm configuration.
Displays information about a real firewall.
real (server farm)
Use the real (server farm) command to identify a real server as a member of a server farm. To remove the real server from the IOS SLB configuration, use the no form of this command.
real ip-address [port]
no real ip-address [port]
Syntax Description
ip-address
Real server IP address.
port
(Optional) Port translation number for the server. Valid values range from 1 to 65535.
Defaults
No default behavior or values
Command Modes
Server farm configuration
Command History
Usage Guidelines
A server farm consists of a number of real servers. The real servers are the physical devices that provide the load-balancing services.
Examples
The following example identifies the real server 10.1.1.1 as a member of a server farm named PUBLIC:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.1.1.1SLB-Switch(config-slb-sfarm)#Related Commands
Displays information about a server farm configuration.
Displays information about a real server.
reassign
Use the reassign command to specify the threshold of consecutive unanswered synchronizations attempts that, if exceeded, result in an attempted connection to a different real server. To restore the default reassignment threshold, use the no form of this command.
reassign threshold
no reassign
Syntax Description
threshold
Number of unanswered TCP SYNs that are directed to a real server before the connection is reassigned to a different real server. Valid threshold values range from 1 to 4 SYNs.
Defaults
Threshold default: 3 SYNs
Command Modes
Real server configuration
Command History
Usage Guidelines
An unanswered SYN is one for which no SYN or ACK is detected before the next SYN arrives from the client. Cisco IOS SLB allows 30 seconds for the connection to be established or for a new SYN to be received. If neither of these occurs within that time, the connection is removed from the Cisco IOS SLB database.
The 30-second timer is restarted for each SYN as long as the number of connection reassignments specified in the faildetect (real server) command's number-conns variable is not exceeded. See the faildetect (real server) command for more information.
Examples
The following example sets the threshold of unanswered SYNs to 2:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.10.1.1SLB-Switch(config-slb-real)# reassign 2SLB-Switch(config-slb-real)#Related Commands
Identifies a real server as a member of a server farm.
Displays information about a server farm configuration.
Displays information about a real server.
redirect-virtual
Use the redirect-virtual command to specify the real server address as a property of a real server. To remove a virtual server from the Cisco IOS SLB configuration, use the no form of this command.
redirect-virtual ip_address
no redirect-virtual ip_address
Syntax Description
Defaults
No default behavior or values
Command Modes
HTTP redirect submode
Usage Guidelines
This command is enabled after the server farm is configured in HTTP redirect submode.
Command History
Examples
The following example links real server 10.1.1.1 with redirect virtual server ACME1_VS and enters redirect virtual server configuration mode:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.1.1.1SLB-Switch(config-slb-real)# redirect-virtual ACME1_VSSLB-Switch(config-slb-redirect-v)#Related Commands
predictor roundrobin http_redirect
Enables HTTP redirect.
Displays information about the virtual servers.
replicate casa (firewall farm)
Use the replicate casa (firewall farm) command to configure a stateful backup of IOS SLB decision tables to a backup switch. To remove a replicate casa configuration, use the no form of this command.
replicate casa listening-ip remote-ip port [interval] [password [0|7] password [timeout]]
no replicate casa listening-ip remote-ip port
Syntax Description
Defaults
The interval default is 10 seconds.
The password encryption default is 0 (unencrypted).
The password timeout default is 180 seconds.
Command Modes
Firewall farm configuration
Command History
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout the backup switch sends packets with the old password (or null, if there is no old password) and receives packets with either the old or new password. After the timeout expires the backup switch sends and receives packets only with the new password.
When setting a new password timeout, follow these guidelines:
•
•
Examples
The following example configures a stateful backup SLB switch with a local (listening) IP address of 10.10.10.11 and a remote (destination) IP address of 10.10.11.12, over HTTP port 4231:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231SLB-Switch(config-slb-fw)#Related Commands
Displays the configuration of IOS SLB IP replication.
Displays information about a firewall farm configuration.
replicate casa (http redirect)
Use the replicate casa (http redirect) command to configure a stateful backup of IOS SLB decision tables to a backup switch. To remove a replicate casa configuration, use the no form of this command.
replicate casa local_address remote_address port [replication_timer] [passwd [timeout]]
no replicate casa local_address remote_address port
Syntax Description
Defaults
No default behavior or values
Command Modes
HTTP redirect configuration
Command History
Examples
The following example configures a stateful backup SLB switch with a local (listening) IP address of 10.10.10.11 and a remote (destination) IP address of 10.10.11.12, over HTTP port 4231:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231SLB-Switch(config-slb-fw)#Related Commands
Displays the configuration of IOS SLB IP replication.
Displays information about a virtual server.
replicate casa (virtual server)
Use the replicate casa (virtual server) command to configure a stateful backup of IOS SLB decision tables to a backup switch. To remove a replicate casa configuration, use the no form of this command.
replicate casa listening-ip remote-ip port [interval] [password [0|7] password [timeout]]
no replicate casa listening-ip remote-ip port
Syntax Description
Defaults
The interval default is 10 seconds.
The password encryption default is 0 (unencrypted)
The password timeout default is 180 seconds.
Command Modes
Virtual server configuration
Command History
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout the backup switch sends packets with the old password (or null, if there is no old password) and receives packets with either the old or new password. After the timeout expires the backup switch sends and receives packets only with the new password.
When setting a new password timeout, follow these guidelines:
•
•
Examples
The following example configures a stateful backup SLB switch with a listening IP address of 10.10.10.11 and a remote (destination) IP address of 10.10.11.12, over HTTP port 4231:
SLB-Switch(config)# ip slb vserver VS1SLB-Switch(config-slb-vserver)# replicate casa 10.10.10.11 10.10.11.12 4231SLB-Switch(config-slb-vserver)#Related Commands
Displays the configuration of IOS SLB IP replication.
Displays information about a virtual server.
request method, request url
Use the request method or request url command to configure an HTTP probe to check the status of a real server. To remove a request method or request url configuration, use the no form of these commands.
request method {get | post | head | name name [url path]}
no request method {get | post | head | name name [url path]}
Syntax Description
Defaults
If no values are configured following the method keyword, the default is get.
If no URL path is set to the server, the default is ''/''.
Command Modes
HTTP SLB probe configuration
Command History
Usage Guidelines
The request method command configures the HTTP SLB probe method used to receive data from the server. Only one HTTP SLB probe can be configured for each server farm.
Examples
The following example configures an HTTP SLB probe named DOGULA, changes the CLI to SLB probe submode, and then configures HTTP requests to use the post method and the URL /probe.cgi?all:
SLB-Switch(config)# ip slb probe DOGULA http
SLB-Switch(config-slb-probe)# request method post url /probe.cgi?all
SLB-Switch(config-slb-probe)#
Related Commands
Configures the IP SLB HTTP probe name.
Displays an SLB HTTP probe configuration.
retry
Use the retry command to specify the amount of time that must elapse before a new connection is attempted to a failed server. To restore the default retry value, use the no form of this command.
retry retry-value
no retry
Syntax Description
retry-value
Interval of time, in seconds, that must elapse after the detection of a server failure before a new connection to the server is attempted. Valid values range from 1 to 3600.
Defaults
Retry-value default: 60 seconds
Command Modes
Real server configuration
Command History
Examples
The following example specifies that 120 seconds must elapse after the detection of a server failure before a new connection is attempted:
SLB-Switch(config)# ip slb serverfarm PUBLICSLB-Switch(config-slb-sfarm)# real 10.10.1.1SLB-Switch(config-slb-real)# retry 120SLB-Switch(config-slb-real)#Related Commands
Identifies a real server.
Displays information about the server farm configuration.
Displays information about the real servers.
serverfarm
Use the serverfarm command to associate a real server farm with a virtual server. To remove the server farm association from the virtual server configuration, use the no form of this command.
serverfarm serverfarm-name
no serverfarm
Syntax Description
serverfarm-name
Name of a server farm that has already been defined using the ip slb vserver command.
Defaults
No default behavior or values
Command Modes
Virtual server configuration
Command History
Examples
The following example shows how the ip slb vserver, virtual, and serverfarm commands are used to associate a real server farm named PUBLIC with a virtual server named PUBLIC_HTTP.
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# virtual 10.0.0.1 tcp wwwSLB-Switch(config-slb-vserver)# serverfarm PUBLICSLB-Switch(config-slb-vserver)#Related Commands
Configures the virtual server attributes.
Displays information about the virtual servers.
show ip slb conns
Use the show ip slb conns command to display active IOS SLB connections.
show ip slb conns [vserver virtserver-name] [client ip-address] [firewall firewallfarm-name] [detail]
Syntax Description
Defaults
If no options are specified, the command displays output for all active IOS SLB connections.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.0(13)WT6(1)
The firewall keyword and firewallfarm-name variable were added.
Examples
The following example shows how to display Cisco IOS SLB active connection data:
SLB-Switch# show ip slb connsvserver prot client real state----------------------------------------------------------------------------TEST TCP 7.150.72.183:328 80.80.90.25:80 INITTEST TCP 7.250.167.226:423 80.80.90.26:80 INITTEST TCP 7.234.60.239:317 80.80.90.26:80 ESTABTEST TCP 7.110.233.96:747 80.80.90.26:80 ESTABTEST TCP 7.162.0.201:770 80.80.90.30:80 CLOSINGTEST TCP 7.22.225.219:995 80.80.90.26:80 CLOSINGTEST TCP 7.2.170.148:169 80.80.90.30:80 ZOMBIESLB-Switch#Table A-1 describes the fields in the display.
show ip slb dfp
Use the show ip slb dfp command to display DFP agent and manager information, such as passwords, timeouts, retry counts, and weights.
show ip slb dfp [agent ip_addr port | manager [ip_addr] | detail | weights]
Syntax Description
Defaults
If no options are specified, the command displays summary information.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows all available IOS SLB DFP data:
SLB-Switch# show ip slb dfp detailDFP Manager:Current passwd:NONE Pending passwd:NONEPasswd timeout:0 secUnexpected errors:0DFP Agent 161.44.2.34:61936 Connection state:ConnectedTimeout = 0 Retry Count = 0 Interval = 180 (Default)Security errors = 0Last message received:10:20:26 UTC 11/02/99Last reported Real weights for Protocol TCP, Port wwwHost 17.17.17.17 1 Weight 1Host 68.68.68.68 Bind ID 4 Weight 4Host 85.85.85.85 Bind ID 5 Weight 5Last reported Real weights for Protocol TCP, Port 22Host 17.17.17.17 Bind ID 111 Weight 111SLB-Switch#The following example shows information about weights:
SLB-Switch# show ip slb dfp weightsReal IP Address 17.17.17.17 Protocol TCP Port 22 Bind_ID 111 Weight 111Set by Agent 161.44.2.3458490 at 132241 UTC 12/03/99Real IP Address 17.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1Set by Agent 161.44.2.3458490 at 132241 UTC 12/03/99Real IP Address 68.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4Set by Agent 161.44.2.3458490 at 132241 UTC 12/03/99Real IP Address 85.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5Set by Agent 161.44.2.3458490 at 132241 UTC 12/03/99SLB-Switch#The following example, with no options specified, shows summary information:
SLB-Switch# show ip slb dfpDFP Manager:Current passwd:NONE Pending passwd:NONEPasswd timeout:0 secAgent IP Port Timeout Retry Count Interval--------------------------------------------------------161.44.2.34 61936 0 0 180 (Default)SLB-Switch#Table A-2 describes the fields in the preceding example.
show ip slb enable-url
Use the show ip slb enable-url command to display the enable or disable URL load balancing status for all 10/100 FE ports.
show ip slb enable-url
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example displays the status of URL load balancing on 10/100 FE ports:
SLB-Switch# show ip slb enable-urlPorts 1-40 are enabled for URL load balancingSLB-Switch#Related Commands
show ip slb fast-ethernet client
Use the show ip slb fast-ethernet client command to display information about FastEthernet
10/100BASE-T ports.show ip slb fast-ethernet client
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example shows output when ports 37 through 40 are not enabled for client connections:
SLB-Switch# show ip slb fast-ethernet clientPorts 37-40 are configured for fast-ethernet clientsSLB-Switch#The following example shows output when ports 37 through 40 are enabled for client connections:
Router# show ip slb fast-ethernet clientPorts 37-40 are configured for fast-ethernet clientsSLB-Switch#show ip slb firewallfarm
Use the show ip slb firewallfarm command to display information about a firewall farm configuration.
show ip slb firewallfarm [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example shows firewall farm data:
SLB-Switch# show ip slb firewallfarmfirewall farm hash state reals------------------------------------------------FIRE1 IPADDR OPERATIONAL 2SLB-Switch#
Table A-3 describes the fields in the display.
show ip slb map
Use the show ip slb map command to display information about URL maps.
show ip slb map
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
This example shows how to display URL maps associated with a Content Switching policy.
SLB-Switch# show ip slb mapURL map M1 rules:/SLB-Switch#show ip slb natpool
Use the show ip slb natpool command to display an IP SLB NAT configuration.
show ip slb natpool [name pool-name] [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC configuration
Command History
Examples
The following example displays results of the default show ip slb natpool command:
SLB-Switch# show ip slb natpoolnat client B 1.1.1.6 1.1.1.8 Netmask 255.255.255.0nat client A 1.1.1.1 1.1.1.5 Netmask 255.255.255.0The following example displays the show ip slb natpool command with the detail variable:
SLB-Switch# show ip slb natpool detailnat client A 1.1.1.1 1.1.1.5 Netmask 255.255.255.0Start NAT Last NAT Count ALLOC/FREE-------------------------------------------------------1.1.1.1:11001 1.1.1.1:16333 0005333 ALLOC1.1.1.1:16334 1.1.1.1:19000 0002667 ALLOC1.1.1.1:19001 1.1.1.5:65535 0264675 FREEnat client B 1.1.1.6 1.1.1.8 Netmask 255.255.255.0Start NAT Last NAT Count ALLOC/FREE-------------------------------------------------------1.1.1.6:11001 1.1.1.6:16333 0005333 ALLOC1.1.1.6:16334 1.1.1.6:19000 0002667 ALLOC1.1.1.6:19001 1.1.1.8:65535 0155605 FREESLB-Switch#Related Commands
show ip slb policy
Use the show ip slb policy command to display an IP SLB policy configuration.
show ip slb policy
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC configuration
Command History
Examples
This example shows how to display the policies associated with a URL-based content switching policy named POLICY_CONTENT.
SLB-Switch#show ip slb policyURL policy: P1url map: M1serverfarm: SF1URL policy: POLICY_CONTENTurl map: URL_MAP_1serverfarm: NEW_SERVERFARMURL policy: SHOWurl map:serverfarm:SLB-Switch#Related Commands
show ip slb probe
Use the show ip slb probe command to display HTTP or ping probe data.
show ip slb probe [name probe_name] [ping] [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
12.1(2)E
This command was introduced.
12.0(10)WX5(18A)
The ping keyword was introduced.
Examples
The following example shows SLB HTTP probe data:
SLB-Switch# show ip slb probeServer:Port State Outages Current Cumulative----------------------------------------------------------------10.10.4.1:0 OPERATIONAL 0 never 00:00:0010.10.5.1:0 FAILED 1 00:00:06 00:00:06SLB-Switch#Table A-4 describes the fields in the display.
Table A-4 show ip slb probe Command Field Information
show ip slb reals
Use the show ip slb reals command to display information about real servers.
show ip slb reals [vserver virtserver-name] [detail]
Syntax Description
Defaults
If no options are specified, the command displays information about all real servers.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows IOS SLB real server data:
SLB-Switch# show ip slb realsreal server farm weight state conns----------------------------------------------------------------80.80.2.112 FRAG 8 OUTOFSERVICE 080.80.5.232 FRAG 8 INSERVICE 080.80.15.124 FRAG 8 OUTOFSERVICE 080.254.2.2 FRAG 8 OUTOFSERVICE 080.80.15.124 LINUX 8 INSERVICE 080.80.15.125 LINUX 8 INSERVICE 080.80.15.126 LINUX 8 INSERVICE 080.80.90.25 SRE 8 INSERVICE 22080.80.90.26 SRE 8 INSERVICE 21680.80.90.27 SRE 8 INSERVICE 21680.80.90.28 SRE 8 TESTING 180.80.90.29 SRE 8 INSERVICE 22180.80.90.30 SRE 8 INSERVICE 22480.80.30.3 TEST 100 READY_TO_TEST 080.80.30.4 TEST 100 READY_TO_TEST 080.80.30.5 TEST 100 READY_TO_TEST 080.80.30.6 TEST 100 READY_TO_TEST 0SLB-Switch#Table A-5 describes the fields in the display.
show ip slb replicate
Use the show ip slb replicate command to display SLB replication configuration.
show ip slb replicate
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example displays information about the SLB replication configuration:
SLB-Switch# show ip slb replicate
VS1, local = 10.10.99.132 remote = 10.10.99.99 port = 1024
current password = none pending password = none
password timeout = 180 sec (Default)
unsent conn updates: 0
conn updates received: 32
conn updates transmitted: 471
update packets received: 12
update packets transmitted: 34
failovers: 0
SLB-Switch#show ip slb serverfarms
Use the show ip slb serverfarms command to display information about a server farm.
show ip slb serverfarms [name serverfarm-name] [detail]
Syntax Description
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example shows IOS SLB server farm data:
SLB-Switch# show ip slb serverfarmsserver farm predictor reals bind id-------------------------------------------------FRAG ROUNDROBIN 4 0LINUX ROUNDROBIN 3 0SRE ROUNDROBIN 6 0TEST ROUNDROBIN 4 0SLB-Switch#Table A-6 describes the fields in the display.
show ip slb stats
Use the show ip slb stats command to display SLB statistics.
show ip slb stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Examples
The following example shows IOS SLB statistics:
SLB-Switch# show ip slb statsPkts via normal switching: 530616Pkts via special switching:1812710Connections Created: 783774Connections Established: 633418Connections Destroyed: 782752Connections Reassigned: 0Zombie Count: 0SLB-Switch#Table A-7 describes the fields in the display.
show ip slb sticky
Use the show ip slb sticky command to display the IOS SLB sticky database.
show ip slb sticky [client ip_address]
Syntax Description
client
(Optional) Keyword that specifies to display the sticky database entries associated with a particular client IP address.
ip_address
(Optional) IP address of the client.
Defaults
If no options are specified, the command displays information about all virtual servers.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows the IOS SLB sticky database:
SLB-Switch# show ip slb stickyclient netmask group real conns-----------------------------------------------------------------------10.10.2.12 255.255.0.0 4097 10.10.3.2 1SLB-Switch#Table A-8 describes the fields in the display.
show ip slb vservers
Use the show ip slb vservers command to display information about virtual servers.
show ip slb vservers [name virtserver-name] [detail]
Syntax Description
Defaults
If no options are specified, the command displays information about all virtual servers.
Command Modes
Privileged EXEC
Command History
Examples
The following example shows virtual server data:
SLB-Switch# show ip slb vserversslb vserver prot virtual state conns------------------------------------------------------------------TEST TCP 80.80.254.3:80 INSERVICE 1013TEST21 TCP 80.80.254.3:21 OUTOFSERVICE 0TEST23 TCP 80.80.254.3:23 OUTOFSERVICE 0SLB-Switch#Table A-9 describes the fields in the display.
standby
Use the standby command to configure Hot Standby Router Protocol (HSRP) priority, preemption, or preemption delay. To restore the default values, use the no form of this command.
standby [group-number] {priority priority | preempt [delay delay]}
no standby [group-number] {priority priority | preempt [delay delay]}
Syntax Description
Defaults
group-number: 0
priority: 100
delay: 0 seconds (if a condition develops that will cause the router to preempt, the router will do so immediately)
Command Modes
Interface configuration
Command History
Usage Guidelines
When using this command, you must specify at least one keyword (priority or preempt), or you can specify both.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
The device's priority can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.
When a router first comes up, it does not have a complete routing table. If the router is configured to preempt, it will become the active router, but it is unable to provide adequate routing services. This problem is solved by configuring a delay before the preempting router actually preempts the currently active router.
Examples
In the following example, the router has a priority of 120 (higher than the default value) and will wait for 300 seconds (5 minutes) before attempting to become the active router:
SLB-Switch(config)# interface fastethernet 1
SLB-Switch(config-if)# standby ip 172.19.108.254SLB-Switch(config-if)# standby priority 120 preempt delay 300SLB-Switch(config-if)#Related Commands
Configures the standby track on an interface so that the hot standby priority changes based on the availability of other interfaces.
standby authentication
Use the standby authentication command to configure an authentication string for Hot Standby Router Protocol (HSRP). To delete an authentication string, use the no form of this command.
standby [group-number] authentication string
no standby [group-number] authentication string
Syntax Description
group-number
(Optional) Group number on the interface to which this authentication string applies.
string
Authentication string; can be up to eight characters.
Defaults
group-number: 0
string: cisco
Command Modes
Interface configuration
Command History
Usage Guidelines
The authentication string is transmitted unencrypted in all HSRP messages. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP. Authentication mismatch does not prevent protocol events, such as one router taking over as the designated router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
In the following example, "word" is configured as the authentication string required to allow Hot Standby routers in group 1 to interoperate:
SLB-Switch(config)# interface fastethernet 1
SLB-Switch(config-if)# standby 1 authentication wordSLB-Switch(config-if)#
standby name
Use the standby name command to specify an HSRP group name with which to associate an IOS SLB interface. To remove the group name association on the interface, use the no form of this command.
standby [group-number] name group-name
no standby [group-number] name group-name
Syntax Description
group-number
(Optional) Group number of the interface to which the timers apply.
group-name
HSRP group name with which the IOS SLB virtual server is associated.
Defaults
The default group number is 0.
Command Modes
Interface configuration
Command History
Examples
In the following example, HSRP is enabled for group number 1 with group name Web-Group, on Ethernet port 0 on the EIP that is installed in slot 5:
SLB-Switch(config)# interface Ethernet5/0SLB-Switch(config-if)# ip address 172.18.48.154 255.255.255.128SLB-Switch(config-if)# standby 1 ip 172.18.48.124SLB-Switch(config-if)# standby 1 priority 2 preemptSLB-Switch(config-if)# standby 1 name Web-GroupSLB-Switch(config-if)#standby timers
Use the standby timers command to configure the time between hellos and the time before other routers declare the active HSRP router or the standby router to be down. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers hellotime holdtime
no standby [group-number] timers hellotime holdtime
Syntax Description
Defaults
group-number: 0
hellotime: 3 seconds
holdtime: 3 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
The standby timers command configures the time between standby hellos and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a HSRP group should use the same timer values. Holdtime normally is greater than or equal to 3 times hellotime (holdtime > 3 * hellotime).
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
In the following example, for group number 1 on Fast Ethernet interface 1, the time between hello packets is set to 5 seconds, and the time after which a router is considered to be down is set to 15 seconds:
SLB-Switch(config)# interface fastethernet 1 SLB-Switch(config-if)# standby 1 ip SLB-Switch(config-if)# standby 1 timers 5 15 SLB-Switch(config-if)#standby track
Use the standby track command to configure an interface so that the HSRP priority changes based on the availability of other interfaces. To remove tracking, use the no form of this command.
standby [group-number] track type number [interface-priority]
no standby [group-number] track type number [interface-priority]
Syntax Description
Defaults
group-number: 0
interface-priority: 10
Command Modes
Interface configuration
Command History
Usage Guidelines
This command ties the router's HSRP priority to the availability of its interfaces. It is useful for tracking interfaces that are not configured for HSRP.
When a tracked interface goes down, the HSRP priority decreases by 10. If an interface is not tracked, its state changes do not affect the HSRP priority. For each interface configured for HSRP, you can configure a separate list of interfaces to be tracked.
The optional argument interface-priority specifies how much to decrement the HSRP priority by when a tracked interface goes down. When the tracked interface comes back up, the priority is incremented by the same amount.
When multiple tracked interfaces are down and interface-priority values have been configured, these configured priority decrements are cumulative. If tracked interfaces are down but none of them was configured with priority decrements, the default decrement is 10 and it is noncumulative.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
In the following example, Fast Ethernet interface 1 tracks Fast Ethernet interface 10 and Gigabit Ethernet interface 49. If one or both of these two interfaces go down, the hot standby priority of the router decreases by 10. Because the default hot standby priority is 100, the priority becomes 90 when one or both of the tracked interfaces go down.
SLB-Switch(config)# interface fastethernet 1SLB-Switch(config-if)# ip address 198.92.72.37 255.255.255.240SLB-Switch(config-if)# no ip redirectsSLB-Switch(config-if)# standby track fastethernet 10SLB-Switch(config-if)# standby track gigabitethernet 49SLB-Switch(config-if)# standby preemptSLB-Switch(config-if)# standby ip 198.92.72.46SLB-Switch(config-if)#Related Commands
sticky (firewall farm TCP protocol)
Use the sticky (firewall farm TCP protocol) command to assign all connections from a client to the same firewall. To remove the client/firewall coupling, use the no form of this command.
sticky duration
no sticky
Syntax Description
Defaults
No default behavior or values
Command Modes
Firewall farm TCP protocol configuration
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# tcpSLB-Switch(config-slb-fw-tcp)# sticky 60SLB-Switch(config-slb-fw-tcp)#Related Commands
Displays information about the firewall farm configuration.
Displays information about the firewall farm sticky configuration.
tcp
Initiates TCP protocol configuration mode.
sticky (firewall farm UDP protocol)
Use the sticky (firewall farm UDP protocol) command to assign all connections from a client to the same firewall. To remove the client/firewall coupling, use the no form of this command.
sticky duration
no sticky
Syntax Description
Defaults
No default behavior or values
Command Modes
Firewall farm UDP protocol configuration
Command History
Examples
The following example specifies that if a client's subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# udpSLB-Switch(config-slb-fw-udp)# sticky 60SLB-Switch(config-slb-fw-udp)#Related Commands
Displays information about the firewall farm configuration.
Displays information about the firewall farm sticky configuration.
udp
Initiates UDP protocol configuration mode.
sticky (virtual server)
Use the sticky (virtual server) command to assign all connections from a client to the same real server. To remove the client/server coupling, use the no form of this command.
sticky duration [group group-id] [netmask netmask]
no sticky
Syntax Description
Defaults
Sticky connections are not tracked.
Virtual servers are not associated with any groups.
Command Modes
Virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(2)E
The netmask keyword and netmask variable were added.
Usage Guidelines
The last real server that was used for a connection from a client is stored for the duration value. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
Examples
The following example specifies that if a client's subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
SLB-Switch(config)# ip slb vserver VS1SLB-Switch(config-slb-vserver)# sticky 60 group 10SLB-Switch(config-slb-vserver)#Related Commands
Displays information about the virtual server or firewall farm sticky configuration.
Displays information about the virtual servers.
Configures the virtual server attributes.
synguard
Use the synguard command to limit the rate of TCP SYNs handled by a virtual server to prevent a SYN flood denial-of-service attack. To remove the threshold, use the no form of this command.
synguard syn-count [interval]
no synguard
Syntax Description
Defaults
Syn-count default: 0 (off)
Interval default: 100 ms
Command Modes
Virtual server configuration
Command History
Examples
The following example sets the threshold of unanswered SYNs to 50:
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# synguard 50SLB-Switch(config-slb-vserver)#Related Commands
Displays information about the virtual servers.
Configures the virtual server attributes.
tcp
Use the tcp command to initiate TCP protocol configuration mode.
tcp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Firewall farm configuration
Command History
Examples
The following example initiates TCP protocol configuration mode:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# tcpSLB-Switch(config-slb-fw-tcp)# exitSLB-Switch(config)#Related Commands
udp
Use the udp command to initiate UDP protocol configuration mode.
udp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Firewall farm configuration
Command History
Examples
The following example initiates firewall farm configuration mode, identifies a firewall farm named FIRE1, and then initates UDP protocol configuration mode:
SLB-Switch(config)# ip slb firewallfarm FIRE1SLB-Switch(config-slb-fw)# udpSLB-Switch(config-slb-fw-udp)# exitSLB-Switch(config)#Related Commands
url case-enable
Use the url case-enable command to enable or disable url case sensitivity for a virtual server.
url case-enable
no url case-enable
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
Virtual server configuration
Command History
Examples
The following example shows how to enable case sensitivity for URLs received in connections coming from virtual server VS1:
SLB-Switch# configure terminalSLB-Switch(Config)#ip slb vserver VS1SLB-Switch(Config-slb-vserve)#url case-enableSLB-Switch(Config-slb-vserve)#exitSLB-Switch(Config)#exiturl-map
Use the url-map command to configure a URL map name. To remove a URL map, use the no form of this command.
url-map url-map-name
no url-map url-map-name
Syntax Description
Defaults
No default behavior or values
Command Modes
URL map configuration
Command History
Examples
This example shows how configure a URL map:
SLB-Switch(config)# ip slb policy policy_contentSLB-Switch(config-slb-policy)# serverfarm new_serverfarmSLB-Switch(config-slb-policy)# url-map url_map_1SLB-Switch(config-slb-policy)# exitSLB-Switch(config)#Related Commands
virtual
Use the virtual command to configure virtual server attributes. To remove the attributes, use the no form of this command.
virtual ip-address {tcp | udp} [port] [service service-name]
no virtual
Syntax Description
Defaults
No default behavior or values
Command Modes
Virtual server configuration
Command History
Usage Guidelines
The no virtual command is allowed only if the virtual server was removed from service by the no inservice command.
For some applications, it is not practical to configure all the virtual server port numbers for IOS SLB. To support such applications, you can configure IOS SLB virtual servers to accept traffic destined for all ports. To configure an all-port virtual server, specify a port number of 0.
Note
Examples
The following example specifies that the virtual server with the IP address 10.0.0.1 performs load balancing for TCP connections for the port named www. The virtual server processes HTTP requests.
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# virtual 10.0.0.1 tcp wwwSLB-Switch(config-slb-vserver)#The following example specifies that the virtual server with the IP address 10.0.0.13 performs load balancing for UDP connections for all ports. The virtual server processes HTTP requests.
SLB-Switch(config)# ip slb vserver PUBLIC_HTTPSLB-Switch(config-slb-vserver)# virtual 10.0.0.13 udp 0SLB-Switch(config-slb-vserver)#Related Commands
webhost backup
Use the webhost backup command to specify the relocation string to be sent in response to HTTP requests to the host name when there is no available real server. To remove a webhost backup, use the no form of this command.
webhost number backup backup-string {301 | 302}
no webhost number backup backup-string {301 | 302}
Syntax Description
Defaults
No default behavior or values
