Cisco CSS – Deny traffic based on User-Agent header

Within this article we will show you how to deny traffic based on the HTTP User-Agent header. This is achieved by configuring a header-field-group. Within this group we define a header string rule that matches any header that does not contain a defined string. This group is then associated to a content rule. header-field-group deny-agent … Read more

High CPU Usage on a Cisco CSS

Issue The Cisco CSS is showing a high level of CPU usage, even though the networking throughput does not appear excessively high nor is there a large number of EQL or DQL`s configured. CSS11501# sh system-resources cpu Chassis CPU Utilizations Module Name Module 5Sec 1Min 5Min —————————————————- CSS501-SCM-INT 1 90% 88% 75% CSS501-SSL-C-INT 2 0% … Read more

Cisco CSS: Display the CPU Usage for Each Process

Though the Cisco CSS does not provide a direct command to display the CPU usage on a per process basis, this can be achieved via the following commands from within the llama debug utility. CSS# llama  CSS(debug)# symbol-table load SPRITZ CSS(debug)# shell 1 1 spy CSS(debug)# shell 1 1 spyReport CSS(debug)# shell 1 1 spyStop … Read more

Cisco CSS address translation

The Cisco CSS offers 2 address translation methods ; source groups and destination groups. Source Group When a connection is initiated outbound through the Cisco CSS (from any of the group services) the source IP is translated to the groups VIP address.Source group servers are defined using the add service [service name] command. Example : … Read more

Upgrading to Cisco CSS (or higher): Slow Network Performance

Symptoms Slow network performance when accessing back-end servers through a Cisco CSS running (or higher). Background Cisco CSS (and lower) did not support window scaling. This meant that the initial window scale option announced within the 3 way handshake was not propagated to the server. This issue was resolved within (CSCsk92868), however … Read more

Cisco CSS – Configuring a Sorry Server

A sorry server provides HA (Primary/Secondary) based balancing for your backend servers. This allows traffic to only route to the sorry server in the event of the primary service becoming unreachable. Below details the configuration. This example sets server 1 as the primary server and server 2 as the secondary server. Configure Services service server1                   … Read more

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial