Cisco :: ACS 5.4 Distributed Pair Installation
Apr 20, 2013
We would like to install a pair of ACS 5.4 apliance as primary /backup in our two datacentres.I have some question regarding degin.
1- We have 800+ network device to monitor , can we install by range of address instead of instlling one by one in device host database ?
2- Do We have to install all 800 device first on Primary and then again on backup or Primary will replicate to backup server?
3- We do not have real IP address yet, so if we built with dummy address and make them pair and all the database sync, then when we change their IP address, will the distributed primary pair will have any issue with backup ACS server?
View 7 Replies
ADVERTISEMENT
Mar 11, 2012
We have a pair of N7K distribution switches connected to a pair of N7K Aggregation switches.We run vPC on both pairs of n7k's.
-n7k-d1 has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC1)
-n7k-d2 also has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC2)
My problem is that Spanning-Tree is blocking PC2 and all traffic from n7k-d2 is traversing the Peer-Link before reaching the Aggregation layer. Is this the best design for connecting two pairs of n7k's with vPC or if a better design would be to connect all 4 links into the same Port-Channel and vPC?
View 7 Replies
View Related
Dec 28, 2011
I've got a router on which I run a backup/media/print server, a couple of computers and a voip box. My router has only four ethernet lan sockets which are thus all occupied by the above, but I need to attach at least one further device b
Secondly, could a splitter such as >> this one << do the job? I'm guessing this basically split a single 4-pair ethernet connection into two 2-pair ethernet connections.
View 2 Replies
View Related
Nov 20, 2012
I have got a very basic/fundamental doubt.I would like to know how a bandwidth gets distributed in switches.for example consider a scenario where i have a coreswitch A and coreswitch B connected between each other througha a 1Giga Fiber now each of my core switche are connected to two edge switches through fiber links. all edge switches have giga ports. now if i connect a pc with giga link in th edge switch of coreswitch A and tansfer a file to a PC connnected to the edge switch in network B.how does the switch allocate/distribute bandwidth?
View 2 Replies
View Related
Mar 22, 2012
what's the best way to apply a patch in ACS 5.2 distributed configuration ?
View 1 Replies
View Related
Oct 17, 2011
I just purchased a Dlink DSL-2750U today which I am using with my ADSL connection. I have three wired computers using this connection and no wireless systems at the moment. I would like to know if it's possible to share the bandwidth evenly amongst these three computers? The other two computers are hogging on the bandwidth leaving me with barely anything to work with.
View 6 Replies
View Related
Feb 3, 2011
I was wondering if the following scenario would work:
2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).
Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as Source MAC address when the TMG servers are respondign to requests.Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?
View 7 Replies
View Related
Dec 23, 2011
I was looking to 6500 series switches. I saw DFC4 module (WS-F6K-DFC4-A, WS-F6K-DFC4-AXL) and (WS-F6K-DFC4-E, WS-F6K-DFC4-EXL). Data sheet for supervisor engine 2T wrote that for maximum performance you should DFC4. I'm a bit confused. I didn't any useful information about it:
1. DFC4 is a separate module(consumes 1 slot)? Does it have any ports on it?
2. Is it a daughter card? If yes, should it be installed on supervisor or it should be installed on line cards?
View 7 Replies
View Related
Feb 29, 2012
When UDP is more preferable over TCP in distributed systems? Why?
View 1 Replies
View Related
Dec 1, 2012
I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.
View 3 Replies
View Related
Apr 17, 2013
I have 2 5508 that are currently running as active with 150 licenses each. I want to go to HA SSO can 100 of the licenses be relicensed to the primary since it only requires 50 licenses to convert an active license 5508 to standby HA SSO?
View 3 Replies
View Related
Oct 31, 2012
i am trying to setup a failover pair on Cisco asa 5520 - need a state full failover. Do i need two ports dedicated to obtain the above - one for LAN based failover and one for state full fail over ? also do i need a switch in between to connect them ?
View 11 Replies
View Related
Feb 7, 2013
For some weeks I have been trying to pair my Samsung Galaxy S2 with my Lenovo Thankpad SL500. The consistent message is "Unable to pair with [laptop]. Incorrect PIN or PASSWORD.
Well which is? PIN? or PASSWORD? - or does the system not know, so it's taking a guess? If it doesn't know, how can I possibly know?
Having read many articles about his on the www, I am still none the wiser as to what is causing this. What's wrong with the PIN or PASSWORD - is it too hot, or too cold? Wrong font face, colour or size? Wrong latitiude, longitude or elevation? Wrong time of day or month? Are the auspices in general not favourable? Am I facing in the wrong direction as I type? Have I chosen the wrong weight/color of paper for my printer? Is my body odor unacceptable? Is the length of grass in my lawn not quite right? Oh, the number of options is so large - where does one start?
Oh, and before I forget - assuming I can find what constitutes a correct PIN or PASSWORD, where does one set it? btw pairing this phone with the media player in my 10 year old car works immediately and flawlessly!
View 10 Replies
View Related
Jan 14, 2013
Is it possible to run a large LAN over copper twisted pair cables?This is to connect 41 PC's that monitor fire systems on a large hospital site.I am trying to use the existing cable that is wired in a loop all round the site.
View 2 Replies
View Related
Oct 31, 2012
I have a long 2 pair cat 5 cable which I want to use to connect a ADSL modem to my desktop (located in a different room). I took the cable to few local computer dealers but none of them could connect an RJ-45 connector to it. They can only connect a 4 pair cat 5 cable. Connect a 2 pair cat 5 Ethernet cable to a RJ-45 connector. Kindly use simple language. I have attached an image of the cable for your reference. [URL]
View 5 Replies
View Related
Oct 30, 2011
My colleague wants to use our load balancers for VPN. We are coming off 3030s which are serving remote access IPSec as well as terminating LAN to LAN tunnels for like 7 sites.I want to secure the 5540s behind our front end 5585Xs when we move prod to the new dc.We have no immediate need for clientless but need to support osx lion and IPSec client does not. Thats all that's driving this effort currently. I already reminded mgmt that the 3030 and the IPSec client are end of life.I just think anyconnect is the better solution based on current skillset and the popularity of the solution.
View 2 Replies
View Related
Apr 15, 2013
I have a running ASA5520 in my network and recently we plan to add a failover pair as a standby unit for the running asa. Both of the ASA have the same specs and software. the only thing that the soon to be secondary ASA does not have is the AnyConnect Essential license. is it still possible for the unit to be the standby unit?
below is the license capture from both of the unit.
Running ASA:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
[Code].....
View 3 Replies
View Related
May 3, 2012
I already know that there is an option using Patton Copper Link Ethernet extender to interconnect a remote LAN with this device. Do you know if this is possible using Cisco 888-K9 or any other Cisco Device ?
View 2 Replies
View Related
Mar 20, 2012
We have recently got 2 of our Cisco ASA 5520 firewalls through RMA. These are supposed to run in a Active/Active Failover Pair. There was only 1 RMA request that was opened for both the firewalls. We have received only 1 Activation key for this RMA request for both the firewalls. Just want to check with you if this Activation key will work on both firewalls or do we need a get a seperate one for the other box.
View 1 Replies
View Related
Feb 6, 2011
I'm trying to set up remote access IPsec VPN on a pair of ASA 5540 without much success. I can connect with a client on the outside, and when I try to ping something on the inside I can see the ping requests reach the target but the answers don't come back to the VPN client. I've tried with different NAT rules without success.
View 3 Replies
View Related
Oct 30, 2012
I want to clear the keys on a 2821 and generate new ones using the command crypto key zeroize command but I don't see this command available as an option. Below is the output of the available options..
ROUTER#crypto key ?
lock Lock a keypair.
unlock Unlock a keypair.
[Code]....
View 1 Replies
View Related
Nov 11, 2012
I have a pair of ASA5510 currently running as a failover pair. For some reason we need to move one of the firewall to another site, is there any best practice on splitting up the failover pair then I can re-configure the secondary unit offline?
I'm thinking to power down the secondary unit, unplug it from the network totally then erase the configuration on the secondary unit on console so I can re-configure it. For the primary unit, I will disable the faiolver config by "no failover" on the primary unit. Is that necessarily all thing for splitting up the failover cluster?
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB(code)
View 2 Replies
View Related
Mar 3, 2011
I have one ASA 5520 up and runnign, with complete configuration (ssl customization, DAP, CSD...) with bunch of files on flash drive, etc. I am using software 8.3Now I received one 5520 that I want to use failover, it is with 8.3, I will make sure that ASDM is also the same on both...
So, my question is how to make my running ASA to become primary and to push all info (config, files on flash, etc) to new ASA?
I found few examples, but nothing tells me how to force one ASA to be the source for sync.
View 2 Replies
View Related
Aug 17, 2011
I am a bit unclear as to the upgrade path I should take - I have 2 ASA 5510s in active/standby running 8.0(4)34 and would like to upgrade to 8.2.5. Do I need to first upgrade to 8.0.(5) before upgrading to 8.2.5, or can I just jump straight to 8.2.5?
View 4 Replies
View Related
Aug 26, 2011
Is this this possible to set up two as a redundant pair as you can do with say a pair of 5510s?
View 3 Replies
View Related
Jun 10, 2013
I am trying to setup prime LMS 4.2 with a pair of soft appliance. As I understand that HA is possible with the use of veritas/vmware for windows/solaris; I was wondering what are the possible high availability options available with a pair of prime LMS appliances? Can it form active/secondary with data synchronization/data redundancy of the LMS on top of the traditional backup/restore of the lms?
View 1 Replies
View Related
Nov 29, 2012
Plan on a 2921 with 1 HWIC-4SHDSL as the CO end.I'd like to use 4 1-pair groups to connect to 4 respective CPE 888's.
View 2 Replies
View Related
Aug 20, 2012
how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
View 5 Replies
View Related
Jan 6, 2012
I'll be upgrading an HA pair of ASA 5520s next week, and wanted to clarify the procedure. I read "Upgrading an Active/Standby Failover Configuration" at [URL] which suggests placing the image on both units, updating boot statements, then issuing failover reload-standby. But I was wondering if there's a way to a way to be a bit safer. I'd like to modify the standby unit, without affecting the config on the active. So I'd like to modify the boot statement on the standby without modifying the active config. That way incase there's a problem and the active reboots, it won't upgrade.
Can I modify the config on the standby without affecting the active? Then I'd like to test the newly upgraded unit with our production traffic. Would that simply be no failover active, and then once the standby becomes active -- test traffic? Once everything is okay, I would upgrade the second unit, and fail traffic back.
View 3 Replies
View Related
May 8, 2012
I have recently configured a pair of ACE 4710 appliances in a FT group. The ACE's are deployed in one-arm mode, using Source NAT, with all routing to and from being done by a pair of PIX firewalls.
My configuration does not include the use of an "alias" IP address on the data VLAN interface within each of my contexts.
My understanding is that the "alias" IP address is similar to a HSRP address and if the ACE is deployed in Routed mode the default gateway for the servers can be configured with the "alias" address so as this is always available even if a fail over occurs.
if this is a correct interpretation and of use of the "alias" IP address and if so whether it is required when using a one-arm mode topology?
View 3 Replies
View Related
Dec 6, 2012
Preparing to upgrade the IOS on a failover pair of ASA 5580's and was wandering what is gonna happen after I've upgraded the IOS on the standby unit and rebooted. How is the active unit going to react when it sees an IOS mismatch prior to me making the standby the primary and upgrading it's IOS ?
View 2 Replies
View Related
Aug 31, 2009
We are running 4x n5k and started with the vPC feature. So my question is, if i can connect a vpc-pair to another vpc-pair?In the cisco docs i can find examples for connecting a vpc-pair to a single switch, or server (with and without fex)But there is nothing about how to connect 4 n5k via vPC feature.
View 10 Replies
View Related
Aug 8, 2011
A few weeks ago, I replaced a PIX 515E with a pair of ASA 5520's. We have a few basic web applications behind the ASA's. Nothing complex; just port 80/443 traffic. During the swap, we basically just copied the config from the PIX to the ASA. So the config is virtually identical.
Since the swap, we have one small set of users who gets timed out when trying to get to the application. This small set of users are scattered across the state of Alaska, and they are all accessing the Internet via a satellite connection. All other users across North America can access the application just fine.
Since the satellite connections are relatively slow, but they worked fine when going through the PIX, I suspect the issue is a difference in the default TTL (or similar parameter) between the PIX and the ASA.
View 5 Replies
View Related
