Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 RepliesIP SLA configuration fails over but cannot ping the 4.2.2.2 via Site B. Here is the output on Cisco 3750...
SW2#show runBuilding configuration...
Current configuration : 2901 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname SW2!boot-start-markerboot-end-marker!!!!no aaa
[Code].....
Have a 1921 that has 3 eth connections (1 LAN, and 2 WAN) - I have 2 seperate OSPF processes (2 areas) on the WAN Ints - both upstream WAN's are sending defaults back to the 1921, and the 1921 is sending it's LAN range to them.
I have ip ospf cost 150 set on the "failover" WAN connection interface (Both on the 1921 and upstream), but the 1921 is preferring the default route from the "failover"?
The default routes are both being received by the 1921, but it's preferring the "failover" Int with the ip ospf cost 150 configured?
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
There are four figures(A,B,C,D) shown in attached diagram.my aim to achieve wan side failover, mean to say, if one ISP or Router goes down, the other should still be reachable.
Cisco 2960 = L2 Switch
Cisco 3560 = L3 Switch
Here I am discussing only two redundancy methods i.e Floating Static route and IP SLA. There are following questionnaires related to attached diagram given below
Figure A:
1. Floating static route (Yes or No)
2. IP SLA (Yes or No)
Figure B:
1. Floating static route (Yes or No)
2. IP SLA ( Yes or No)
Figure C:
1. Floating static route (Yes or No)
2. IP SLA ( Yes or No)
[code].....
I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 Replies View RelatedWe currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
Four 6500 connected to each other to form a full mesh. Switches 4 and 7 is running eigrp. A question came up, why didnt it have eigrp on SW 2 & 3 ? Will it still be redundant if link between SW3 and SW4 is removed? If redundancy is working, SW3 should be able to find its way to SW4 via SW7 or SW2, yes?
The config looks:
SW4 eigrp
router eigrp 100
network 192.168.0.0
redistribute static
auto-summary
[Code]....
Recently, the eigrp was configured to SW 2 and SW 3 as well, it included the “redistribute static” statement. The route for SW2 and SW3 now has the VLANs, 51 or so. Sent ping from a PC to VLAN1 IP of SW3, then link between SW3 and SW4 was disconnected, network connectivity went down for about 20secs, and ping came right back. Thought it was a success. All of a sudden, outside connectivity was lost. Ping within the LAN was successful, but no internet connection.
The eigrp on SW2 and SW3 was removed, and the internet connection came back up. The initial concern was that although there is physical redundancy in place, the other routes may not be known. Hence, eigrp configuration has been attempted for SW2 and SW3. Perhaps the “redistribute static” should have never been configured on SW2 and SW3, SW7 does not have the “redistribute static” statement anyway.
Without eigrp running on SW2 and SW3, does it still have redundancy? For what it’s worth, SW4 and SW7 are both VTP servers. With the current configs, does it still have redundancy? Link redundancy was never tested; it always has been assumed that it works. Later today, with it’s current config, the link redundancy will be tested.
How to configure HSRP with Statefull NAT using the application redundancy of the IOS XE? I want to have static NAT using the HSRP groups for clients and SNAT. (I want to achieve this as in normal IOS -[URL] High Availability NAT with HSRP)The configuration that I have on the 1st ASR. The configuration is similar on the second ASR
redundancy
mode none
application redundancy
group 1
name NAT-HSRPIN
[code]...
IP nat inside source static 10.10.10.20 "real ip address" redundancy 1 mapping-id 1 extendable.
1) Does the 6500 series router support supervisor module redundancy like the 7304 does? IE, can I put two identical sup720 modules in the chassis for failover?
2) Can I use any ethernet interface on any line card on the 6500 series for router interfaces? If not, which line cards work as router interfaces?
3) Differences between the 6500 series and the 7600 series? Can I use a sup720 modules from a 6500 in a 7600?
what is that mean-"Redundancy is not supported between an ACE module and an ACE appliance operating as peers" I'm designing network in which I plan to use ACE-4710-0.5F-K9 appliances.
View 1 Replies View Relatedrecently when i run the commit vip redundancy script, i encountered the following error. This script has never failed in the past. Upon checking the backup CSS, i did notice that my most recent changes were actually synced. The following is the debug i have captured while running the script.
active-lb# script play commit_vip_redundancy "local 167.168.165.10 remote 167.168.165.9 -a -d" active-lb# Checking available disk space on systems ... Checking the disk space locally before continuing with the script. Verifying that another local session is not running the script. Creating script/vipr_config_sync_lock file. Verifying app and redundancy configs ... Verifying that app session is up with backup switch. Making sure app session is up. Seconds to wait before calling it quits: 60 Checking the disk space remotely before continuing with the script. Checking local and remote switch versions ... Storing the running code versions of the local and remote switch. Storing the local switch's version. Retrieving the remote switch's version. Checking remote version for 4.0 Checking if switch is BACKUP for any virtual routers and if the state is 'No Service'. Checking vip redundancy state.... Checking if backup switch is Master for any VRIDs. If it is, either a local
[code].....
What consequences could i have if i install a WiSM-2 module into a pair of 6500 configured in VSS and another WiSM-2 module into other pair of 6500 configured in VSS for serving a 300 APs??...in this case, do i need to configure mobility groups for guarantee a high availability and also redundancy of controllers?Under the best practices, is much better having the two WiSM-2 modules into a single pair of 6500 configured in VSS??
View 4 Replies View RelatedI want my core switch auto failover to other route if the primary route is link down it will go to the secondary route
example
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2 100
if my core switch detect next-hop 1.1.1.1 it will re-route and go to the 2.2.2.2 for the next-hop my core switch using static route and cant support ip sla
I have run into a problem testing static route failovers using ECMP. I have an edge device (SUT) that has 2 NIC interfaces to an internal Loopback. Each NIC is a unique Gi port on an 7609 VLAN tagged with unique IP subnets. The 7600 is configured to route the loopback via the 2 NIC. I am using CEF in the network for other traffic performance testing. Using an external sniffer we can verify that when a ping is initiated externall to the SUT loopback a specific path is selected by the router.
Ping host ------Network-----7609 Gi1/21 (172.16.110.9)-----------SUT Nic1 (172.16.110.10)
| |
| -------Loopback 137.168.68.114/32
| |
7609 Gi2/21 (172.16.110.73)------------SUT Nic2 (172.16.110.74)
[code]....
Now, when the selected path is taken out of server (pulling cable for example), the 7609 is not clearing the routing table to indicate that particular path is down and failing over to the secondary path. Other things I have noticed is the show ip cef still shows both peers as well as the arp table but the interface shows down (show interface gi1/21 for example). I am running 15.1. My understanding is that since the ports are directly connected to the router, the ports should be detected as down and any association of the IP for the down port should removed. This should trigger the static route to update the static route for the end destination to use the second path and traffic should continue.
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)BOOTLDR: Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
I have a tcp socket server application. Some of my clients are asking if I can provide server redundancy for my tcp service for HA purpose. I know it can be done using Windows NLB but the cost of the Enterprise edition is beyond the budget of most of my clients. DNS failover is also out since it will involve fiddling with the DNS server. I'm would prefer to setup a simple solution in which I check the status of the primary server and then if the primary is down, change the ip address of the secondary to the primary so that the service remains available. This sounds simplistic, and besides different clients use different networks, e.g. AD, but I'm not a networking guy so I am at my wits' end.
View 2 Replies View RelatedI want to leak default internet route to CE VRF as common service.Since we having two ASBR, can I point next hop to PE itself instead of either of the ASBR?I tried to point NH to loopback of the PE itself but it failed.
View 6 Replies View RelatedI'm working on a practice lab and am having the following issue. I have a customer router connected to two different ISP routers. Each ISP router must advertise a default through BGP to the customer and one of the default routes must be preferred over the other. Given if the preferred route interface is shut down the other default route is inserted into the routing table and when the preferred default route interface it turned back on that path is used again. The catch is I cant alter the customer router only the the two ISP devices. I tried doing some route maps but I'm lost. I have deleted all my route maps and have posted the BGP portion of the ISP routers.
router bgp 300
no synchronization
bgp log-neighbor-changes
[Code]....
I have a 6500 chassis with 2 power supplies. At the moment I am using the default configuration:
power-redudancy mode redundant
The problem is that an inserted module is in "power deny" state due too insufficient power.
I know, that It's not a good idea to change into combined mode (loss of redundancy), but my customers requested this anyway.
So I will change to combined mode. So here's the 1 million dollar question: "Which modules will go into power deny, if one of my power supplies fails?"
The 6500 config guide states:
"Power supply is removed withredundancy disabled
• System log and syslog messages are generated.
• System power is decreased to the power capability of one supply.
• If there is not enough power for all previously powered-up modules, some modulesare powered down and marked as power-deny in the show power oper state field."
Well, do you know if there's any way to configure some kind of priority? E.g. I definetly don't want by 10Gig Module or WiSM module to be in power deny. Can i statically make sure, those module will be powered on for sure? Like: "power enable module slot_number" How is this calculated? Or is random?
I had a problem with a FWSM of 6500 because the FWSM primary change to standby and after back to active.
View 1 Replies View RelatedWe have 2 ACEs configured as Active/Standby. FT vlan is configured directly using a crossover cable , not using a switch for the FT vlan.ACE is setup in routed mode ,vlan 29 is client vlan and 28 is server vlan ,both are being trunked on ACE-- trunk 3750 switch.
When I shutdown the port on 3750 for the primary ACE , data connectivity wise ,primary ACE is down ,but the secondary is not taking over ,and also when I do sh ft group status on the secondary ACE,I see the status of STANDBY_HOT and the peer state: ACTIVE.
I have HA configuration for two ACE4710. FT between Ace's is configured as L2 (V LAN). Active ACE is sending heartbeats, but switch shows lot of 'input errors' on ingress and this is a major problem. FT is logically not working (there is no connection between these two Ace's over V LAN). There is only L2 configuration, with speed and duplex auto, no other special configuration. When I connect Ace's directly, FT is working without problem.
I can see lot of errors on input direction (from ACE) to switch port, that means, L1, or L2 problem, but direct connection (using the same Ethernet cable) is working. I tried 'shut/no shut' on both sides, set duplex/speed,... without success.
ACA IOS version is A4(1.x).
I have 2 CSS, 1 as primary and 2nd as standby. I configured the standby CSS as my old standby CSS box and now wanted to test the faliover. I am not aware of how to test it in. ny how i have cr for that.
View 1 Replies View RelatedHave a client with one ACE20 and now he needs a second one for redundancy.Since ACE20 is EOL, can I use an ACE30 with an ACE20 as a failover pair?
View 1 Replies View RelatedLooking through the SPROUTE course material they state on several occasions that an ABR will announce a default route in to a standard NSSA area, same as a stub area, because LSA5 external routes are not allowed.
View 8 Replies View RelatedWill ASA5510 support default route failover mechanism by giving two different AD value in the route outside command?
View 1 Replies View RelatedI bought a WRVS400N v2 to be used as an access point. Currently it is hooked up on my switch via a trunk port and is able to communicate with my gateway. Whenever I try to access an IP subnet other then the local IP address of the WRVS, I get a network unreachable error. To fix this for my local networks, I added the appropriate static route to cover my local LANs and that seems to work now. I tried to add route 0.0.0.0/0.0.0.0 using the web interface for internet access, but somehow it does not recognize this as a default route (quad zero!?). Does any know how I can set the default gateway in this router? Maybe, but hopefully not, I have to use the WAN port to create some kind of uplink and use one of the LAN ports to connect using the trunk port and route traffic for the clients over the WAN port .
View 1 Replies View RelatedI have an 877 router which has a DSL WAN interface. The DSL service at this site is unreliable, so the company have purchased a separate 3G router to be used as a backup. This device maintains 3G connectivity at all times and has a static IP on the internal subnet (for arguments sake let's say 10.0.0.253).
What I want to do with the Cisco router is to track the DSL interface and if it is up, install a default route pointing to it. If it is down, I want the default route to be the 3G router.
I am thinking the best way to do this is to set up a track and then set 2 default routes; one which is installed if the tracking is up, the other has a higher admin distance and points to the 3G router and thus should only be used if the track is down. For example:
track 10 interface Dialer0 ip routing
delay down 30 up 30
ip route 0.0.0.0 0.0.0.0 Dialer0 track 10
ip route 0.0.0.0 0.0.0.0 10.0.0.253 100
Is this likely to work or is there a better way to do it?
i have 2811 router can, i use the below image on it , i m thinking to run bgp with ISP to accept just default route.
View 1 Replies View RelatedIs it possible to send all traffic through site to site VPN using SRP521W (on the other site ASA) ? Lets say, traffic to Internet from branch through HQ - site to site VPN between branch and HQ. I've tried to set up destination crypto policy entry to 0.0.0.0 0.0.0.0 but it's not accepted. Firmware version is 1.01.26 (003)
View 4 Replies View RelatedI am having a strange requirement. actually I am not sure it is strange or not. I am having ASA5510 with 8.4 sw version. Currently one ISP is connected to it. It is working fine. We have some servers that are directly connected to internet using another ISP connection. These servers having public IP addresses configured on their LAN settings. I need to move these servers in to the DMZ zone.
When i connect it to the ASA's DMZ zone,servers will get internet through the first ISP that is already configured on ASA. But i need to NAT the DMZ servers with the IP address provided by the other ISP, which even not configured on ASA.
So what should i do? In short my requirement is
1) need to NAT the server with the IP address provided by another ISP
2) Also note that the default route is configured for the first ISP only in ASA
so Do i need to configure another default route? Do i need to make it with larger AD? So i do it will act as the secondary route only.
I need to make the ASA up and running for two ISP, and servers in the LAN should be able to NAT with the IPs of first ISP and ,the servers in the DMZ zone should be able to NAT with the public IP of the new ISP.
I have ASA-SM failover pair in two Catalyst 6500 switches. I send from switch to ASA-SM management VLAN 1234 to admin context for management purposes. I have another 3 contexts on ASA-SM. Can I have same managemenet VLAN1234 on each ASA-SM context? Can it work?
View 1 Replies View RelatedI have a 6500 serious switch that one port (portfast enabled) hold a server .This server has sort of a Cluster configured for high availability .
During primary server failure the failover server acquires the cluster IP address (ie virtual IP).
Cluster IP 192.168.10.1
Primary server =192.168.10.2 Failover server =192.168.10.3
when failover happen , i am unable to learn arp. need to reboot the server for arp . After reboot i am getting different mac address(secondary) with cluster IP.
query:-normal clustering how mac address generating(means logicaly any mac address will be created or LAN card mac address)? Is ther any issue with portfast configuration(with out portfast configuration TCN will generate and max age timeout decrease 15 second from 300second) ?
Note : we checked a scenario same ip address with two system(ipconflit) and removed arp learned system from network and same thing happen we need to clear the arp manually in L3switch