We are running ACE 20 modules in highly available active / standby (all active contexts on one module) mode. Currently they are on A2 (2.4) version. We are going to upgrade them to A2 (3.6a). The question is that how ling can we run them in two different SW levels? In otherwords can we have few days between upgrading both modules?
I have already raised this discussion on "LAN, Switching and Routing" group. But I guess this is the right group for my queries. So I am sending my queries in this group again.
We are using CSS 11503 with one 16FE line card. We have connected 3 servers with redundant link. So FE1-2 in Server1, FE 3-4 in Server2 and FE5-6 in Server3. Our system team has configured APA in their servers as they are using HP-Ux.
1) Do we need to do any configuration at line card.
2) Do we need to do ether-channel at loadbalancer end. if yes, can you share me any cisco doc on how to do it.
I am configuring a load balancer from cisco, a ACE 4710.Load blancing is completely new to me, and i am unexpereinced in this field. It has to be configured for a customer that want to load balance HTTP and RTSP traffic over 4 application servers (Back-end),I searched alot on google for possible solutions, and got RTSP in some way to work, but http wont work says my customer.
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module. I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
I have a doubt about upgrading Memory in Redundant Supervisor Modules Nexus 7K18, i read the Cisco Nexus 7000 Series Hardware Installation and Reference Guide, and the process for upgrading the memory in redundant supervisors do not says that i can have a lose of service, but it also says that both supervisor modules must have the same amount of memory for redundancy to work;If the switch has two supervisor modules, both must have the same amount of memory. If you upgrade the standby supervisor module to 8 GB of memory, you must then switch the active supervisor to standby and upgrade the new standby supervisor to 8 GB of memory.
We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference. Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart. The current IOS version is A2(3.2). The modules uptime was around 300 Days. Here is the log from 6509 switch during the restart. [code]
I require to connect a "css11501" two core switches to provide redundancy to the load balancing service and would like to verify this possible (Does the spanning-tree protocol officer for load balancing?)
I have a pair of ACE 4710's that I am deploying within a datacenter. The primary and secondary ACE appliances have identical configurations except for the IP addressing and priorities for FT. The FT peer is going into a TL error state.
On the primary ACE appliance, I am able to ping and telnet from/to it without any issues. All of the routing works as it should and everything is seen in the ARP table as it should. The secondary appliance is able to ping everywhere, but telnet out of or into that appliance does not work.
I am able to see the IP addresses in the arp table and can successfully ping end to end from the secondary device, just unable to telnet into or out of it. When I try to telnet out of the secondary device, it reports that there is no route, even though the IP's I am trying to telnet to are directly connected and those interfaces are up and working (otherwise ping would fail). The exact same filters (access-lists, service-policies) are configured in the exact same format and applied to the exact same interfaces.
I tried removing all of the fault tolerance configurations and just created a Layer 3 vlan interface for management and I am still unable to telnet into or out of the appliance. This is not a complicated setup and I have to think there is something obvious that I'm missing, but I'm hung up on the fact that the config's are almost identical while one works exactly as intended and the other reports no route to host for a directly connected interface.
I want to collect the logging messages about the saa5525x IPS events from devices to a server running a syslog daemon, and I have no necessary to collect any other logging messages about the firewall, how would I config the configuration logging?
We recently had redundant sup cards installed in 2 of our 4507 units after the upgrade I can no longer change Vlan's with the CNA program.I upgrade to the newest version of CNA but that didnt work.
I can still get Vlan information from my 4503's and 4506's with no problem. I figure it is an issue with CNA selecting the sup card to get it's information from?
We are in the middle of some major user moves and changes so I have had 2 of my guys working to move printers on to their own Vlan and some other changes neither is well versed in command line so I set them up with CNA for simple Vlan changes. Now with this out I have to go in and make the changes myself and keeping up with that and my other duties is getting tough.
We currently have two 6509's running in VSS, both switches have a WS-6748-GE module in slot 3. I'm in the processing of removing these modules. I will then be replacing them with a different module type, but I need to know how to remove the old configuration of the previous modules.
I am configuring a pix 525,i just found out how to activate the subinterface on it so that's good,the box has a primary unit and secondary unit, both are connected from G0 to redundant switches,if i do a show failover, it says it's using the serial based lan failover, which is fine by me,however, do i need to create a single, regular interface.. or a redundant interface?,i.e. if i create a regular subinterface, will failover still apply to this interface?,or for failover to work, do i need to create a redundant interface (with a redundant id)? i do not seem to have the option to create a subinterface when adding a redundant interface.
interface Redundant1 description *** INSIDES NETWORK *** member-interface Ethernet0/1 (This is a 1000Mbps Port) member-interface Ethernet0/2 (This one is 100Mbps) no nameif no security-level no ip address [code]....
Then... i issue following command and its OK!
ASA5510# show interface redundant 1 detail Interface Redundant1 "", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps) Input flow control is unsupported, output flow control is off [code]...
It's transfer correctly then i no shut and back to normal Primary core switch Gi0/30 Interface again, BUT redundant interface no revert back. I issued this command again BW remain 100Mbps.
ASA5510# show interface redundant 1 detail Interface Redundant1 "", is up, line protocol is up Hardware is i82546GB rev03, BW 100 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) [ code]....
I did manually shut down and no shut the secondary core switch interface Gi0/30 Its changed correctly to 1000Mbps .
I have two switch SG300-10 that need to be interconnect togheter with a simple redundant "cable fail safe" configuration.My idea is use the two uplink copper port of the first switch, connected to the two uplink copper port of the second switch.
How to create a working setup configuration? The first setup that i need, is with only one VLAN1 for all ports,
The second setup is with the VLAN1 assigned to the ports 1-2-3-4 of all the two switch, (linked togheter by uplink ports) and the VLAN2 assigned to the ports 5-6-7-8 always linked togheter with the same uplink ports.
Is possible use the two uplink port at the same time, as cable fail safe? or use a uplink port 1 for the first group and the second uplink port for second group?
I need to use this configuration for audio cobranet transport, and i need to test the correct configuration for the primary and secondary audio stream, if can work togheter on the same VLAN or i need to separate the two stream, from start to the end.
I want to deploy a high availability solution for web servers in two data centers. In the primary data center I have deployed a group of web server and I want two deploy additional servers in a secondary data center for disaster recovery and high availability. Reviewing the documentation, looks like the GSS4492 is the solution for my company needs but I am not sure if I have to implement just the GSS or if I need a ACE4700 integrated with the GSS?.
The below is the display that I get on the screen when i boot the device.There are two error's one is when the daughter card is found and device give us login access after which it reboot’s. The second is stated below (this is a screen copy of the error)
INIT: version 2.85 booting/mnt/cf/TN-CONFIG on /TN-CONFIG type ext3 (rw,sync,loop=/dev/loop0)/mnt/cf/TN-CERTKEY-STORAGE on /TN-CERTKEY-STORAGE type ext3 (rw,sync,loop=/dev/loop1)/mnt/cf/TN-LOGFILE on /TN-LOGFILE type ext3 (rw,sync,loop=/dev/loop2)/mnt/cf/TN-HOME on /TN-HOME type ext3 (rw,sync,loop=/dev/loop3)/mnt/cf/TN-COREFILE on /TN-COREFILE type ext3 (rw,sync,loop=/dev/loop4)insmod: error inserting [Code]...
I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.
Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2? or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
I'm working on a small scale Cisco WAAS deployment. I want to know if it's possible to use the entry level Cisco WAVE-294-K9 as Central Manager.Also about licensing, does this appliance model come with the enterprise level license
Do you know if it is possible in ACE 4710 appliance to configure a SIP TLS ?The SIP probe we have in the configuration guide it is only for clear text. for Lync 2013 we need to establish first a TLS session and then within it, send an SIP request..IS it possible in any version? I tried also to configure a HTTPS probe but it fails as it sends a GET which the Lync SIP server doesn't understand.
I want to use the ACE blade in CAT6500 to loadbalancing SYSLOG events towards (SIEM) collectors. Servers and network devices will sent there syslog messages to different collectors after being loadbalanced by ACE. I was just wondering, since a lot of clients are going to sent there complete syslog events to the VIP and thus introducing a high connection rate. (+/- 200.000 CPS) According to the specs, the ACE blade has a limitation of 325.000 connection per second. I suppose this is a limitation at device level. (not on a per context basis, and does that include both TCP and UDP packets?) Could the UDP BOOST feature might come in handy allowing very high rate UDP syslog packet loadbalancing?
We are evaluating the one-arm design for the ACE 4700 and need some clarifications:
1. Are there any limitations in the one-arm design and the SSL offloading
2. Can the ACE be configured with an IN and an OUT vlan to the router
CLIENT -> Router -> ACE IN -> ACE OUT -> Router -> Server Vlan
so that the SSL and the clear text traffic is in a separate Vlan?
3. In some sample configuration i saw SNAT configuration on the ACE to modify the client IP. This i assume is for instructing the return traffic from the server to go through ACE? Using SNAT we eliminate the requirement for NAT or PBR on the router? Will i still be able to insert the client IP address after the SSL offload?
We have multiple CSS 11500 clusters. We have found that on all of them, if you try to open a session on any port to an IP address on the backend of the CSS, the CSS will complete the SYN-ACK-ACK session with the client. This happens regardless of whether there is something on that IP address or not.
Coming from any IP, if I try to telnet to ANY IP on the 10.2.2.0 subnet (whether or not there is an actual server on that IP) on any port (whether or not that port is open or not), the CSS will complete the initial connection. I have verified this using telnet to numerous ports and viewing the transaction in a packet capture.
Is there any way to shut this off? This is causing some licensing issues for our security folks that use a vulnerability scanner licensed on number of IP addresses.
One of our ACE-20's crash recently with little info as to why - fortunately it was the FT standby module so service wasn't impacted but obviously keen to determine the cause of the crash, and potential resolution.
Running A2 (3.5).
last boot reason: NP 1 Failed : NP Core Reset - Cause Unknown,There is nothing obvious from the switch perspective:
Apr 17 14:52:35.775 bst: SP: The PC in slot 9 is shutting down. Please wait ... Apr 17 14:52:45.780 bst: SP: PC shutdown completed for module 9 510497: Apr 17 14:52:55.781 bst: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset) 510498: Apr 17 14:57:58.277 bst: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics... [Code]...
I need to setup new ACE 4710 device , after referring to "Establishing a Console Connection on the ACE" i had managed to set up initial console connection. During installtion i had configured vlan (default vlan 1000) , interface ip adess& subnet mask.
Post initial config i understand i should be able to open' Device Manager GUI Login Window' but it is not opening.I also need inputs on setting 4710 for the telnet connection
We have a CSS11503 that is currently being used to accept incoming HTTPS and SSH connections on a specific VIP and then PAT those client connections. I understand that it also PATs the server initiated connections. [code]