I have a customer who is looking to add some redundancy to their internet connections. Currently we have an ASA 5510 for their firewall. I know that the Sonicwalls are capable of terminating multiple internet connections simultaneously for load balancing, redundancy, and for pushing different types of traffic out different connections. Traditionally the ASAs have not had that capability. But does anyone know if the newer revs (8.3 and I think 8.4 may be out?) will do that or anything similar? Not looking for a full BGP-style solution where the same address space is available via multiple links, but more just a solution where the internet for basic web browsing could fail over and load balance between two internet connections, each assigned to a different outside interface on the ASA.
Two internet links from different SP using different routers an firewalls connected to a 6513. I need to use these two links as primary and secondary (the secondary will be used just if the primary fails) for just two specific machines and 6513 have to be responsible for jusing between primary and secondary link. The rest of the network have to use just the primary link.
Got a situation where Location_A got TWO ISP and Location_B got One ISP.Using ISP 1 link Location_A establishes IPSEC Tunnel with Location_B .How do I establish redundancy from Location_A point of view, if ISP1 is down then ISP2 should establish IPSEC tunnel with Location_B.At Location_A both ISP links terminates on the cisco PIX-525 and all (VPN) crypto configuration is on PIX 525 running version PIX Version 7.2(4)7At Location_B VPN is terminated on a PIX Version 6.3(3).
There are four figures(A,B,C,D) shown in attached diagram.my aim to achieve wan side failover, mean to say, if one ISP or Router goes down, the other should still be reachable.
Cisco 2960 = L2 Switch Cisco 3560 = L3 Switch
Here I am discussing only two redundancy methods i.e Floating Static route and IP SLA. There are following questionnaires related to attached diagram given below
Figure A: 1. Floating static route (Yes or No) 2. IP SLA (Yes or No) Figure B: 1. Floating static route (Yes or No) 2. IP SLA ( Yes or No) Figure C: 1. Floating static route (Yes or No) 2. IP SLA ( Yes or No)
One of our customer , where there 2 6509 switch , one is Core_sw1 and other is Core_sw2 , catering about 32 Vlan , and HSRP in running for all Vlans , till here no problem , now there internet Router which having one Internet link , which connected and configured on Core_sw1 in a way that one interface of Core_sw1 is given Public IP and there is vlan 85 which internet vlan and vlan 85 ip are natted with that public IP with one simple static route given toward internet router , this is how internet is working ok.
Now i have configured vlan 85 in hsrp as all other are , how can give redundancy to vlan 85 user , that if Core_sw1 get down , internet traffic can get out through Core_sw2.using same internet router with single internet link .i am not talking of ISP redundancy , but Vlan 85 in Core_sw1 goes down , other Core_sw2 will server internet.
I'm shortly going to move our stuff to a new data centre, where we have two network feeds - so there'll be two lengths of CAT 5 coming into the rack, for "first hop redundancy".I have something similar at our existing DC, but I'm simplifying the equation somewhat at the new DC, and using a simpler configuration that just uses two switches, rather than two switches and two routers. All of the servers will have public IP addresses.Now - the network guy at the new DC has confirmed that a simpler two switch configuration will work.
We have cisco 1841 router with two ISP . But we facing the problem whenever our secondary ISP Link goes down the Primary has also went down.We have only one default route for primary Link
I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
I have a 4510R+E switch that won't change to the SSO redundancy mode. After entering the 'mode SSO' command, the switch reboots the peer supervisor (as it says it will), but after it comes back up it remains in RPR mode. I've tried rebooting the peer supervisor manually, rebooting the entire chassis, manually power cycling the entire chassis, and reseating the sups, but the switch remains in RPR mode. The issue started when I swapped the switch's supervisor with the supervisor of another 4500. The same issue was observed on the other 4500 as well, but after several reboots, I got it to change to SSO mode. Prior to the swap, both switches were running in SSO mode just fine.Since we're running IOS version 15.0 with the 'spare sup' license, I suspect the issue arose because of licensing complications (with relation to the chassis serial number and the like) when I swapped the sups....although this doesn't explain why the other switch changed to SSO after some troubleshooting.
I have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
STB_6509#sho mod Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9 2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
Can the above be used to provide redundancy. However there is only one ISP side connected? Of course we can set up both with exact same rules and use a Manual power on/off if?
First and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609 I I I I 7204-A 7204-B | | | vrrp | | | -4507R-E- | | internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
We will be getting a circuit from the same ISP at two of our sites and will be doing eBGP. Couple of notes. 1. We are fully aware of the risks associated with depending on a single ISP and have mitigated them as much as possible with the ISP. 2. We will be getting assistance on the eBGP setup from the ISP, so I’m not as concerned with that config at this point.
Site Summary
Site A:Cisco 2900 Series (RtrA) connected to single Ethernet based ISP circuit (ISP-1-A)eBGP will run between RtrA and ISP-1-A, default routes from provider onlyLayer 2 Switch (SwA) connected to LAN of RtrA and uplinks to SwB
Site B:Cisco 2900 Series (RtrB) connected to single Ethernet based ISP circuit (ISP-1-B)eBGP will run between RtrB and ISP-1-B, default routes from provider onlyLayer 2 Switch (SwB) connected to LAN of RtrB and uplinks to SwA
I need advise on the LAN side redundancy. Our goal is redundancy; load balancing is not a concern (If load balancing ever becomes a concern I will look at GLBP). We have several devices on the LAN side of the routers that can only use a single gateway. Given that I’ve surmised I need to use HSRP in some way for LAN gateway redundancy.
1. HSRP with Object Tracking, No IGP.HSRP handles LAN gateway failover if a router dies. Object tracking ensures LAN gateway failover if an interface fails or if an interface is up, but there is an upstream traffic issue. ie. track the physical WAN interface and use an IP SLA icmp to track a specific upstream IP incase of an upstream traffic issue.
2. HSRP with OSPFHSRP handles LAN gateway failover if a router dies. OSPF redistributes eBGP default routes to RtrA and RtrB so that each router should have a route to the ISP even if they loose their local ISP circuit. i.e if ISP-1-A on Router A goes down, Router A knows to send traffic out ISP-1-B via RtrB. In other words, traffic enters RtrA LAN, but exits on RtrB WAN.
3. HSRP with iBGP HSRP handles LAN gateway failover if a router dies. I have no experience with BGP, but assuming this would work similar to the OSPF solution above except for the required iBGP config and possible route reflectors?
I'm new to firewall using ASA 5510. How can I have a redundancy over two ASA 5510. Hardware load balancing and IP Load balancing, just like HSRP or GLBP. Below is my diagram.
[URL]I ran across this on the cisco site and I wondering if it was possiable with two 2851's? The part that is most interesting to me is this part of the config (this looks like what allows the use of the y-cable)
actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan. i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually. my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover) between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.
I have supervisor engine ws-x4516 with two line card WS-X4424 - GB - RJ45 - 1No ,WS-X4548 - GB - RJ45 - 1No. Now i want switch and hardware redundancy.
We currently have a 4404 controller that is approaching 100 AP’s (their max). The boss would like to add redundancy into the project. Which leaves me with a lot of questions and I am fairly new to cisco WLAN controllers.While a second 4404 would cover for redundancy would that be true if the AP’s pass the 100 mark?If I get a bigger controller that can support more than 100 (5508?)can the existing 4404 still work in the plan as a backup?Or do I just need to purchase two bigger units and auction off the 4404?
I will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
We are going to implement high availabilty in 5508 WLC with version of 7.3.101 . We will be using Prime infrastructure 1.2 for monitoring purpose.With Prime, whether we can monitor and manage redundant WLC also or only active WLC?.
I have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
We currently run 7206 routers with VAM cards and are able to configure the devices to perform stateful failover of tunnels from router to router. When moving to the 7604 with 15.1 IOS there are not any examples of how to set up the stateful failover of the tunnels between devices. We have the devices in the SSO mode are not able to understand how to get the redundancy between the devices functioning.
what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609 I I I I 7204-A 7204-B | | | vrrp | | | -4507R-E- | | internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block.I used VRRP for my internal nework and failover have been tested working.Even tried to remove link of 7204-A and 7609, the failover works perfect.But somehow we're facing a problem:
- If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works but internal network's internet connection goes down.
I asked our ISP and the route commands they put in their 7609 are as of follows: ip route 3.8.8.0 255.255.255.0 3.4.4.4 name TO CUSTOMER LINK 1 ip route 3.8.8.0 255.255.255.0 3.3.3.3 2 name TO CUSTOMER LINK 2
And if they're trying to use Reliable Static Routing Backup Using Object Tracking, the internal network's internet connections is intermittent....alternate 4 ping reply and 4 timeout.
have main office of 70 people.Also I have 2 redundant ISP:One give me 20 mbit/s Other only 2 mbit/s and it is my backup ISP.
I have some resources in data center and I need a IPSec VPN to it and some other location. I suppose there will be up to 3-5 IPSec tunnels. I choose Cisco ISR 881-SEC-K9 with one wan port and 4 LAN switch. But know I’m looking for Cisco 891-K9. There is no security bundle for it. But in cisco.com this router is marked Cisco 891-K9 Security router. Does it support security features like VPNs, ZBF, IOS Firewall, NBAR and IP SLA for ISP redundancy? Also if my boss will choose chipper Cisco router 881-SEC-K9. Will I be able to organize 2 ISP redundancy on 4 LAN switch port inside VLAN interfaces because there is only one WAN port?
getting a secondary isp as back-up and redundancy...and work arounds for ddos's....I just thought that i could use a switch/bridgeable router that can act as a switch... and run that off the first in line off the #1 isp router. Instead of connecting the second into the isp port, i should be able to put the #2 isp line into that. and put #1 ethercable into one of the outgoing ports from the second. And keep all the pc's on the #1 as is....But it should still use both providers simultaniously...right? I have 3 or more routers that can do this, and i have used them like this and shared several pc's internet's other then the primary ISP. But it was shared through the pc. and separate NICS or wifi AP's. I currently have one that will autosense a gig, and have bought another router that can operate at a gig that i plan to put into the #1 position as it's the fastest one. And will keep 1 gig without variability. and also give me wifi n 450-700. And they both support bridgeing,repeating and network balanceing /shareing. This should be possible and i won't have to spend $4,000 on a router with 2 ISP ports, and only uses it as fail-over....=c this should use both simulataniously and balance workloads between each.
R11 is acting as host for testing purposes (pinging the DG's, and the ISP interfaces -> which are the lo0 address on the routers.I also have another question: How would I go about providing redundancy on the trunks from the Switch to the router?
We have 3 WiFi links between 2 buildings, these links carry a main data network, a VOIP network and a CCTV network. Occasionally due to unestablished factors we loose one or other of the links for a short period (5mins to an hour). In order to give some redundancy I opted to use a pair of switches and utilize MSTP to give a low cost solution. I have installed an SF302-08P in one building and an SRW208G in the other building and connected ports 1-3 as trunk ports to the three wifi links on both. Ports 5-7 on both switches are set as access ports and connect to the respective networks within that building. MSTP region is set the same on both switches and the instances and VLANs are the same on both switches. I have set port priority and cost to force the three networks to use their own link until a failure occurs. Then within the MSTP instances I have set the path costs such that CCTV or MAIN failover to VOIP last of all. During testing on the bench using patch cables to simulate the wifi links all went well. Upon installation things got a little more difficult. The VOIP network seems to work well but the CCTV won't pass the video traffic until the SF302-08P is rebooted even though I could connect a PC and login to the CCTV devices from either direction. More serious though is no matter what I do the MAIN network will not pass traffic. The MSTP interface settings show the correct port states with (in the case of MAIN network - MSTP instance 3) Port 1 Alternate, Port 2 Discarding, Port 3 Forwarding and Port 7 Forwarding.However a pcap shows no traffic across the wifi link on VLAN 4 (MAIN) although Layer 1 must be ok as VLAN1 is fine. The only other factor that may be relevent could be the wifi units themselves as the CCTV and VOIP links use an older 2.4GHz bridge while the MAIN link uses a newer 5GHz bridge. The 2.4G units have no knowledge of STP while the 5G units are 802.1d aware but I'm sure I read somewhere that 802.1d devices will cause problems with RTSP or MSTP networks due to the BDPU message format compatability, therefore I left it disabled.
I have a 6509 switch with SSO Redundancy (STANDBY HOT) with IOS ver 12.2(17d)SXB11, RELEASE SOFTWARE (fc1) (c6k222-jk9sv-mz.122-17d.SXB11.bin). I need to upgrade the IOS on this switch.I have 512MB Memory on the switch and 40144896 bytes free on Disk0.which IOS is the latest version to upgrade and also give me some hints for IOS upgrade on this switch?
I need to know if i can connect RAP to RAP and maintain redundancy with connection to WLC.
I have one 1552 with the gigabit ethernet connected to the gigabit ethernet to another device that has a point-to-point link with another device where have a ethernet connection with a switch in the same broadcast domain where i have my WLC.
Next to this 1552 i have another 1552 that have the same situation, both with omnidirectional antenna.
I would like to have a Mesh connection with these two 1552 in 5Ghz, because if some point-to-point link is down i need redundancy to the WLC and my network, because i have some clients connected in the 2.4 Ghz in both Access Points.
