Cisco Security :: Iron Port S160 High Availability Deployment
Apr 10, 2011I would like to know how to implement high availability on a S160 ironport device.i have two S160 device but the user guide is not useful.
View 1 Replies
ADVERTISEMENT
Cisco Security :: High Availability Failure On NAC 3310 CAS?
Dec 20, 2011Yesterday I discovered the primary and secondary CAS were both in active state and reporting their fellow peer as dead (I did this using ./fostate.sh), causing authentication errors on the network. I had to stop the perfigo process on the primary one to restore service.
After closer investigation I have discovered that when I put my laptop on the same subnet as their eth2 interfaces (eth0, eth1 and serial are not used for heartbeat only eth2), I can ping the eth2 ip address for the primary device, but can't ping that of the secondary device. See configs and outputs below. I am also wondering why the secondary CAS shows its eth0 and eth1 interfaces as fake0 and fake1.
[root@CAS-SEC ~]# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:1F:29:5D:1C:6C
inet addr:172.29.254.10 Bcast:172.29.254.11 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11205 errors:0 dropped:0 overruns:0 frame:0
[code].....
Cisco :: Iron Port WSA-S670 Client Web Activity Logs
Jun 18, 2012how to get the web activity report of clients in Ironport WSA S670. I need each and every URL's visited by the exact clients.As of now i am able to download the client web activity report upto URL categories...but i need exact URL's accessed by the clients.
View 1 Replies View RelatedCisco :: WLC 5508 In High Availability Over WAN
Jun 10, 2011I have two cisco wlc 5508. I wan to install them in two differents site. One WLC in the site A and the another WLC in the site B.
Site B is the WAN of the site A. The site A is the headquarter.
But i need to configure them in High Availability. For example if the Cisco WLC in site A goes down, the ap's have to registered in the WLC of the site B.
Then the traffic LWAPP have to pass over the WAN between site A to site B.
I have to configure two cisco wlc in HA over a WAN . Is ok configure the roamming L3 intercontroller?
Cisco AAA/Identity/Nac :: ACS Migration From 4.0 To 5.3 With High Availability?
Oct 1, 2012One of my customer wants to upgrade their Cisco ACS version from 4.0 to 5.3. The client has existing ACS version 4.0 windows on VM with two instance and need to upgrade to 5.3 Linux.As per my understanding following version are supporter to upgrade ACS to version 5.3 ACS 4.1.1.24ACS 4.1.4ACS 4.2.0.124ACS 4.2.1 but unfortunatlly there is running 4.0.I suggested to my client the upgradation for ACS and proposed this Upgrade lisence L-CSACS-53VMUP-K9 and CON-SAS-CSACS3V? how I can do the smooth deployment / Migration from 4.0 to 5.3 with (A/P)high availability.
View 1 Replies View RelatedCisco :: High Availability With 2125 And 2504?
Oct 28, 2012Current environment is Cisco 2125 WLC managing ~12 3502E AP's for a single location. Client is looking to provide HA for the single 2125 WLC. With the 2125 now EO-Sale is it possible to go with one additional 2504 WLC and leverage the existing 2125 or would it require going with just (2) 2504's?
View 1 Replies View RelatedCisco Wireless :: 5508 - High Availability On WLC
Jan 19, 2012I have 2 WLC (5508), i configured the option for enable the high availability, but when the 2 WLC is working the mesh network is unstable, when only wlc is working the mesh is fine.
View 3 Replies View RelatedMake High Availability Between Two Cisco 3560G Switches?
May 7, 2012We want to make High Availability between two Cisco 3560G switches. Can you tell how we should proceed?Is there any HA module available for Cisco 3560G?
View 1 Replies View RelatedCisco Wireless :: WLC 5508 - Setting Up High Availability?
Sep 18, 2011I am upgrading the Wireless Infrastructure with two 5508 WLC.I am setting up High Availability, but I think is not quite working.
Primary Controller = WLC1
Secondary Controller = WLC2
LAP = LAP1
LAP1 has WLC2 as the primary controller for HA
LAP1 has WLC1 as the secondary controller for HA
While connected to LAP1, I shutdown WLC2. After ~ 20 seconds, LAP1 move to WLC1.I lost connection from LAP1 Don't LAP1 should move with all its clients to WLC1?Am I missing something in my configuration?
Cisco WAN :: High Availability Configuration Between 2 2901 Routers
Jul 7, 2011I have to install and configure two 2901 routers at different location with high availability. These 2 routers would be connected through WAN, now I would like to configure high availability bwtween two routers.
I have attached a small diagram of the placement of 2 routers.
how do I configure high availability between these 2 links or routers.
Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance - High Availability
Sep 1, 2011I just want to know if i need to support High Availability in Cisco Secure ACS 5.1 appliance, will the base license suffice or do i need to buy Security Group Access System License/ Large deployment License. Again, do we require license for each appliance or just one is enough?
I Suppose the licensing rules are same for the Vmware version also.
Cisco Firewall :: ASA 5520 High Availability Licensing
Mar 20, 2011A customer is currently running a 5520 ASA pair in active/standby HA mode. The devices also have an IPS module, one of them using a temporary (60-day) license. So, right now, licensing is identical on both ASAs and HA is operational.
The question is what exactly will happen after 60 days, once the temporary license expires? Does HA shutdown completely once it's determined that the licensing isn't a 100% match any longer, or does it just cripple one feature (such as the IPS module)?
The customer is balking at purchasing SMARTnet for the 2nd ASA, so I need to explain exactly what is going to happen (if anything) once the license on the 2nd ASA drops off...
Cisco Firewall :: 5505 High Availability Over Dual WAN Connections
Mar 20, 2011One of my remote sites acquires Internet connectivity via a cable modem service. This goes down intermittently, of course. I would like to purchase DSL service from the local telco and configure the edge ASA (currently a 5505) to use the cable modem path normally ... and fall back to the DSL path if necessary.
These seems hard to do. The edge box would need to evaluate the viability of a WAN path using some set of tests ... perhaps pings to a handful of major Internet sites. If all those pings start failing, it would stall for a minute, to give the WAN service provider time to recover ... then cut over to the second path. Cutting to the second path might mean pushing new DNS server addresses to clients (or perhaps the edge box would hand out both sets of DNS servers all the time and rely on the clients to try them all.) Once the cable modem provider restored service, the edge box would stall for a while (ten minutes? an hour?) and then cut back.
I'm willing to replace the edge box with something fancier (a bigger ASA or something sold as a router or whatever), although I'd like to stay under 10K (list) for such a replacement.
Cisco :: 5508 Controller - Software Version / High Availability?
Feb 18, 2013I will install next week at a customers side a new Pair of 5508 Controller. They have at the moment one old 4404 with about 70 APs.So the bought the new 5508 with HA Pair.For the HA i will need 7.3 i read in the High Availability (AP SSO) Deployment Guide.There are now two 7.3 Versions, or i can choose the new 7.4 Version.
AIR-CT5500-K9-7-3-101-0.aes
AIR-CT5500-K9-7-3-112-0.aes
AIR-CT5500-K9-7-4-100-0.aes
So what software version will be the best at the moment?I will install also a Cisco Prime Infrastructure on a ESX host.For the 7.3 in can use the 1.2 , but for the 7.4 i must take the 1.3.
Cisco Firewall :: ASA 5520 Configuring Active Standby High Availability
Nov 1, 2011I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
View 5 Replies View RelatedCisco Wireless :: High Density Deployment - 2600 AP
Mar 8, 2013I have read in some documents that we should have one Ap for more or less 50 clients. But i also read for example in ap 2600 specs that it support maximum 200 connections per radio.So for example in a conference room (10mx5meter) for 150 users in theory can i have just on Ap2600 for web surfing or i should have 3?
View 14 Replies View RelatedCisco :: Connecting And Configuring Two Wlc In High Availability To 3 Switches In Stack 3750 In Difference Ports?
Aug 1, 2011Is possible connect and configuring two cisco wlc in high availability to 3 switches in stack 3750 in difference ports?For example
WLC A (Primary) - SWITCH MASTER
WLC B (Secondary) - SWITCH SLAVE
How can i connect the wlc's in HA to get a redundancy in the stack?
Cisco Firewall :: 2911 - Control Link In Zone-Based Policy High Availability
Jun 26, 2012I have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy
application redundancy
group 1
control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
Cisco Wireless :: 6500 Configure Mobility Groups For Guarantee A High Availability / Also Redundancy Of Controllers
Mar 24, 2012What consequences could i have if i install a WiSM-2 module into a pair of 6500 configured in VSS and another WiSM-2 module into other pair of 6500 configured in VSS for serving a 300 APs??...in this case, do i need to configure mobility groups for guarantee a high availability and also redundancy of controllers?Under the best practices, is much better having the two WiSM-2 modules into a single pair of 6500 configured in VSS??
View 4 Replies View RelatedCisco Wireless :: 4400 High Availability In Wireless Controller
May 28, 2012We have two 4400 WLC's. We have around 20 access points in our network.If we assign controller1 as primary for half of the access points and controller 2 as primary for the other half, does this mean the association of the ap's indicate load balancing by the controllers. Does this mean wlc does load balancing as different ap's associate on different controllers. or does it only server as active-standby wlc.
View 2 Replies View RelatedCisco Security :: Add Additional CAS To Existing NAC OOB Deployment 4.7.3
Apr 10, 2011If I am to add the Self-generated certificate of my new CAS to my existing CAM's trusted certificate authorities list, will it just be added or will it replace the existing trusted certificate?
View 4 Replies View RelatedCisco Firewall :: ASA 5550 - Active Port Availability
Sep 28, 2011with the 5550 we get 4 gig ports on slot 0 and 8 gig ports on slot 1, also a fast Ethernet management interface port. The documentation states that only 8 ports can be active at any one time but does that exclude this management port so that I can use this as well ?
Also is the port assignments for slot 1 like g1/0 - 1/7 ? As the other the 8 ports in slot 1 are 4 x gig E and 4 x gig sfp.
Cisco Firewall :: How To Connect To WAN Port On ASA5510 To Test Before Deployment
Oct 5, 2011I've cloned the configuration off one of my ASA5510's to another 5510 to use as a template for a new data center deploy. I have configured the new firewalls networks and rules, and of course changed the WAN IP config to its new setting.
I want to test the firewall in y office before I deploy it. How should I configure my Macbooks ethernet configuraiton to test the firewall?, as I have tried without success to connect to it.
Let's say that my WAN configuration is 134.5.169.98/255.255.255.224 with a static route of IP address 0.0.0.0, Netmask 0.0.0.0 and a gateway IP of 134.5.169.97.
I've tried setting the route to force all traffic through the interface (sudo route add 0.0.0.0/1 134.5.169.98), but that did not work either. A trace route to the external interface IP of the firewall (or the external IP of an expose server) get's a "no route to host" error.
I've tried many configurations and have not been able to access the internal servers/services/VPN at all.I've also tried with a cross over, and straight through cables.
What should I configure my macbooks network configuration as so I can connect directly to the WAN port to test external access to the internal servers/services and test the VPN client?
Cisco Switching/Routing :: Enabling Port Security On C4507R Shuts Down Port
Aug 13, 2012I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable. It's different every time I apply the config to the same group of ports. However if I do them one at a time it seems to work. But I really don't want to configure 6 fully populated switches one port at a time. We also have a lot of 3750's and they gave me no problem using a port range. [code]
View 4 Replies View RelatedUse A High-speed Usb Port For Wifi Receiver?
Apr 20, 2012I have an old PC in my Buenos Aires apartment, connected to WiFi by means of a receiver module - because the modem is across the room and too far to connect by cable...But I get the message that the device would work more efficiently with a high-speed USB port...If I installed a high-speed card inside the computer, would this improe my Internet speed? It hangs up quite a bit... but then again, it's a Pentium III, so there's that limitation too.
View 1 Replies View RelatedCisco Switching/Routing :: 2960 - Switch Port High Utilization
Aug 16, 2012In my network we use all cisco 2960 switches, problem is when someone copying 4gb data or high from one switch to another switch, by that time rto (Request time out) is coming.
router
|
|
|
[Code]....
1. when user 1 copy data from server ,at that time who is in switch2 behind like user2 ,he is getting problem like when ping to default-gateway,or rto is coming and network is very slow .
2. when i open sw2,sw1,sw3,trunk ports utilization is very high except sw4 to sw1 trunk ports,who behind sw4 like user4 ,he is not getting problem.
3.all switches trunkport in my network is faster ethernet and i have no option to connect trunkport to gigaehternet and ethernet channel.
Cisco Firewall :: ASA 5510 7.2.1 High Traffic On Outside Interface Very High Input?
Oct 13, 2011Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running constantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
View 6 Replies View RelatedCisco WAN :: 2801 High CPU Load / Low Traffic / High Interrupts
Nov 26, 2012We installed a solution with 2 Cisco 2801, BGP multihomed failover.
1) The router which is currently getting all the traffic gets to 55% to 60% of CPU usage when handling 40 SIP/RTP streams . This equals 10Mbit up/10Mbit down and it showed around 5800 packets TX and around 5800 packets RX, with a majority of them CEF switched. As those figures are way less than the performance figures published by Cisco, we wonder if we made any mistake in setting up our router, or if we can do something to improve the router setup.
2) Does it have an impact on router performance if we increase/decrease RTP packet size, thus increasing or decreasing the pps relative to the consumed bandwidth?
3) If it is not possible to improve router configuration, we also wonder about possible replacement units for those routers. Would a 2901 do a good job? By how much would it rise the capacity? What other models would you recommend if we plan to rise the number of concurrent calls by a factor of 4 or even 8 times of what we have now (so up to 48000 pps and 80Mbit).
Here is what we tried:
- ip route-cache same-interface does not seem to improve anything
- ip flow ingress on or off makes no difference
- disabling the inbound ACL on fa0/0 seems to reduce load by 10%, although I don't understand why - a very high percentage is CPU interrupts, and ACLs are process switched, or not?
- we tried following the Cisco guide for high CPU due to high interrupts, with no success
Here are some usage statistics:
The graphs that we plot via SNMP show a propotional growth/increase of CPU and bandwidth (and thus pps) At the highest loads, we had a bit more than 55% CPU utilization with more than 50% interrupt CPU.
CPU utilization for five seconds: 36%/30%; one minute: 30%; five minutes: 30%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
127 13140 954 13773 2.00% 0.29% 0.07% 194 SSH Process
[Code].....
Cisco :: LMS 4.0 IP SLA Availability Report Is Incorrect?
Jun 22, 2011I'm polling a few thousand locations using IP SLA, I have responder enabled on all destinations, and I'm using 60 byte voice packets with a QoS policy.When I run an IP SLA Summary availability report, I have a bunch of locations showing 9% availability 8.5% etc. When I go to the actual collector, and pull up a graph of the same time period, that graph shows 100% availability.
Same collector, same data, just different views giving completely different results. I have to assume that the IP SLA summary report is wrong, these sites were not down 90% of the time.
Just a random though to go with that, I do have the IP SLA to only pull information during the locations operational hours, and I did pull the report from midnight to 11am, the statistics should have been gathered for 4 hours of the 11, which is still higher than 9%, and I would expect all of my locations to report like that, not just a few hundred.
All of the devices are similar in hardware and IOS, and I have verified on a handful that IP SLA responder is enabled, and I see the connections, I have also verified the source configuration via command line.
How To Increase Internet Availability
Dec 10, 2011what fields of IT increase internet availability. I have lived in South Korea for the last six months. I can't say how much better life is because there seems to be universal high-speed internet access, even at 24/7 fast food places like Dunkin' Donuts, McDonalds, etc.).
View 3 Replies View RelatedDifference Between High-power And High-gain In Wireless USB Adapters
Nov 12, 2011what's the difference between High-power and High-gain wireless USB adapters.
View 5 Replies View RelatedDell :: Reformatted Inspiron 17R And No Wi-Fi Availability
Apr 30, 2012My father purchase an Inspiron 17R (he knows nothing about computers and I'm just a low level user). He has wireless internet thru Comcast and there was never a problem.He downloaded some scam program, and I reformatted the hard drive. Used the recovery disk, windows installed and remained connected thru the whole reformat process.This recovery disk was the operating system only- no other recovery disk was included.After the reformat, the computer now has no wireless capability. After checking the forums I went to the service center, entered the service tag, and downloaded/installed every driver in the "chipset" and "network" categories. (Downloaded to a different computer and transferred with CD)Still no wireless. When I click on the "bars" in the lower right corner, it doesn't even give me an option for wireless networks (which it used to- now it only says "dial up and VPN")I went to the device manager, the "Wireless LAN mini card" is ok, but there are 4 things underneath showing the yellow exclamation point of death:
ETHERNET CONTROLER
PCI SIMPLE COMMUNICATIONS CENTER
SM BUS CONTROLLER
UNIVERSAL SERIAL BUS
Cisco Switching/Routing :: C6509 To Have Feedbacks About Vss Availability
Mar 9, 2012we plan to implement VSS on our datacenters (C6509/Sup720), in order to remove L2 loops (currently, access layer are C3750 stacks, which could evoluate for N5K/N2K). I would like to have some feedbacks about VSS stability. Some years ago, I have seen some bugs with this technology in another company, so I am still not totally comfortable to use it in the datacenter.
View 0 Replies View Related
