Cisco Switching/Routing :: 15.0 VSS Dual Active Detection Configuration
Jun 24, 2012
In IOS verson 12.X there was a Bidirectional Forwarding Detection configuration however in IOS 15.0 this isn't available at least not with the same syntax. Is this feature not available in 15.0?
In 12.X this was the syntax of the command:switch virtual domain <number>.
I am interesting if 3560x supports ePAgP. I have VSS which is formed by two 4500x switches. Can I use 3560x, which is connected two both VSS members via 10Gb optics for Dual Active detection ?
I have the Cisco VSS consisting two chassis 6509.I have the system Active-Dual detection via Enhanced PAgP with one neighbor - standalone cisco 3750. All works good.I want to add one more neighbor - cisco stack 3750x with 3 members. Will this scheme work? And what is in danger, if the stack is split into two parts?
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
I am looking to implement VSS using our two 6500 series switches. The "Recovery Actions" when there is a Dual-Active situation says that the active chassis that detects a dual-active condition shuts down all of its non-VSL interfaces (except interfaces configured to be excluded from shutdown) to remove itself from the network, and waits in recovery mode until the VSL links have recovered. Does this mean that the Active chassis gets totally isolated thus triggering the modules on the Standby chassis to be active ?
I have recently implimented an RV016 device into our network. We have a bonded T1 service with Paetec/Windstream (5 static IPs) and also a cable connection with Comcast (no static IP). The T1 has been our primary connection, and our MX and A records all use this IP address. I have the rules set and using a one-to-one NAT setup with our 5 IPs. Everything is working great with the T1 in place and email is flowing with no problems, however when I connect the cable into the WAN2 port and try to send email, its using that outbound connection, rather then the T1 and our spam filter is blocking it. So the email is rejected and we get this message below.
--------------------------------------------------------------------------- Delivery has failed to these recipients or groups:
xxxx@gmail.com (xxxx@gmail.com)Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The following organization rejected your message: (our smtp spam relay) -------------------------------------------------------------------------
The reason for being rejected is just because it doesn't recongnize the IP address/gateway it is coming from.
My question is, how do I define that all email is sent out through our T1 connections IP address in the router?I see options for Advanced Routing or Bandwidth Management, but not sure what one I need to configure as I am not too familiar with these settings. I have Intelligent Balancer(Auto Mode) enabled as well by default.
The reason for adding the second internet connection is strictly for load balencing and getting some more bandwidth in our location.
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
I have a two fiber connection from our Central Office(6513) to Remote office (6509). I have a requirement that on the remote office if one of the fiber goes down, the second fiber should work as a failover. I am planning to use SUP720-3B SFP to connect to the CO.
Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G5/2? or Can I connet one fiber to Sup720-3b G5/1 & another fiber connection to G6/2? I am running EIGRP between sites. Any sample config.
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?
Connecting Avaya 9611G IEEE class 1 devices to a Cat2960s. How ever some of the phone are registering as class 3 devices no matter what interface the phone is connected to. Typical port config is as follows:
In NX-OS release 4.2(8) a feature was introduced to supress duplicate IP address warning messages in DCI environments.When using the same HSRP addresses in both DCs but blocking the HSRP exchange, ARP still detects these duplicate configuration and writes log messages. There obviously is a feature to suppress this but I do not find any reference how to enable it.url...
I would like to make a design with 4 Nexus 5596UP. 2 of them equipped with Layer 3 Expansion Module so they can serve as core layer and the other 2 Nexus used as Layer 2 for aggregation server layer.The 2 Nexus in the core layer will run HSRP and will peer with ISP via BGP for Internet connection The 2 Nexus in the aggregation layer will be configured as layer 2 device and have FEX and switches connected to them.What I am ensure of is how the vpc and port-channel configuration should look like between the 4 nexus. What I was thinking is to run vpc between the 2 Nexus in the aggregation layer and between the 2 Nexus in the core layer. Than I was thinking of connecting each Nexus in the aggragtion layer to both Nexus in the core layer using port-channel and vice-versa.
I run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved. Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time. I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.
1. We have Two 3900 Router on the core layer which are terminated with one ISP on one Router and Secondary ISP on Second Router.
2. Can we configure my ASA 5520 with Active/Standby termenating two IPS providers one on Active ASA 5520 and Other ISP on Standby ASA 5520, so that when Active ISP fail ASA Secondary can become Active and send the Traffic throough Secandary ISP.
3. The reasion behind giveing Public IP on Firewall is to Terminate VPN on our Firewall i.e. SSL and IPSEC VPN.
Few Clarification If we can achive the above:
1. How will the DMZ Servicec nated with my Primary ISP on my Primary ASA will be routed when the Secondary ASA is acting as Active Firewall.
2. Can Web SSL and Client To Site IPSEC VPN users access service via the Secondary ISP- ASA when my Primary ASA and ISP is down.
I have a dual ISP, 1 primary and 1 secondary terminated on fa0 and fa2 on our ASA respectively. ASA was configured so that, when the primary fails, the secondary kicks in. [code]
It was until yesterday that we experienced downtime on the primary ISP that the secondary doesn't do the fail-over. I have to manually configure the device to use the secondary ISP. Currently, I'm looking at maybe this has something to do with the licensing.We are currently using a Base License, should we be upgrading to Security Plus?
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
I am position to migrate from CatOS 6509 switch to native IOS 6509 switch. long time ago, there was some site to convert automatically based on copy and paste onto the tool, but i can not find.
Does anybody know how to convert CatOS configuration to Native IOS configuration ? It is not IOS change, but it is configuration convert.
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
I have installed a Catalyst 2960-S and a 3750-X-12S and I am trying to setup a VLAN 51 for some VoIP phones. I have added the VLAN as an interface on both switches, but the 3750 is not showing VLAN 51 as active when i do a show vlan. Also, it omitts showing Gi1/0/1 & Gi1/0/3 which are uplinks to 2960-S switches plugged in and working on VLAN1.
Catalyst3750SFP#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
Any have experience on triggered failover on VSS deployment with 1 VS-720-10G-3C in each chassis? I tried using "redundancy force-switchover" but after that the 20G VSL is flapping up & down and cannot be up normally, we got 1 FWSM in each chassis, any configuration need to fit in this kind deployment? BTW, if I shutdown the power source of VSS active chassis, both FWSM & VSS can failover normally.
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
In my 6513 switch chassis we have two Supervisor Engines 720 one is marked Active other as Hot. what is the diffrence in their mode as by name I suppose that Active one is currently in use and Hot one is in standby mode.They are showing in this manner.
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
I went through the configuration guide for 4500 series switches for NSF/SSO for failover between Sup's. I just wanted to know that that are we supposed to run the SSO command on both of the supervisors? Secondly, are we only supposed to run the nsf process under EIGRP on the secondary supervisor and routing peers and not on the primary supervisor?
We are expanding out LAN network with more 2960 access switches. All the access switches are suppose to be connected to core switch (4507R) but i have less port on the core switch.
On the core switch we have two supervisor engines (WS-X4515 ---description : "Supervisor IV with 2 1000BaseX GBIC ports"). I can see that on each supervisor engine i have two 1 GB SFP ports available and if i calculate for two supervioser engine i will have 4 1GB ports.
But at particular time only one supervisor engine is active and other is in standby mode (redundancy mode used is SSO between two SUP engines).
Can i used all 4 SFP ports for connecting 4 uplinks to the 4 access switch?Will all the 4 SFP ports active at one time or only 2 SFP ports will be active that is for only active supervisor engine.
I was upgrading IOS on 4507 R with dual supervisor.I download the IOS on Active supervisior and did reboot.After reboot i login to switch then i got switch standby prompt.I found that after reboot active supervisior became standby supervisior.
Now new IOS is on standby supervisior.Need to confirm below..So this means that IOS does not syn within the supervisiors as compared to config right ?
-Which command i can use that will copy IOS from standby supe to Active supe?? -Which command i can use that will show both active and standby supe with new IOS? -Is there any command that i can use to switchover from active to standby supe??
After rebooting a pair of 6504's configured for vss, both switches show active on the sup modules. A show switch virtual redundancy however shows the pair working in an active/standby mode. We have 6509's in vss pairs and they show active on switch1 and standby on switch2 led's. For the 6504's switch 1 was booted first and then the second switch about 30 seconds later. Is there something different with the 6504's? [code]
how the Nexus 5500s work ?currently we have two 6513 Core switches 6513-1 and 6513-2 running HSRP and RSTP. 6513-1 is currently the Root Bridge, 6513-2 is setup as our secondary root. We also have two 5548UPs setup with a peerlink between them. Picture attached. "Current Setup.jpg"
There is a 20gig port channel between the 6513s and also a 20gig port channel(peer link) between the 5548s. 5548-1 has a 10g fiber running back to 6513-1 and 5548-2 has a 10g fiber running back to 6513-2. Currently now Spanning tree is blocking the link from 6513-2 going to 5548-2 which is what we expect. We were working on moving some things to different racks the other day and moved switch 5548-2 to another rack and brought it back online without the peerlink fiber connected. We started to have issues and tried to plug the peer link back up, but still continued to have issues. We started to troubleshoot and noticed that both 5548s were acting like the master of the VPC domain and was not letting traffic pass accross the Peer Link. We then rebooted the 5548-2 with the thought that it would come back up as the secondary in the VPC domain. When it finally finished booting back up it then caused a huge loop in our network accross both uplinks to the 6513s and the 5548s peer link which in turn took our network down. Spanning tree did not work like it was suppose to and block the port going from 6513-2 to 5548-2 in time.
My thought was this didn't seem like a good setup. I went to the drawing board and decided we needed to have an uplink from both 5548-1 and 5548-2 going to 6513-1 setup as a port channel/VPC and also a uplink from 5548-1 and 5548-2 going to 6513-2 setup as a port channel/VPC. Picture Attached. "NewSetup.jpg" We are also planning on buying a "2K-C2224TP-1GE" to hang off the 5548s to use for ethernet.
how the Nexus 5ks work and haven't done a lot of research on them. Would this not be a better setup since both switches will have an active link to the root bridge? The links from the 5548s going to 6513-2 should always be in a block state until we loose both uplinks to 6513-1 or the entire switch itself correct? Also how will the 5548s reactive if I was to loose the Peer link fiber? Will they continue to work as normal? When it looses this Peer Link does it suspend all the VPCs for the servers on the secondary switch in the Domain so the network doesn't get confused on which link to send traffic up since there isn't a peer link active or is this not the case? Also with the peer link down will the 6513-1 know which 5548 to send the traffic to if there is only 1 device (not setup in a VPC) on one of the 5548s? What are your recommendations/best practice on the setup for the 2k?
I have catalyst 6500s with two VS-S720-10Gs, one is in Active and one is in Hot state. Both Sup cards have two 10G uplink ports. How does the traffic forwarding works in this case on the uplink ports? Do these uplink ports actively forward traffic or it is only the uplinks ports on Active that forward traffic? I see CDP neighbors on both Active and Hot SUPs uplinks ports - it indicates that packets are flowing on both cards.
I want all uplink ports on both SUPs to actively forward traffic. Does it work? What is the config for this?