Cisco Switching/Routing :: ASR1000 - Dual ISP Active / Active Connection On Single Router
Jun 10, 2012
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
(access switches)---------(core switch)----------(routers)----------------(ISP1)
----------------------(ISP2)
View 1 Replies
ADVERTISEMENT
Jun 1, 2011
I have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies
View Related
Feb 7, 2012
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
View 1 Replies
View Related
Jan 13, 2013
I am looking to implement VSS using our two 6500 series switches. The "Recovery Actions" when there is a Dual-Active situation says that the active chassis that detects a dual-active condition shuts down all of its non-VSL interfaces (except interfaces configured to be excluded from shutdown) to remove itself from the network, and waits in recovery mode until the VSL links have recovered. Does this mean that the Active chassis gets totally isolated thus triggering the modules on the Standby chassis to be active ?
View 1 Replies
View Related
Jun 24, 2012
In IOS verson 12.X there was a Bidirectional Forwarding Detection configuration however in IOS 15.0 this isn't available at least not with the same syntax. Is this feature not available in 15.0?
In 12.X this was the syntax of the command:switch virtual domain <number>.
View 1 Replies
View Related
May 24, 2013
I am interesting if 3560x supports ePAgP. I have VSS which is formed by two 4500x switches. Can I use 3560x, which is connected two both VSS members via 10Gb optics for Dual Active detection ?
View 2 Replies
View Related
Oct 15, 2012
I have the Cisco VSS consisting two chassis 6509.I have the system Active-Dual detection via Enhanced PAgP with one neighbor - standalone cisco 3750. All works good.I want to add one more neighbor - cisco stack 3750x with 3 members. Will this scheme work? And what is in danger, if the stack is split into two parts?
View 2 Replies
View Related
Apr 10, 2011
I faced one problem in our core switch 4507 R . Active sup lost connection and standby came active. We got lot of errors/alerts on console shown below. [Code] Also when I reloaded the switch with reload command only both sups got reloaded but I want to reload all the modules but reload command do not gives any options for that.
View 2 Replies
View Related
Jul 17, 2012
I have a pair of ASA 5520s operating in failover pair as active/standby, having two contexts on them. I am planning to share the load and make it active/active making first context active on the primary unit and second context active on the secondary unit. My question is if this will disrupt any connectivity thru these firewalls when I do "no failover" on the active/standby and assign the contexts to different failover groups and enable the failover back.
View 6 Replies
View Related
Mar 20, 2012
I am looking at deploying a pair of 5585X's in an active/active multiple context state. I am creating Mulitple contexts that need to be able to route to each other. I was going to deploy a type of Gateway context that has a shared interface to all of the other contexts, instead of sharing interfaces directly between the contexts, i beleive this will work as basically i am just cascadng the contexts and sharing interfaces.
The main problem i have come across, is that if i deploy active/active across two appliances using 2 failover groups i can not see a way to route between them, for example.
I have Context 1, Context 2 and Context GW A including the shared interfaces of Con1 and Con2 in failover group 1 on appliance A with the respective standbys on Appliance 2. I have Context 2, Context 4 and Context GW B including the shared interfaces of Con 3 and Con 4 in failover group 2 on appliance B with the respective standbys on Appliance 1.
I need to be able to route traffic between Context GW A and GW B so that the contexts can communicate in normal operation and in failover. I do not beleive that I can share an interface between contexts in two separate failover groups and to be honest without adding a L3 device between the appliances i am not sure if this is possible.
View 9 Replies
View Related
Dec 17, 2012
I have two ASA 5510s running in Active/Active mode. I need to make config changes on them. How do I go about it? Do I power off the secondary ASA and make the config changes on the primary and then power on the secondary ASA ? Or this another way to do this?
View 3 Replies
View Related
Mar 30, 2011
I have 2 asa 5520 firewalls including and 1 AIP-SSM-10 module in each of them. the configuration is set using active/active failover and context mode.
Both of them run individualy the IPS module. The IPS is configured using inline mode and fail-open option. However when one of the module fails and the state is changing from up to init or anything else making the IPS to fail then failover is detected and ASA consider it as failover and bounce context to the other unit.
IPS soft is 6.0(4) and ASA soft is 8.0(3)
I have checked cisco doc and it is confusing to me. it says: "The AIP-SSM does not participate in stateful failover if stateful failover is configured on the ASA failover pair." but it really does participate. Running is not really an option because of production network impact matter..
View 2 Replies
View Related
Sep 19, 2011
We have an Active/Active ASA 5520 setup, as i know in Active/Active setup there is no remote VPN access, So i could overcome this limitations?I have a solution but i dont know if it is ablecable or not? we have a spare ASA 5510, so i can use it behind Active/Active Firewalls and assign a public static NAT IP address to it and open all IPSEC and VPN ports and let the remote users to connect to it, is this ablecable setup or not?
View 1 Replies
View Related
Dec 27, 2011
its possible to set up active/active failover using etherchannel on 5585s?
View 1 Replies
View Related
Mar 17, 2013
How to Configure ASA5520 for Active/Active
View 8 Replies
View Related
May 7, 2007
our application team is mandating, that the solution we should come up with for SLB, should support Active/Active mode of SLB operation.
My question, is this mode of operation supported/accredited by Cisco, and what is the draw back from the traditional active/standby.
View 2 Replies
View Related
Dec 14, 2011
I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved. Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time. I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.
View 3 Replies
View Related
Jan 12, 2013
1. We have Two 3900 Router on the core layer which are terminated with one ISP on one Router and Secondary ISP on Second Router.
2. Can we configure my ASA 5520 with Active/Standby termenating two IPS providers one on Active ASA 5520 and Other ISP on Standby ASA 5520, so that when Active ISP fail ASA Secondary can become Active and send the Traffic throough Secandary ISP.
3. The reasion behind giveing Public IP on Firewall is to Terminate VPN on our Firewall i.e. SSL and IPSEC VPN.
Few Clarification If we can achive the above:
1. How will the DMZ Servicec nated with my Primary ISP on my Primary ASA will be routed when the Secondary ASA is acting as Active Firewall.
2. Can Web SSL and Client To Site IPSEC VPN users access service via the Secondary ISP- ASA when my Primary ASA and ISP is down.
View 7 Replies
View Related
Apr 2, 2013
I have a dual ISP, 1 primary and 1 secondary terminated on fa0 and fa2 on our ASA respectively. ASA was configured so that, when the primary fails, the secondary kicks in. [code]
It was until yesterday that we experienced downtime on the primary ISP that the secondary doesn't do the fail-over. I have to manually configure the device to use the secondary ISP. Currently, I'm looking at maybe this has something to do with the licensing.We are currently using a Base License, should we be upgrading to Security Plus?
View 10 Replies
View Related
Mar 4, 2013
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
View 4 Replies
View Related
Apr 14, 2013
I have installed a Catalyst 2960-S and a 3750-X-12S and I am trying to setup a VLAN 51 for some VoIP phones. I have added the VLAN as an interface on both switches, but the 3750 is not showing VLAN 51 as active when i do a show vlan. Also, it omitts showing Gi1/0/1 & Gi1/0/3 which are uplinks to 2960-S switches plugged in and working on VLAN1.
Catalyst3750SFP#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
[Code].....
View 2 Replies
View Related
Jun 28, 2012
is there a way to show the last time a port was active/inactive on a catalyst 4500?
View 3 Replies
View Related
Sep 25, 2012
Any have experience on triggered failover on VSS deployment with 1 VS-720-10G-3C in each chassis? I tried using "redundancy force-switchover" but after that the 20G VSL is flapping up & down and cannot be up normally, we got 1 FWSM in each chassis, any configuration need to fit in this kind deployment? BTW, if I shutdown the power source of VSS active chassis, both FWSM & VSS can failover normally.
View 3 Replies
View Related
Dec 16, 2011
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
View 9 Replies
View Related
Apr 19, 2013
In my 6513 switch chassis we have two Supervisor Engines 720 one is marked Active other as Hot. what is the diffrence in their mode as by name I suppose that Active one is currently in use and Hot one is in standby mode.They are showing in this manner.
Module Ports Card Type
7 2 Supervisor Engine 720 (Active)
8 2 Supervisor Engine 720 (Hot)
View 4 Replies
View Related
Sep 30, 2012
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
View 1 Replies
View Related
Apr 22, 2012
I went through the configuration guide for 4500 series switches for NSF/SSO for failover between Sup's. I just wanted to know that that are we supposed to run the SSO command on both of the supervisors? Secondly, are we only supposed to run the nsf process under EIGRP on the secondary supervisor and routing peers and not on the primary supervisor?
View 2 Replies
View Related
Oct 19, 2012
We are expanding out LAN network with more 2960 access switches. All the access switches are suppose to be connected to core switch (4507R) but i have less port on the core switch.
On the core switch we have two supervisor engines (WS-X4515 ---description : "Supervisor IV with 2 1000BaseX GBIC ports"). I can see that on each supervisor engine i have two 1 GB SFP ports available and if i calculate for two supervioser engine i will have 4 1GB ports.
But at particular time only one supervisor engine is active and other is in standby mode (redundancy mode used is SSO between two SUP engines).
Can i used all 4 SFP ports for connecting 4 uplinks to the 4 access switch?Will all the 4 SFP ports active at one time or only 2 SFP ports will be active that is for only active supervisor engine.
View 10 Replies
View Related
Jun 4, 2012
I was upgrading IOS on 4507 R with dual supervisor.I download the IOS on Active supervisior and did reboot.After reboot i login to switch then i got switch standby prompt.I found that after reboot active supervisior became standby supervisior.
Now new IOS is on standby supervisior.Need to confirm below..So this means that IOS does not syn within the supervisiors as compared to config right ?
-Which command i can use that will copy IOS from standby supe to Active supe??
-Which command i can use that will show both active and standby supe with new IOS?
-Is there any command that i can use to switchover from active to standby supe??
View 3 Replies
View Related
Oct 30, 2012
After rebooting a pair of 6504's configured for vss, both switches show active on the sup modules. A show switch virtual redundancy however shows the pair working in an active/standby mode. We have 6509's in vss pairs and they show active on switch1 and standby on switch2 led's. For the 6504's switch 1 was booted first and then the second switch about 30 seconds later. Is there something different with the 6504's? [code]
View 4 Replies
View Related
Mar 13, 2013
how the Nexus 5500s work ?currently we have two 6513 Core switches 6513-1 and 6513-2 running HSRP and RSTP. 6513-1 is currently the Root Bridge, 6513-2 is setup as our secondary root. We also have two 5548UPs setup with a peerlink between them. Picture attached. "Current Setup.jpg"
There is a 20gig port channel between the 6513s and also a 20gig port channel(peer link) between the 5548s. 5548-1 has a 10g fiber running back to 6513-1 and 5548-2 has a 10g fiber running back to 6513-2. Currently now Spanning tree is blocking the link from 6513-2 going to 5548-2 which is what we expect. We were working on moving some things to different racks the other day and moved switch 5548-2 to another rack and brought it back online without the peerlink fiber connected. We started to have issues and tried to plug the peer link back up, but still continued to have issues. We started to troubleshoot and noticed that both 5548s were acting like the master of the VPC domain and was not letting traffic pass accross the Peer Link. We then rebooted the 5548-2 with the thought that it would come back up as the secondary in the VPC domain. When it finally finished booting back up it then caused a huge loop in our network accross both uplinks to the 6513s and the 5548s peer link which in turn took our network down. Spanning tree did not work like it was suppose to and block the port going from 6513-2 to 5548-2 in time.
My thought was this didn't seem like a good setup. I went to the drawing board and decided we needed to have an uplink from both 5548-1 and 5548-2 going to 6513-1 setup as a port channel/VPC and also a uplink from 5548-1 and 5548-2 going to 6513-2 setup as a port channel/VPC. Picture Attached. "NewSetup.jpg" We are also planning on buying a "2K-C2224TP-1GE" to hang off the 5548s to use for ethernet.
how the Nexus 5ks work and haven't done a lot of research on them. Would this not be a better setup since both switches will have an active link to the root bridge? The links from the 5548s going to 6513-2 should always be in a block state until we loose both uplinks to 6513-1 or the entire switch itself correct? Also how will the 5548s reactive if I was to loose the Peer link fiber? Will they continue to work as normal? When it looses this Peer Link does it suspend all the VPCs for the servers on the secondary switch in the Domain so the network doesn't get confused on which link to send traffic up since there isn't a peer link active or is this not the case? Also with the peer link down will the 6513-1 know which 5548 to send the traffic to if there is only 1 device (not setup in a VPC) on one of the 5548s? What are your recommendations/best practice on the setup for the 2k?
View 6 Replies
View Related
Jan 24, 2012
I have catalyst 6500s with two VS-S720-10Gs, one is in Active and one is in Hot state. Both Sup cards have two 10G uplink ports. How does the traffic forwarding works in this case on the uplink ports? Do these uplink ports actively forward traffic or it is only the uplinks ports on Active that forward traffic? I see CDP neighbors on both Active and Hot SUPs uplinks ports - it indicates that packets are flowing on both cards.
I want all uplink ports on both SUPs to actively forward traffic. Does it work? What is the config for this?
View 1 Replies
View Related
Jun 3, 2009
Having problems with my wireless router, dropping and keeping connection active. For some odd reason I keep dropping connection either wireless or wired. I have a total of 5 items going through this router. 2 of them are wireless and the other 3 are wired. The wireless items are a desktop computer that is using the Wireless USB adapter to get online. Sometimes it drops and most of the time it doesn’t have any problems. I have a laptop that sometimes the connection goes from strong all the way down to no connection at ALL. It starts at 54MBPS to down to the RED X over the wireless manager. Forgot to mention both of these machines are Windows XP. If I reboot the laptop, it comes up without any problems.
Sometimes I tell Windows XP to manage the Wireless connection and tell it to disconnect and re-connect again, it goes. Now for the wired items, I have 2 gaming systems and another computer plugged directly up to the router. For some odd reason when I double click on the internet, on the computer that is hooked directly to the router, it says page couldn’t be found. I know that there is connection and there is nothing running in the task tray except for the Anti-Virus and Firewall. The browsers that I am using are Internet Explorer 8 and Mozilla Firefox 3.0.10. Also checked on the back of the machine to see if I have link lights and everything is flashing. Finally, when I click the homepage or refresh button about 2 or 3 times, it goes through.
think that I am overloading this Router and it can’t handle it. I might have to look into sending "Keep Alive" packet setting on the router.
View 9 Replies
View Related
