Cisco WAN :: 2960 Should One Server Fail Other Will Act As Fail Over
Feb 22, 2012
We have two Cisco 2960 TT-L switches. I'd like to reduce single points of failure and have dual servers for most tasks. For example, two firewall servers and two web servers. Should one server fail the other will act as a failover.I'd like to extend the redundancy to the switches, and am thinking of connecting one web server to one switch, and one to the other. In the event a switch failed a set of servers would still run, and be able to talk to each other.I'd like to run two VLANs, one for the LAN, and one of the WAN, and connect the two VLANs on each of the switches with the associated VLAN on the other switch.
View 3 Replies
ADVERTISEMENT
Aug 18, 2011
Find here the extraction of the configuration and the debug sysout. The radius servers works fine with all the other accesss like ssh, telnet...
Just the http access fail. This configuration work fine with the version 12.2.55 installed before.
Aaa new-model
aaa authentication login default group radius local
aaa authentication login physique local
[Code].....
View 2 Replies
View Related
Sep 11, 2011
Me and my wife just moved into a new apartment and got subscribed to a new broadband provider. They sent us through a cisco router (model no.epc2425) and we created a WPA2-Personel secure network, with encryption type TKIP. I have connected my macbook to it, my iPhone to it, and my wifes samsung netbook (running Windows 7) but I cannot connect my laptop running vista to the internet. I've tried playing around with different network security and could connect to it on WEP but I didn't want to keep it on that and I couldn't connect the net-book. The rest of the security types and encryption types have the same response.The computer connects to the network with an excellent signal, but it is the only computer that cannot connect to the internet through this network. I never had a problem like this with this computer and have tried it on other networks.When I run windows network diagnostics it says 'Cannot communicate with Primary DNS Server (193.150.193.150)'Network diagnostics pinged the remote but did not receive a response.'
When I try to automatically get a new IP setting for network adapter it tries to repair but then says 'there still seems to be a problem with your connection'. Likewise when i click 'reset the network adapter' the repair leads back to cannot communicate with primary DNS server.I have tried a wired connection, router to computer, but as soon as I plug it in I get the message 'Windows has detected and IP address conflict' - and it once again connects to the network but not to the internet.I don't know if this makes any difference, but this is a British computer and I moved to Sweden, obviously using a Swedish ISP..i used to have this problem, you need to set the network adaptor to all automatic, your new cisco router uses uPnP so your IP conflict is probably a result of your unconnected laptop trying to connect to the same IP address as another PC on your network (eg/ 192.168.0.5 would be used by your iPhone, but your laptop has reserved that IP address for itself), to fix this, go to network and sharing center, navigate to adaptor settings on the left pane, right click the wireless card and choose properties>IPv4 properties, set everything to automatic, including all things in other tabs and click advanced and make sure DHCP is enabled on that card.Then reboot and try again.''I had a look at the wireless card (it's Atheros AR5007EG Wireless Network Adapter) and on the IPv4 properties it's already on 'obtain and IP address automatically & obtain DNS server automatically' as well as 'automatic private IP address' in one of the tabs.
View 2 Replies
View Related
Jan 23, 2012
Have you ever found the problem that if I set two tacacs server in my N7K and the primary tacacs server fail, won't switch over to another tacacs server.
View 1 Replies
View Related
Jul 3, 2007
I follow step by step the link bellow to configure web-auth with external RADIUS server but I receive a error on console debug of the WLC "Returning AAA Error No Server (-7) for mobile"My Radius Server is fine, because I can authenticate on WLC Web page with RADIUS user. WLC 4402 version 4.1.171.0 [URL]
View 2 Replies
View Related
Mar 10, 2013
Region : Denmark
Model : TL-MR3420
Hardware Version : V2
Firmware Version : 3.13.27 Build 121206 Rel.60215n
I have a TL-MR3420 router placed in a remote location. The internet connection is via 3G, and since the telco is shifting the IP every 24 hours, the router is configured with DDNS from no-ip.org. This is working OK most days, but sometimes the DNS fails to update. To be able to trobleshoot it, I am trying to make my router send a mail with the logfile every hour. This function seems to be easy and out-of-the-box, but it doesn't wiork. Whenever I try to mail the log I get the error message "Fail to Connect the mail server.".
It is not possible to enter another SMTP-port, so I asume the standard port 25 (like this thread). Most ISP-mail services require SSL/TLS and/or use an alternative port, so I have made my own server. This server is visible on the Internet, and I (and others) are able to connect and send mails using smtp on port 25. But, still my remote TL-MR3420 keep saying "Fail to Connect the mail server.". I have tried nearly everything, including disabling authentication and giving the IP-address of the smtp server directly instead of the URL.
View 1 Replies
View Related
Feb 27, 2012
ACE 4710 software A3(2.7) [code] Why is the fail-on-all option missing from the serverfarm that is of type redirect? This option is something that I would actually need in a certain situation.
View 1 Replies
View Related
Feb 26, 2011
I want to configure my ACE so that if a probe fails, it fails over to the backup rserver, BUT it won't failback to the primary rserver until manual intervention is complete. The problem is we don't want an rserver to fail and failover to secondary, then failback to primary, repeat... (flip-flopping). I want to be able to have time to get on the server and find out what may have caused the probes to fail before it fails back.
View 4 Replies
View Related
Feb 2, 2012
Cisco 891 configuration Details: [code] I could connect to the Giga bite thernet wan, based on above configuration.When I test on FastEthernet8 for the secondary ISP connection it will not go through the internet.
View 17 Replies
View Related
Apr 17, 2012
I am running a home configuration where there are 2 PC's each using a different ISP. If one of those ISP's goes down, I would like both PC's to switch over to the working ISP.
View 5 Replies
View Related
Feb 28, 2013
I can't tracert or ping certain websites or servers for games.Before I go on, no I wasn't doing this because of DDoS-ing. I was doing this so that I could find an exact latency number for a gaming server. Now, to continue.What I mean is if I try to ping this server, the session will timeout no matter what the millisecond limit is (using CMD)
Ping: Pinging (IP Host Name) [IP] with 32 bytes of data
Request Timed Out
Request Timed Out
Request Timed Out
Request Timed Out
[code].....
Why does this happen? I am pretty sure this is a security tactic used to stop DDoS-ing, but why does it not matter how long I allow the tracert or ping to run? I really want to understand this so I can understand how people don't get traced as well as don't get DDoS-ed. I didn't put any of the IP's just to keep it anonymous. If you really need the host IP, I will supply it, but I will not supply the tracert IP's.
View 3 Replies
View Related
Mar 4, 2011
fail to connect with net through wifi
View 1 Replies
View Related
Nov 27, 2011
I tried to backup ACS 5.1 but i found error messages as below
acs backup25Nov11 repository 25Nov11Repository
% Repository not found
% Error: Invalid repository name 25Nov11Respository
Please use a configured repository.
View 2 Replies
View Related
Feb 19, 2013
I have just started my installation of Prime 1.2. I have the OVA loaded (NCS-APL.1.2.1.12-K9) and I went through all of the setup. I have the webpage loaded but unable to get past the Root login. I then tried to change the password using the "ncs password root password password" command but get the error message "Execution failed: Cannot find user: root". I have seen some people talking about the wrong OVA file but that was for Version 1.1 I think.
View 1 Replies
View Related
May 6, 2013
we installed a new CPI 1.3. Both machines are in the same subnet and close to each other. Everything looks fine and is installed as we see in the config guide.When we halt the VM of the primary Server, the backup takes over but with errors. I'm also not able to login! [code] my colleauges did the same a few days ago also with problems or similar problems and restore the server from backup.
View 2 Replies
View Related
Mar 12, 2012
I am attempting to register QPM 4.1.5 into LMS 3.2.1 Portal, under Home Page Admin - Application Registration but It fails.It seems to be a bug where it puts the details in the wrong place when submitting the info.
This is the output that it tries to submit obviously - Description, host name, port number and protocol are mixed up.You have selected the following application to be imported from the remote server. [code]
I'm not sure where to find the Tomcat logs or how much use they would be.
View 1 Replies
View Related
Feb 28, 2013
My client has two ASA-5500 in failover (8.4.4.1).To create AnyConnectVPN, the package must be uploaded on both machines - uncomfortable, but it can be accepted. The REAL problem is that the profiles (.xml file) are not synchronized.When I make a change of any of the parameters, after failover switching I loos alle the change.
View 1 Replies
View Related
Jan 14, 2013
I just set up a new Linksys/Cisco RV082 router with the intent to get VPN working from outside the building. I have gone through the setup and while everything looks good, I have not been able to connect yet. I have tried everything that I know how, and am now hoping to get the answer from some pros.
Here's my setup. We use Comcast Business class internet. The modem is plugged into WAN port 1 on the RV082. I'm using the router as a DHCP server, that is working fine. My local subnet is 192.168.0.0/220
Right now all I want is to be able to log in as a client using QuickVPN. I set up one user and a client to VPN tunnel using the router's config page. Here's the settings I have:
Tunnel Interface is setup on WAN1, checkbox is enabled.
Local Group Setup
Local Security Gatewaytpe: IP Only
Local Security Group Type: Subnet
[Code]....
It seems like something is blocking the connection, but seeing that I have tried this after disabling the firewall completely it doesn't make sense to me. I also went into the config page for the modem and set up the router as a DMZ. I have also tried connecting with the client built into Windows 7, but that doesn't work either, I just get "connection failed with error 619"
I have the port in QuickVPN set to auto, but have tried both 443 and 60443 with same results.
I ran a port scan at [URL] and it shows I have 3 ports open...80,443, and 1723
View 4 Replies
View Related
Mar 18, 2013
We've recently sold and implemented a wireless solution using a WLC, WCS and 1140 APs.
There is a HQ site where the WLC, WCS, DNS and DHCP reside. Active Directory and a RADIUS server are also located there. There is then a WAN link to remote sites which sometimes fails. At the remote sites you'll just have a router, switches and the APs. The intention is for the APs to work in lightweight mode, falling back to H-REAP when the WAN link fails.That works fine, but what doesn't work fine is the APs rejoining once the WAN link is restored.
They just don't. Even days later, the APs are still all disassociated from the controller despite the WAN link being up. I've 'hardcoded' the controller IP into the AP configuration, while the APs initally get the IP for the WLC from DHCP using Option 43. Despite the APs therefore knowing where WLC is, once they're disassociated from it (WAN link failed) they will not reassociate by themselves. Restarting the APs is the only way to get them to rejoin.
With hundreds of APs and in excess of 30 switches, restarting all the APs each time the WAN link fails is pretty ridiculous.
I've logged a TAC case and gone through the whole rigmarole, this is an offical bug and Cisco have informed us that it's due to be fixed sometime early 2011, but besides that there is nothing they can do. So to be perfectly clear, Cisco have sold and shipped a product that doesn't work as advertised and they best they can offer us is a promise to fix it soon. I'm pretty shocked, I've never had this experience with Cisco in the past.
Ok, so now I've got to come up with a decent workaround until we get a firmware release where this is fixed. I'm looking at using CNA to automate the reloading of all the switches, I guess when an outage is reported I'll just write a procedure for the client to follow to reload all their APs.
A script that can query the associated status of APs and reload them as needed, automatically, would be pretty cool. Perhaps that can be done with SNMP.
View 1 Replies
View Related
Jan 12, 2012
I have problems in the following scenario. I attached an image with a summary diagram of the network in question. The problem is that on the 3rd floor of the site users connect via wireless fail to connect and receive an IP. But they can not navigate. The second and first floor itself. As you see in the diagram are 3 routers, one per floor. The first is the only router that provides DHCP the other two routers are as simple Access Points.
View 13 Replies
View Related
May 18, 2011
my computer cannot access Internet at all. It finds all the wireless routers and can connect to them, but says that the router cannot access Internet. However, it can. All other devices connected to the router have full Internet access. I've tries rebooting computer, rebooting router, reconnecting to router, reinstalling wireless Internet driver, but still nothing
View 4 Replies
View Related
Jan 3, 2013
I have 2 routers on 1 the internet work fine on the other the internet not work and I see this when I start diagnostic "Testing ADSL Synchronization---fail"
View 4 Replies
View Related
Mar 12, 2011
I recently purchased a Zyxel PK5000Z modem from qwest, upgrading from my M1000 actiontec. My reasoning was that port forwarding was not working as part of the router on the actiontec, and the pk saved me some money on my bill. So, what I always start out doing on modem/routers is restrict DHCP to 192.168.0.2 to 192.168.0.10, limiting the number of devices that could connect, and I don't know if that really matters or not for this problem, but figured I would throw everything out there. So....My actual problem is that now when boot up xbox360 I get a xbox360 live "nat strict" error. I have all the ports suggested for xbox, and the particular games forwarded, and DMZ turned on to the static IP I assigned to the xbox. I started out assigning a static IP reservation in the router for the xbox (the one I set on the xbox), but soon found not needing this. I ran the firmware diagnostic tool in the utilities menu and the "encapsulation test" failed, I called qwest, they have no clue, but sounded like a level 1 dude, but he authorized a new actiontec pk5000.
View 3 Replies
View Related
Dec 18, 2011
I have a problem with another computer in the household. To get to this forum, I tried to use my son's computer (he is at college and has not used it in a while) and it shows the wireless is connected, if I click on his weatherbug, it comes up with the current temps, time, etc, but if I try to open any browser (ie, ff, or chrome) it will not connect.
View 10 Replies
View Related
Nov 10, 2011
How do you monitor ASA firewall fail over events?
We had a firewall fail over, didn't know it, the configs were out of sync and the customer went down we want to avoid this is the future.
View 10 Replies
View Related
Mar 22, 2012
I have a Question i am testing mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.
View 8 Replies
View Related
May 23, 2011
I am trying to configure a Cisco ASA 5505 for Remote Clients.I am using ASDM interface and used the startup and ipsec wizards for my configuration but im hitting a stumbling block.For the last 2 days i have tried a number of configuration changes in attempt to make this work but failed, so i have done a factory reset and gone through the wizards again, so i have a clean configuration. Currently i have a Static Public IP Address 81.137.x.x and i am using a Netgear ADSL router, which is forwarding VPN traffic (UDP 500) to 192.168.171.35 (the wan port on the ASA 5505).The Cisco ASA has a default address of 192.168.1.1 I am using Cisco Client 5.0.06.0160.I have configured the client to use Group Authentication with the same credentials as setup through the wizard and im using Transparent Tunneling IPSec over UDP.I have attached 2 documents running_config.txt - which is shows the current ASA configuration Log-View.txt - showing error messages displayed in the real-time log viewer when i try to connect from the remote client.Im not sure whether i need to do any additional configurations for my setup other than simply run the wizards.
View 3 Replies
View Related
Sep 20, 2011
I have an ASA 5520 running, user web trafic, incoming VPN and systems NAT for DMZ services. Nothing new for a standard firewall. I have upgraded the memory in it to 2GB, per Cisco so that I could install and run IOS 8.41. I have uploaded the both the IOS bn image and the ASDM 645 image and set it as the primary boot file. When I reload the ASA, everything boots fine, no errors and all traffic appears to be working fine.But here is my problem:ALL the previously configured VPN sessions will connect to the ASA and show that they are passing traffice (TX and RX increments through the monitor) but if I try to access a device on the other side of the VPN or they try to access services in the corporate network, the connection fails. Ping works, So I know I can reach the devices and the tunnel has been correctly created, but nothing else, . I did not change anything in the configurations for the VPN connectors.But, if I reload the ASA with the 8.21 version image, everything works just as before and all connections are good.
View 3 Replies
View Related
May 27, 2012
I have configured eigrp routing on cisco 1941 ISR with two interfaces advertised. However i can not ping the router interface on g 0/0 but can ping the device and computers attached to that network. When i ping from the same network i'm able to ping the interface but not from anyway else. i can also ping the other devices on other network from g 0/0 attached hosts. How can i enable ping to this interface so that i start monitoring the network?
Below i have attached the network configurations for the router;
!boot-start-markerboot-end-marker!!enable secret 5 xxxxxxxxxxx!no aaa new-model!no ipv6 cefip source-routeip cef!!!!!multilink bundle-name authenticated!crypto pki token default removal timeout 0!!license udi pid
[Code].....
View 3 Replies
View Related
Jun 9, 2013
I have a lab network setup at my house with similar equipment to our office that I use for testing different features and functionality. Since I have had this installed (~ 2 years) I've had an intermittent but recurring problem with connectivity to various wireless devices that I have never been able to fully resolve.I have a 5508 Wireless controller with a handful of 3502i APs spread throughout my house. The controller is connected to a 3560X switch. And I have an ASA 5510 firewall as my Firewall/Internet Gateway. When I work from home I most often work from a desktop computer in my office and have a Windows RDP session to a laptop located in another room in my house on one of my monitors as a working space (I know this is weird but there is a good reason). This laptop is connected via WiFi at all times.Occasionally, I will lose connectivity to this laptop (or not be able to connect back to my desktop from it) and have to start an extended ping from the laptop to the desktop to re-establish connectivity. A while ago I performed some deeper analysis on what was happening and what I found is that when the connectivity breaks the problem is that the desktop is unable to resolve the MAC address of the laptop. It sends out ARP requests but never receives any reply back.
Why would the controller stop replying to ARP requests for the IP address of the laptop?If I log into the controller while this is happening it shows the laptop as a connected client, and has its IP address and MAC address listed fine in the clients section. In order to avoid getting up every time I need to reconnect, I normally hop to a system I control across one of my VPN tunnels via RDP, then connect BACK to the laptop and start the ping to re-establish connectivity back to my main desktop machine. This works because the firewalls ARP cache hasn't cleared yet. And then everything works fine again... unless I manually clear my ARP cache. Sometimes clearing the ARP cache will result in the exact same problem again and I will lose connection. Other times it seems to repopulate almost immediately and the connection doesn't drop.
A wireshark debug from the desktop reveals that ARP requests simply go out with no reply, confirming what is happening.As a note, I have set both the User Idle Timeout and the ARP timeout to 24 hours to try but this has not had any effect.This problem seems to go away and then come back. In fact, I havent been experiencing this issue for probably a couple months recently and then it just started again in the last few days which is why I am back to posting here. No changes to the network were made in the meantime that could account for this change in behavior. I am currently running version 7.2.111.3 but this behavior has persisted through at least four software upgrades so I don't think it's an issue with a specific version but I don't really know.I occasionally epxerience connectivity issues in my house to other devices as well that I use less often like a printer, network camera, apple tv so I now feel like these issues are likely all related.
View 5 Replies
View Related
Sep 18, 2012
We have a second ASA 5510 that is suppose to be a hot standby. I need to find out that, as a hot standby, does it have to have the same licenses as the ASA that it backs up. We purchased 50 SSL VPN licenses for that unit. If it fails over, we need to make sure the failover asa can allow SSL VPN connections.
View 3 Replies
View Related
Jan 27, 2013
I have to configure failover on both router. if one get fail then the other router should be dial.Physical connection
•1. Two routers (Cisco 2801) are connecting with splitter through RJ 11 port.
•2.Only one ISP link is coming in splitter.
Requirement: As per as customer requirement. He wants redundancy with in both 2 routers. If one goes down then the other router come up. And same configuration on 2801_R2 router. I am planing to do HSRP on our lan network (2801R1,2801R2 ehternet interface which connected to switch). from switch i will create two default route with (next hope) virtual ip address.
View 6 Replies
View Related
May 13, 2012
I have configured Site-to-Site IPSec VPN and it works. Our clients have access to inside network and Internet ("hairpinning").How can I configure access to Internet on remote networks clients if VPN tunnel fail?Remote devices is ASA5505 and Cisco 861.When VPN works i have access to Internet over central office gateway.In case when VPN fail i need still have access to Internet over local (remote device) gateway.
View 2 Replies
View Related
