I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 RepliesWe currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
Four 6500 connected to each other to form a full mesh. Switches 4 and 7 is running eigrp. A question came up, why didnt it have eigrp on SW 2 & 3 ? Will it still be redundant if link between SW3 and SW4 is removed? If redundancy is working, SW3 should be able to find its way to SW4 via SW7 or SW2, yes?
The config looks:
SW4 eigrp
router eigrp 100
network 192.168.0.0
redistribute static
auto-summary
[Code]....
Recently, the eigrp was configured to SW 2 and SW 3 as well, it included the “redistribute static” statement. The route for SW2 and SW3 now has the VLANs, 51 or so. Sent ping from a PC to VLAN1 IP of SW3, then link between SW3 and SW4 was disconnected, network connectivity went down for about 20secs, and ping came right back. Thought it was a success. All of a sudden, outside connectivity was lost. Ping within the LAN was successful, but no internet connection.
The eigrp on SW2 and SW3 was removed, and the internet connection came back up. The initial concern was that although there is physical redundancy in place, the other routes may not be known. Hence, eigrp configuration has been attempted for SW2 and SW3. Perhaps the “redistribute static” should have never been configured on SW2 and SW3, SW7 does not have the “redistribute static” statement anyway.
Without eigrp running on SW2 and SW3, does it still have redundancy? For what it’s worth, SW4 and SW7 are both VTP servers. With the current configs, does it still have redundancy? Link redundancy was never tested; it always has been assumed that it works. Later today, with it’s current config, the link redundancy will be tested.
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 Replies View Related1) Does the 6500 series router support supervisor module redundancy like the 7304 does? IE, can I put two identical sup720 modules in the chassis for failover?
2) Can I use any ethernet interface on any line card on the 6500 series for router interfaces? If not, which line cards work as router interfaces?
3) Differences between the 6500 series and the 7600 series? Can I use a sup720 modules from a 6500 in a 7600?
What consequences could i have if i install a WiSM-2 module into a pair of 6500 configured in VSS and another WiSM-2 module into other pair of 6500 configured in VSS for serving a 300 APs??...in this case, do i need to configure mobility groups for guarantee a high availability and also redundancy of controllers?Under the best practices, is much better having the two WiSM-2 modules into a single pair of 6500 configured in VSS??
View 4 Replies View RelatedI have a 6500 chassis with 2 power supplies. At the moment I am using the default configuration:
power-redudancy mode redundant
The problem is that an inserted module is in "power deny" state due too insufficient power.
I know, that It's not a good idea to change into combined mode (loss of redundancy), but my customers requested this anyway.
So I will change to combined mode. So here's the 1 million dollar question: "Which modules will go into power deny, if one of my power supplies fails?"
The 6500 config guide states:
"Power supply is removed withredundancy disabled
• System log and syslog messages are generated.
• System power is decreased to the power capability of one supply.
• If there is not enough power for all previously powered-up modules, some modulesare powered down and marked as power-deny in the show power oper state field."
Well, do you know if there's any way to configure some kind of priority? E.g. I definetly don't want by 10Gig Module or WiSM module to be in power deny. Can i statically make sure, those module will be powered on for sure? Like: "power enable module slot_number" How is this calculated? Or is random?
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedI have a customer who is looking to add some redundancy to their internet connections. Currently we have an ASA 5510 for their firewall. I know that the Sonicwalls are capable of terminating multiple internet connections simultaneously for load balancing, redundancy, and for pushing different types of traffic out different connections. Traditionally the ASAs have not had that capability. But does anyone know if the newer revs (8.3 and I think 8.4 may be out?) will do that or anything similar? Not looking for a full BGP-style solution where the same address space is available via multiple links, but more just a solution where the internet for basic web browsing could fail over and load balance between two internet connections, each assigned to a different outside interface on the ASA.
View 7 Replies View RelatedI'm shortly going to move our stuff to a new data centre, where we have two network feeds - so there'll be two lengths of CAT 5 coming into the rack, for "first hop redundancy".I have something similar at our existing DC, but I'm simplifying the equation somewhat at the new DC, and using a simpler configuration that just uses two switches, rather than two switches and two routers. All of the servers will have public IP addresses.Now - the network guy at the new DC has confirmed that a simpler two switch configuration will work.
View 17 Replies View RelatedWe have cisco 1841 router with two ISP . But we facing the problem whenever our secondary ISP Link goes down the Primary has also went down.We have only one default route for primary Link
View 1 Replies View RelatedI have a 4510R+E switch that won't change to the SSO redundancy mode. After entering the 'mode SSO' command, the switch reboots the peer supervisor (as it says it will), but after it comes back up it remains in RPR mode. I've tried rebooting the peer supervisor manually, rebooting the entire chassis, manually power cycling the entire chassis, and reseating the sups, but the switch remains in RPR mode. The issue started when I swapped the switch's supervisor with the supervisor of another 4500. The same issue was observed on the other 4500 as well, but after several reboots, I got it to change to SSO mode. Prior to the swap, both switches were running in SSO mode just fine.Since we're running IOS version 15.0 with the 'spare sup' license, I suspect the issue arose because of licensing complications (with relation to the chassis serial number and the like) when I swapped the sups....although this doesn't explain why the other switch changed to SSO after some troubleshooting.
View 1 Replies View RelatedI have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
View 1 Replies View RelatedCan the above be used to provide redundancy. However there is only one ISP side connected? Of course we can set up both with exact same rules and use a Manual power on/off if?
View 2 Replies View RelatedFirst and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies View RelatedWe will be getting a circuit from the same ISP at two of our sites and will be doing eBGP. Couple of notes. 1. We are fully aware of the risks associated with depending on a single ISP and have mitigated them as much as possible with the ISP. 2. We will be getting assistance on the eBGP setup from the ISP, so I’m not as concerned with that config at this point.
Site Summary
Site A:Cisco 2900 Series (RtrA) connected to single Ethernet based ISP circuit (ISP-1-A)eBGP will run between RtrA and ISP-1-A, default routes from provider onlyLayer 2 Switch (SwA) connected to LAN of RtrA and uplinks to SwB
Site B:Cisco 2900 Series (RtrB) connected to single Ethernet based ISP circuit (ISP-1-B)eBGP will run between RtrB and ISP-1-B, default routes from provider onlyLayer 2 Switch (SwB) connected to LAN of RtrB and uplinks to SwA
I need advise on the LAN side redundancy. Our goal is redundancy; load balancing is not a concern (If load balancing ever becomes a concern I will look at GLBP). We have several devices on the LAN side of the routers that can only use a single gateway. Given that I’ve surmised I need to use HSRP in some way for LAN gateway redundancy.
1. HSRP with Object Tracking, No IGP.HSRP handles LAN gateway failover if a router dies. Object tracking ensures LAN gateway failover if an interface fails or if an interface is up, but there is an upstream traffic issue. ie. track the physical WAN interface and use an IP SLA icmp to track a specific upstream IP incase of an upstream traffic issue.
2. HSRP with OSPFHSRP handles LAN gateway failover if a router dies. OSPF redistributes eBGP default routes to RtrA and RtrB so that each router should have a route to the ISP even if they loose their local ISP circuit. i.e if ISP-1-A on Router A goes down, Router A knows to send traffic out ISP-1-B via RtrB. In other words, traffic enters RtrA LAN, but exits on RtrB WAN.
3. HSRP with iBGP HSRP handles LAN gateway failover if a router dies. I have no experience with BGP, but assuming this would work similar to the OSPF solution above except for the required iBGP config and possible route reflectors?
I'm new to firewall using ASA 5510. How can I have a redundancy over two ASA 5510. Hardware load balancing and IP Load balancing, just like HSRP or GLBP. Below is my diagram.
[code]....
Two internet links from different SP using different routers an firewalls connected to a 6513. I need to use these two links as primary and secondary (the secondary will be used just if the primary fails) for just two specific machines and 6513 have to be responsible for jusing between primary and secondary link. The rest of the network have to use just the primary link.
View 5 Replies View Relatedwhich option do you think is better? The idea is to use them as the core of the network,to route between several VLANs.
Options:
1 - Two 3560 with HSRP
2 - Two 3750 stacked with cross-stack etherchannel to the access switches
I designing a new network for the company.
-Core layer is Cat6509 with VSS
-FW Lauer: Cisco ASA 5540
-Switches: L2 Cisco 2960
What is the best plan to make this redundant to the Firewalls?
[URL]I ran across this on the cisco site and I wondering if it was possiable with two 2851's? The part that is most interesting to me is this part of the config (this looks like what allows the use of the y-cable)
redundancy
#
mode y-cable
how to have a redundant border router with a T1
actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan. i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually. my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover) between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.
View 11 Replies View RelatedI have supervisor engine ws-x4516 with two line card WS-X4424 - GB - RJ45 - 1No ,WS-X4548 - GB - RJ45 - 1No. Now i want switch and hardware redundancy.
View 3 Replies View RelatedWe currently have a 4404 controller that is approaching 100 AP’s (their max). The boss would like to add redundancy into the project. Which leaves me with a lot of questions and I am fairly new to cisco WLAN controllers.While a second 4404 would cover for redundancy would that be true if the AP’s pass the 100 mark?If I get a bigger controller that can support more than 100 (5508?)can the existing 4404 still work in the plan as a backup?Or do I just need to purchase two bigger units and auction off the 4404?
View 3 Replies View RelatedI will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
View 2 Replies View RelatedWe are going to implement high availabilty in 5508 WLC with version of 7.3.101 . We will be using Prime infrastructure 1.2 for monitoring purpose.With Prime, whether we can monitor and manage redundant WLC also or only active WLC?.
View 3 Replies View RelatedGot a situation where Location_A got TWO ISP and Location_B got One ISP.Using ISP 1 link Location_A establishes IPSEC Tunnel with Location_B .How do I establish redundancy from Location_A point of view, if ISP1 is down then ISP2 should establish IPSEC tunnel with Location_B.At Location_A both ISP links terminates on the cisco PIX-525 and all (VPN) crypto configuration is on PIX 525 running version PIX Version 7.2(4)7At Location_B VPN is terminated on a PIX Version 6.3(3).
View 2 Replies View RelatedI have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
View 1 Replies View RelatedWe currently run 7206 routers with VAM cards and are able to configure the devices to perform stateful failover of tunnels from router to router. When moving to the 7604 with 15.1 IOS there are not any examples of how to set up the stateful failover of the tunnels between devices. We have the devices in the SSO mode are not able to understand how to get the redundancy between the devices functioning.
View 1 Replies View Relatedwhat I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block.I used VRRP for my internal nework and failover have been tested working.Even tried to remove link of 7204-A and 7609, the failover works perfect.But somehow we're facing a problem:
- If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works but internal network's internet connection goes down.
I asked our ISP and the route commands they put in their 7609 are as of follows:
ip route 3.8.8.0 255.255.255.0 3.4.4.4 name TO CUSTOMER LINK 1
ip route 3.8.8.0 255.255.255.0 3.3.3.3 2 name TO CUSTOMER LINK 2
And if they're trying to use Reliable Static Routing Backup Using Object Tracking, the internal network's internet connections is intermittent....alternate 4 ping reply and 4 timeout.
Note: IP used are sample only
have main office of 70 people.Also I have 2 redundant ISP:One give me 20 mbit/s Other only 2 mbit/s and it is my backup ISP.
I have some resources in data center and I need a IPSec VPN to it and some other location. I suppose there will be up to 3-5 IPSec tunnels. I choose Cisco ISR 881-SEC-K9 with one wan port and 4 LAN switch. But know I’m looking for Cisco 891-K9. There is no security bundle for it. But in cisco.com this router is marked Cisco 891-K9 Security router. Does it support security features like VPNs, ZBF, IOS Firewall, NBAR and IP SLA for ISP redundancy? Also if my boss will choose chipper Cisco router 881-SEC-K9. Will I be able to organize 2 ISP redundancy on 4 LAN switch port inside VLAN interfaces because there is only one WAN port?
getting a secondary isp as back-up and redundancy...and work arounds for ddos's....I just thought that i could use a switch/bridgeable router that can act as a switch... and run that off the first in line off the #1 isp router. Instead of connecting the second into the isp port, i should be able to put the #2 isp line into that. and put #1 ethercable into one of the outgoing ports from the second. And keep all the pc's on the #1 as is....But it should still use both providers simultaniously...right? I have 3 or more routers that can do this, and i have used them like this and shared several pc's internet's other then the primary ISP. But it was shared through the pc. and separate NICS or wifi AP's. I currently have one that will autosense a gig, and have bought another router that can operate at a gig that i plan to put into the #1 position as it's the fastest one. And will keep 1 gig without variability. and also give me wifi n 450-700. And they both support bridgeing,repeating and network balanceing /shareing. This should be possible and i won't have to spend $4,000 on a router with 2 ISP ports, and only uses it as fail-over....=c this should use both simulataniously and balance workloads between each.
View 2 Replies View Related