Box-to-box redundancy and ARP question

Similar Messages

• WSA redundancy and WCCP questions

  Hello! My customer bought a pair of S370 WSA prior to deployment planning. I need to deploy both of them into existing network and I'd like to ask few questions with somebody who knows how to do it.
  1. As I know from manuals, WSA doesn't support any clustering but I'd like to use both of my S370 for redundancy. I'm planning to use WCCP only, no explicit proxy mode will be used. What methods can I use to deploy redundant WCCP cache on pair of WSA? If it possible, I'd prefer to use something like Active\Passive but not load balancing scheme. Does it have Centralized management feature like ESA to share configs between devices?
  2. I have fusion router which "mixes" traffic from different vrf. Is it possible to configure router such way that every vrf(which corresponds every interface and different subnets) will be seen with its own ip address in internet or all of them will be using just WSA's address like in explicit proxy mode?
  3. When I tried to test my WSA in explicit proxy mode prior to configuring WCCP, I found out that I can use it as a proxy without any authentication, just setting it's address and port in my browser. How can I disable explicit proxy mode or set any authentication(no LDAP or NTLM) to prevent unauthorized access to using my proxy?
  I'm newbie with IronPorts so I will appreciate any help including links to manuals

  The WCCP protocol allows for automatic detection of all connected devices, both proxies and routers/firewalls/switches. When configuring WCCP with multiple WSAs, they're all in the WCCP cluster, with the router doing the load balancing beween the detected proxies. From what I've seen, you can't configure an active/passive scenario.
  As you mentioned , WSAs don't support clustering seen in ESAs. You could use a M-series box to provide central management and reporting for multiple WSAs in your enviromment.
  Regarding VRFs: WSAs support IP spoofing, which allows you to send out requests with the client's instead of WSA's external address. You could perform PAT of multiple addresses on the edge router/firewall to send the requests out with a different IP address for each VRF for example.
  I don't think you can fully disable the explicit proxy on the WSA. You can set up a firewall rule to prevent direct client access to the proxy ports..
  Sent from Cisco Technical Support iPad App

• Box-to-Box redundancy question ?

  guys,
  i have two CSS 11506 configured as Box-to-Box Master/Backup mode.
  im trying to apply the commit_redundancy "argument" command from the Master CSS
  the configuration has been sent to the Backuo EXCEPT the commands related to ssl certiface that the process fail:
  associate rsakey
  associate cer
  thats because i have generate the cer and rsakey on each CSS with different names.
  is there anything that can help me? or i have to re-generate the cer and rsakey again with the same name ??
  please check the attached file that will clarify my point !!
  please advice,
  Thanks in advance

  Dear Jose,
  i have exported the files from CSS1 and importes them to CSS2,
  but im trying now to apply commit_redundany command and still showing me failed to synch
  here you have the output that i got:
  CSS1# commit_redundConfig "10.0.207.18 -d -s"
  Checking the disk space locally before continuing with the script.
  COMMIT_REDUNDANCY Version: 4.6
  Verifying that ip redundancy is activated on Master switch.
  Verifying that app session is up with backup switch.
  Making sure app session is up.
  Seconds to wait before calling it quits: 120
  Checking the disk space remotely before continuing with the script.
  Config Sync Failed.
  CSS1# commit_redundConfig "10.0.207.18"
  Checking available disk space on systems ...
  Verifying app and redundancy configs ... /|-\-
  Previous synchronization still occurring on remote switch.
  i tired to dissconnet and restart CSS2 (Backup) but still im getting that message "Previous synchronization still occurring on remote switch."
  please advice,
  Thanks,
  hasan odeh

• Adobe Presenter 10 Drag and Drop questions - only grey box when trying to create

  Hi,
  I try to create drag and drop questions in Presenter 10 and after clicking on Add Question -> Drag Drop, the new window opens but where I should be able to define the questions etc, the screen is just grey. Have the same issue on three other systems as well.
  Flash is updated to latest version and so is Presenter 10.
  Weirdly the installed Flash version is 15, but a right-click into the grey box shows me version 11.
  Any ideas?
  Thanks,
  Chris

  Just in case someone else has the same problem, a chat with Adobe brought the solution:
  On the gray screen, Right click and go to Global settings
  Go to advanced tab
  Scroll down and click "Trusted location settings"
  On the "Trusted location settings" window, click "add" on the bottom
  Click "Add Folder" and select "Local disk c"
  Click "Ok" and Confirm on "Trusted location settings" window
  Worked for me (on three different machines) like a charm!

• 4 questions about the the top boxes - SD box and Home media DVR

  Hello. I am going to be getting Fios soon and I have some questions about the boxes. I will be getting the Home Media DVR and 4 SD boxes.
  1) Do these boxes have timers on them to set so the box can turn off at a certain time?
  2) Do these boxes have parental control and if so is it good enough to block things that I do not want my child to see?
  3) How many people can access the home media dvr at the same time to watch already recorded programs
  4) If the Home Media DVR is in the family room can a record be started from the bedroom over the SD set top box (even an hd show)?
  Thanks for any help.

  I have been using two Standard Set Top Boxes for about a year. I have Parental Controls on and all channels locked. When I want to watch a channel, I tune to that channel, note the LOCKED message, which tells me to press the OK button to enter ther Parental Controls PIN and unlock the channel for viewing.
  This has worked flawlessliy for the last year -- ON THE Standard STB's.
  I just ordered the Home Media DVR STB to replace one of my Standardt STB..
  On the Home Media DVR:
  I can set the Parentals Control PIN and lock the channels, in the exact same way I did o nthe Standard STB's. However, when  tuen to ANY channel, I still ge the LOCKED message and instructions to press OK to unlock the channel -- BUT no matter how I press the OK button, the Enter your Parental Conlrols PIN dialog box willl NOT open. Nothing happens -- you CAN NOT view any channel.
  Again, it is the EXACT setup as for the Standard STB, but the OK button will NOT unlock any of the channels.
  If you unlock all channels and LOCK the Ratings, the same problem recurs: OK buitton will never open the "enter your PIN" dialog box.
  I have received two replacement boxes and have spent hours on the phone with some very capable and helpful Techs -- no luck.
  Has anyone else had the same problem? Here's how to test your Home Media DVR:
  1. Menu-Settings-Parental Controls.
  2. You will be prompted to CREATE youre Parental Controls PIN
  3. Enter you PIN twice.
  4. Use the > button to scroll to Enable On/Off and set it on.
  5. scroll down to Control Channels
  6. Press > button to See Locked Channels
  7. Scroll down to Add/Remove Channels
  8. Scroll right to choose LOCK ALL
  9. Press OK and then scroll to YES to lock all channels
  10. Press EXIT to get out of settings.
  11. All channels are now locked.
  12. Go to any channel
  13. A black screen will appear with a lock silhouette with the word LOCKED below, followed by instructions to Press OK to enter PIN and unlock this channel. (plus how to change locks...).
  14.Press the OK button and, if it is working, you will see a dialog box at the bottom of the screen that is titled: UNLOCK, with the channel listed and the instructions to "Enter your PIN using your numeric pad on remote to naje this channel availabe for all users." THere's a PIN box, which shows asterisks for each number entered, with "Press Exit to Cancel" below.
  15. On the Standard STB, it works exactly as described in steps 1 thru 14. On the Media Center DVR, it works up to step `13, but in 14, no matter how you press the OK button, the UNLOCK dialog box never pops us. The Remote STB light flashes on the remove and the REMOTE yellow light flashes on the DVR,  but nothng happens.
  If you have a Home Media DVR, can you please try this and see if it works?
  Thanks,
  John

• CSS box-to-box redundancy heartbeat question

  hi netpros,
  customer is running CSS in box2box redundancy and has messed around with the heartbeat link - so both became active.
  according to documentation there is only on ha link possible!
  is there any other option to get this link redundant?
  or should we redesign and use vip/virtual interface redundancy to avoid split brain conditions?
  any hints appreciated.
  best regards,
  juergen

  Juergen,
  Vip/Interface redundancy is definitely a better solution. Faster failover time. No 1 HA link issues ....
  So, that would be my recommendation.
  Unless the customer is doing FWLB.
  In this case, B2B redundancy is a much easier solution.
  But no solution to have a backup ha link.
  Gilles.

• Box to Box quasi redundancy

  Hi folks,
  I tried to run box-to-box redundacy between two different models of CSS.
  Box1 is a CSS 11501 software 7.20 build 104 and box2 is a CSS 11050 sofware 5.00 build 63.
  Playing the script ends up with:
  File copy Config Sync Failed. Commit unsuccessful!
  localconfig: 2545 bytes
  remoteconfig : 2479 bytes
  WARNING: The local version of code differs from the remote version of code.
  Check for configured new commands on this switch.
  ... but i can't see any "new command".
  I synchronized the two configuration manually and redundancy seems to work properly.
  Any chance to have the script working properly with a software upgrade of the 11050 to the latest (and last) version 6.10?
  Thanks in advance.
  Fausto

  Fausto,
  With 2 different hardware models of the CSS (especially with one 2nd gen and one 1st gen) the configs will not be the exact. They will have different settings for number of interfaces as well as possibly different interface names.
  The script will always copy to the backup, and will always fail the byte check, if you use different hardware versions.
  either way, the redundancy should work fine. It is typically recommended that both CSSs run the same version of code, but that is impossible with the 2 hardware models you have. If there was a problem with the redundancy, this configuration would be very diffucult to support.
  so, to answer your question, the upgrade to 6.10 will not eliminate the error. The only way to eliminate the error is to eliminate the check for filesize at the end of the script, and there is not an option to do that.
  You are welcome to modify the script, but again, that is not supported by TAC. Many still do modify scripts on the CSS though with success.
  -Steve

• CSS Box to Box - Redundancy

  We have two CSS running in box to box redundancy in two-arm (router mode) on code 8.10.40. Master is running with ip redundancy master (causing it to always be master if it is up and running).
  We had a need to reload a previous configuration. To do this I copied the configuration to startup-config under running boot-file. I then ran command copy start run (on the master). After doing so, we lost all VIPs, although servers on second arm of CSS were accesible as well as the interface on the same network as the VIPs.
  There is a 6509 switch between our CSS and the Firewall (firewall's are running in same mode - box to box). Firewall team saw traffic destined for the VIPs leave their interface, but we never saw it hit the CSS. I think that we had an ARP issue, but nobody can attest to this 100%. We had to reboot both CSS's to get VIPs to respond properly.
  What would be the normal expectations in this scenario?
  What is best practice to reload a configuration?

  the copy start run does not erase the running config. So, it tries to add whatever config you had in startup on top of the running config.
  Personally I would have simply done a reload once the config was in startup.
  Gilles.

• Quirkiness with box to box redundancy.

  I have several sets of CSS's running in box to box redundancy running version 5.03 Build 15.
  My question is what causes one CSS to out of the blue go backup and the other become master? I've had this happen on just about all the ones I have configured for box to box. This one pair has been running for a little over a year without a problem and today failed over to the other CSS twice. Nothing shows up in the logs except the "transition to redundancy backup / master." Another pair did this several times about a year ago, after having ran for quite some time. I rebooted both units and they were fine for a period of about 6 months. I find this very strange and am curious if anyone else has had these same problems. I have updated the code on one set, the problem reappered about 7 months later.
  I'm now deploying all new CSS installs using interface/vip redundancy.
  Thanks!

  the version you are using is a potential explanation.
  I would really not recommend it.
  You should either go to 5.0 or 6.10
  Regarding the problem you got, it could also be related to how you connected the CSS together.
  Do you have a straight connection between the 2 ? or do you use a switch ?
  If a switch, something could have happened there.
  Gilles.

• BI switching to new ECC 6.0 box from R/3 4.7, question on delta init?

  Hi all,
  Our BI has been already upgraded to 7.0. Currently connected to R/3 4.7.
  Now a new box is made with ECC 6.0 and Oracle 8 which is a mirror copy of the r/3 4.7.Once the new box is ready the BI 7.0 connection will be switched from R/3 4.7 to the new box ECC 6.0.
  My question is ...
  In the R/3 4.7 the datasources were already initialized for delta..so the pointer for delta was already setup.
  Now when we connect the new ECC box do I have to initialize delta again ? or would the new system recognize the pointer since it is a mirror copy from the old system?
  pls advice

  Hi,
  you would have added the new ECC source  system to the BI.
  I that case I think you need to initialize the Data again.
  As all other requirements for delta like the pointer in delta queue might  not be set for the  new datasources.
  I havent tried such thing till. but as per the concepts I understand You need to initialize the data
  Regards
  Praeon

• Failover not working correctly on "redundancy-phy" (box to box style)

  Hi,
  I've got 2 CSS 11506 boxes configured using box to box failover.   Failing the master CSS box itself (powering down) causes the backup CSS to become master and all is well.
  However when the switch, which the CSS is connected to, fails the CSS didn't fail over so I added the redundancy-phy to both the interfaces connected to the switch and failed the switch again.  At this point a "show redundancy" shows the master becoming backup but between 3 and 5 seconds later it re-assumes master status and keeps flipping every  60 - 90 seconds
  I also tried a service with a type of redundancy-up and again the same symptoms - fails over but assumes master again within 3--5 seconds.
  Any help gratefully received!
  Cheers

  box-to-box is the least interesting redundancy mechanism.
  I definitely prefer vip/interface redundancy.
  More complex to configure but better control.
  Regarding your problem, is the switch connected to both CSS ?  Do you have a direct link between the CSS for the redundancy protocol ? What version do you run ?
  Gilles

• Combo boxes appear in reverse and info cannot be read when selected

  Half of my combo boxes appear normal and half appear with the drop down arrow on the right side of the box. the choices, when selected, appear above the arrow and are barely legible. some of the boxes appear perfectly normal and some are like this with no apparent reason as to why. I have not changed combo box settings through the duration of my project to make this happen, so it appears random. . . I have already done hundreds of pages and need to go back and check all of these again but need to do it right this time!
  any help would be great,
  thanks all

  My mistake, the combo boxes in question are appearing inverted where the arrow appears on the left side facing upwards. and the answers, when chosen, appear above that arrow and are cut off by the top edge of the combo box.
  i also just found out that it does not happen in some pdf viewers. when viewed in adobe reader or google chrome it's fine, but when viewed in Mac Preview the inverted arrow happens.
  could there be a bug in preview?
  thanks for the responses guys!

• BOXI 3.0 server and 3.1 client tool

  Hi,
  I have a couple of question....
  - Is it advisable to have client and server on the same machine?
  - I need the .net sdk that I think is not included in BOXI 3.0 so is it ok if on the same machine I have BOXI 3.0(server) and BOXI 3.1 (client)?
  - If I end up installing BOXI 3.1 do I need to install all the fix pack or the latest fix pack install will have all the earlier fix pack fix also?
  Thanks
  Kajal

  XI 3.0 is very buggy. You should upgrade to XI 3.1. And yes, you should install the latest service pack which is SP3. It covers all the previous FixPacks.

• I wrote 6 pages in a document. I wanted to put page 4 before page 3 and could not move them.  They had a box around 5 pages and I don't know how I did that, nor do I know how to undo that.

  I wrote 6 pages in a document. I wanted to put page 4 before page 3 and could not move them.  They had a box around 5 pages and I don't know how I did that, nor do I know how to undo that.

  terrymanga wrote:
  Guess that's not the solution.
  And you guessed wrongly.
  On my side, I guess that before opening the menu,  you clicked somewhere out of the pages (in the thumbnails areas for instance).
  Re try after cliking at the bottom of a page.
  The feature is really described in Pages User Guide.
  Yvan KOENIG (VALLAURIS, France) mardi 27 septembre 2011 22:51:27
  iMac 21”5, i7, 2.8 GHz, 4 Gbytes, 1 Tbytes, mac OS X 10.6.8 and 10.7.0
  My iDisk is : <http://public.me.com/koenigyvan>
  Please : Search for questions similar to your own before submitting them to the community

• Software upgrade on box-to-box redundant CSS's

  I am planning a software upgrade from version 5.00 Build 63 to version 6.1 on a pair of CSS 11150 devices running box-to-box redundancy.
  Should both devices be upgraded at the same time, or can I split them and upgrade on consecutive weekends ?

  if it was 2 different 5.0 release, I would say ok.
  But a 5.0 and a 6.1 release, it could be ok but that's not 100% sure.
  Sorry, that's all I can say.
  Maybe you could put both images on the CSS, boot the CSS out of 6.1 and configure them to reboot with 5.0 in case something wrong happens.
  Gilles.