Cisco high availability -- sso

Similar Messages

• Cisco WLC in High Availability over WAN

  Hi my name is Ivan i have a trouble perhaps could you help me...
  I have two cisco wlc 5508. I wan to install them in two differents site. One WLC in the site A and the another WLC in the site B.
  Site B is the WAN of the site A. The site A is the headquarter.
  But i need to configure them in High Availability. For example if the Cisco WLC in site A goes down, the ap's have to registered in the WLC of the site B.
  Then the traffic LWAPP have to pass over the WAN between site A to site B.
  I have to configure two cisco wlc in HA over a WAN . Please could help me to do this?. Is ok configure the roamming L3 intercontroller?
  Thanks for your answers
  Regards
  Ivan,
  AP'S - WLC - SITE A ----WAN-----WLC - SITE B - AP'S
  WLC SITE A   DOWN = AP'S SITE A REGISTERED IN WLC SITE B

  Hi Surendra thanks for yoru answer.
  Surendra, if the ap in the site B (in the WAN) goes down then the traffic lwapp have to pass over the wan,
  what will should i do to ensure access point can register on to the cisco wlc in the WAN, moreover to configure the mobility groups in both wireless lan controllers?
  or i only have to configure in the wlc the mobility groups? Could you explain me what things have i to do to ensure this
  SITE A - (ACCESS POINT M)  - LWAPP -----PASS OVER WAN---- SITE B - CISCO WLC - (ACCESS POINT M)
  STATUS: REGISTERED IN SITE B
  Thanks for your answer
  IVAN
  Regards

• – Enable high availability and redundancy for Cisco WAAS

  How this is available
  – Enable high availability and redundancy for Cisco WAAS appliances in data centers.
  Thank you.

  Hi,
  You can serially cluster two WAE devices with the Cisco WAE Inline  Network Adapter installed to provide higher availability in the data  center if a device fails. If the current optimizing device fails, the  inline group shuts down, or the device becomes the overloaded, the  second WAE device in the cluster provides the optimization services.  Deploying WAE devices in a serial inline cluster for scaling or load  balancing is not supported.
  More deatils here: Clustering Inline WAEs
  Hope this helps.
  Regards.
  PS: Please mark this as Answered, if this answers your question.

• Cisco ISE in High Availability mode

  Hello
  Need some help, I have hardware cisco ISE 3315, want to go for high availability now, my question is that;
  1. Is Cisco ISE available on Hyper V ?
  2. Is it possible to configure 1 hardware , and other virtual (VMware / HyperV {If available}) in high availability mode ?
  Thank you very much.

  While ISE may run in Hyper-V, it will definitely not be supported so I recommend staying away from doing that. The only supported virtual environment is VMware. If you only have Hyper-V then you will have to get another appliance. Do keep in mind that the 3315s are EOL/EOS. The replacement models for those are the 3415.
  As it was already stated above Charles and Karsten, you can mix virtual and physical appliances. So if you do en up going with a supported virtual solution make sure that the resources for the ISE nodes are dedicated/reserved and that thin provisioning is also NOT supported. 
  Hope this helps!
  Thank you for rating helpful posts! 

• Cisco Unified Presence 8.5 High Availability problem

  As we have two Cisco presence version 8.5 node as subcluster and configure as High Availability in a Subcluster . Once i click enable HA on the
  presence server . its give the below messages as meniton
  Primary server : 
  node state  : Running in backup mode
  node reason : peer down during initialization
  Seconary server :
  node state : unknown        
  node  reason : High Availability not enabled.
  Even All the service are up and running.
  So please advice hightly appreciate for you response.

  Hi,
  Are both the CUP servers in different subnets/networks? If yes, then there is a setting under cluster topology page that has to be modified. It must be in Settings under cluster topology page. The default parameter will be 'MDNS'. This has to be changed to 'Router to Router' if the servers are in different subnets.
  -Sankar
  Sent from Cisco Technical Support iPad App

• Cisco Prime Infrastructure 2.1 High availability Question

  Hello All,
  I am configuring high availability for two prime infrastructure 2.1 servers. I have configured manual HA between the servers. I need to know what will be the configuration in the devices ( switches,routers etc.) for proper working of the HA. For example
  Should we need to configure both the prime infra servers as snmp hosts in the devices??. If we have to when an event happens the switch well unnecessarily send the traps to the secondary even when the primary is alive??. 
  If anyone has a copy of the configuration of such a set up please share it with me. 
  Thanks and Regards
  Shabeeb

  Hi Shabeeb,
  You are correct on that part that unnecessarily devices will  try to send traps to the secondary server if you specify that in the device's config. I don't think it should be a concern , this is expected.
  otherwise you need to configure them later once the PI server fail over to secondary .
  If you have any other doubt ,kindly ask.
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• Cisco Prime LMS High Availability

  Hi,
  I am trying to setup prime LMS 4.2 with a pair of soft appliance. As I understand that HA is possible with the use of veritas/vmware for windows/solaris; I was wondering what are the possible high availability options available with a pair of prime LMS appliances? Can it form active/secondary with data synchronization/data redundancy of the LMS on top of the traditional backup/restore of the lms?
  Any input is appreciated.
  Thanks

  As iceman said, in VMWare it is not needed to have a pair of host machines to configure HA. Pairs are managed using third party HA services like veritas.
  In VMWare's HA concept all Host machines are pooled into one cluster and in case of host failure the entire cluster is moved to another host. vMotion can also help to move the entire vm to another host.
  This is when the host fails where vm resides. In case of failure of vm itself, the HA can be set for various actions lilke Automatic restart when hardware or OS failure is detected. OR it can restart another backup host in other cluster when failure is detected.
  You need to check availble HA option on VMWare and you can consider HA options via third party applications like veritas as well.
  -Thanks
  Vinod
  **Support Contributors. Rate them. **

• High availability error on presence

  Good Day,
  I have problem with HA on cisco presence cluster , the error is showing that Node status for the high avaliability is (Running in Backup Mode) and Node Reason (Peer Down During Initialization).
  I have restart Sip proxy service  as request from document but it's the same Any Help ASAP please
  please see the attached
  Regards
  Ayman

  Hello
  It seems that the checkbox "Enable High Availability" just above your screenshot is not checked.
  See status message and solutions with this link.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english/install_upgrade/deployment/guide/dgcupc.html
  You can try
  - Utils system restart of CUPS Publisher
  - Wait 10 minutes
  - Utils system restart of CUPS Subscriber
  Then when both servers are up
  - Uncheck HA and Save
  - Check HA and Save
  - Click on Rebalance users if load sharing is needed
  JC

• ASA 5520: Configuring Active/Standby High Availability

  Hi,
  I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.
  I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).
  I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
  I tried this using a crossover cable to connect the interfaces directly with the same result.
  Any ideas?
  Thanks.
  Dan

  The command Varun is right.
  Since you want to know a little bit more about this stuff, here goes a bit. Every interface will have a secondary IP and a Primary IP where the Active/Standby pair will exchange hello packes. If the hellos are not heard from mate, the the unit is delcare failed.
  In case the primary is the one that gets an interface down, it will failover to the other unit, if it is the standby that has the problem, the active unit will declare the other Unit "standby failed). You will know that everything is alright when you do a show failover and the standby pair shows "Standby Ready".
  For configuring it, just put a secondary IP on every interface to be monitored (If by any chance you dont have an available secondary IP for one of the interfaces you can avoid monitoring the given interface using the command no "monitor-interface nameif" where the nameif is the name of the interface without the secondary IP.
  Then put the commands for failover and stateful link, the stateful link will copy the connections table (among other things) to avoid downtime while passing from One unit to another, This link should have at least the same speed as the regular data interfaces.
  You can configure the failover link and the stateful link in just one interface, by just using the same name for the link, remember that this link will have a totally sepparate subnet from the ones already used in firewall.
  This is the configuration
  failover lan unit primary
  failover lan interface failover gig0/3
  failover link failover gig0/3
  failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
  failover lan unit secondary
  failover lan interface failover gig0/3
  failover link failover gig0/3
  failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
  Make sure that you can ping each other secondary/primary IP and then put the command
  failover first on the primary and then on the secondary.
  That would fine.
  Let me know if you have further doubts.
  Link for reference
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
  Mike

• Wism2 in High Availability - FUS Upgrade

  Hello all,
  what is the procedure to be followed when upgrading the FUS on a WISM-2 in HA cluster?
  Is it the same procedure that applies when upgrading the wism's code in HA?
  Thank you
  Edited:
  The procedure is exactly the same as upgrading. First upgrade the image and then FUS.make sure that you are connected using console connection and definitely perform this within a maintenance window of at least 1 hour. 

  Hi,
  Thanks for sharing this info.
  Snipped from this guide also explains how its done:
  https://supportforums.cisco.com/discussion/12190806/wism2-high-availability-fus-upgrade
  The FUS image can be upgraded while the controllers have HA enabled. The secondary controller will 
  get upgraded just like it does when upgrading the regular code. However, when you initiate the reboot 
  on the primary controller both controllers will be unreachable until the FUS upgrade completes on both 
  the active and the standby in the HA pair. This process will take around 30 to 40 minutes to complete 
  just like in a non-HA FUS upgrade.

• NAC Manager High Availability Peer CAM DEAD

  Hi,
  I have two NAC Managers with High Availability and  i have used both sides eth1 interface as a Heartbit link.  
  I have done following Steps for High Availability.
  1) Synchronize the times between two CAMs.
  2) Generate a Temporary SSL certificate in both CAMs and done export-import procedure in each other.
  3) Make One CAM as a  Primary and another as Seconday.
  But after all this configuration done i can see the status in Monitoring> Reports as--------Primary CAM is up in both the servers and Redundant CAM is down.
  Also in Failover Tab i can see ------Local CAM - OK [Active] and   Peer CAM :- DEAD.
  I have also attached some screenshots so you can find out the same.
  Your help will highly appreciated.
  Thanks 

  Try the following steps and verify that all the steps were followed :
  http://www.cisco.com/c/en/us/support/docs/security/nac-appliance-clean-access/99945-NAC-CAM-HA.html

• High availibility on 2500

  Hello guys,
  I have an environment with 1 AIR-CT2504-K9 implemented.
  I'm trying to configure N+1 High Availability with AIR-CT2504-HA-K9 following this article:
  http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
  I configured the primary controller as the following:
  In the secondary controller (AIR-CT2504-HA-K9), i'm trying to configure the Redundancy > Global Configuration parameters, but the option "Redundancy" is not available on this controller. There is anything to be activated about the license to Redundancy option become available?
  The information that I have is saying that this WLC doesn't need license.
  Thank you in advance.
  Thiago Santos
  CCNA R&S
  CCNA Security

  Hi,
  Yes it will work.But I will suggest you to configure separate manually.
  Treat them as 2 separate wlc.
  These WLCs are independent of each other and do not share configuration or IP addresses on any of their interfaces. Each WLC needs to be managed and configure separately.
   Simply configure your standby controller to match the wireless configuration on your primary, then add the standby information to the AP (Under High Availability). When the primary controller becomes unreachable, the AP moves to the standby.
  Once first wlc go down and AP will join to 2nd wlc then automatic evalu license will start.
  Hope it helps.
  Regards
  Dont forget to rate helpful posts

• UCCX 7.0 High Availability IP Addressing

  Hi,
  I am installing UCCX in HA mode. The servers are on the same site and have a RTT of less than 2 ms.
  I am wondering whether to put them in the same VLAN or in separate VLANs. The design guide does not seem to state a preference.
  Please let me know what approach works for you

  Hello James,
  As you mention HA over IP WAN its just support under UCCX 8.0, for now UCCX 7.0 does not support these. That infomation can be check in the SRND.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_7_0/design/guide/uccx70srnd.pdf
  Page 66 says:
  "Cisco Unified CCX high availability requires that the Cisco Unified CCX Engine and Database components and the CTI Managers with which the Cisco Unified CCX servers communicate be located in the same campus LAN and that the maximum round-trip delay between these servers be less than 2 ms"
  HTH
  Please rate this post if was helpful
  Walter Solano
  CCVP, Cisco UCCX Specialist
  Cisco IP Communications Express Specialist

• ISE High availability

                     HOw to configure ISE 1.2 in a High Availability environment.

  Have you gone through this docuument?
  Setting Up Cisco ISE in a Distributed Environment
  http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_dis_deploy.html
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• ISE in High Availability (HA) mode.. Factors to look upon

  We are setting up lab where we have installed 2 ISE on VM.  We  are deploying them in HA mode. While deploying them we are facing error  after registering ISE-2 with Primary ISE-1. Even after periodic refresh  of 'Sync' tab we are getting 'out of sync' Error. 
  We have checked certificate which is bound correctly as we could register ISE-2 under primary ISE-1
  TIme: Time on all the devices are synched up properly and are in UTC timezone.
  What are the factors that play role for HA in ISE. Which things has to look upon while resolving the error.
  ---Securview Support

  Hello,
  I went through your query and found some pre-requisite which would help in solving your query:-
  Ensure that you have a second ISE node configured with the Administration persona before you can promote it to become your primary Administration ISE node.
  •Before you configure the Administration ISE nodes for high availability, we recommend that you obtain a backup of the Cisco ISE configuration from the standalone node that you are going to register as a secondary Administration ISE node.
  •Every ISE administrator account is assigned one or more administrative roles. To perform the operations described in the following procedure, you must have one of the following roles assigned: Super Admin or System Admin. See Cisco ISE Admin Group Roles and Responsibilities for more information on the various administrative roles and the privileges associated with each of them.