Configuring 6513 Redundancy

Similar Messages

• Why do we configure the Redundant Interface in CSS Public Face

  Hi,
  I have a question : Why do we configure the redundant interface in a CSS facing the public side of a CSS.
  I understand the need for the interface in the server side though. Please refer to the URL below;
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/redundgd/vipredun.htm#wp1063393

  this is not a requirement if your vips belong to the public vlan subnet.
  But if your vip addresses are from a different subnet, then the upstream router needs a route pointing to the CSS redundant interface ip.
  Gilles.

• I need to configure a redundant IPSec Connection Profile

  I'm moving off of a single RADIUS server on a Windows 2003 domain controller, and onto a pair of Network Access Protection / Network Policy domain controllers on Windows 2008 servers.
  I've set up the Windows server side. My questions are regarding the configuration on the Cisco 5520 ASA.
  I am trying to configure the pair of servers in the AAA Server Group so that if one fails, the other will provide authentication for remote VPN users.
  The remote users are all using the latest version of the Cisco VPN client to connect.
  1) Am I correct in understanding that the default behavior of having multiple servers listed in an AAA Server Group will result in the next one in the list used for remote authentication if the first one fails to respond? In other words,do I need to do anything other than having that second server in the list to provide simple redundancy?
  2) Having configured a new AAA Server Group and already having a Group Policy, am I correct in assuming that all I have to do to switch to the new configuration is to go to the current IPsec Connection Profile and use the drop down menu to select the new User Authentication Server Group? The reason I ask is because
  3) In IPsec Connection Profiles, under a specific profile, under Advanced, under Authentication, the heading says "Interface-Specific Authentication Server Groups", and it looks like we can set or override the Server Group. Currently I am thinking I can leave this Advanced setting blank, because we have another correctly working Connection Profile that allows remote iPhones to connect, and it has nothing in this setting.

  Roberto 17 wrote:
  I started this morning at 12 and after 5 hours now the backup is about 6 GB up on 56 GB.
  The new HD is a WD My Passport Edge 500 GB capacity
  5 hours to do 6 GB of transfer is NOT normal, even for USB 2.0 so there's something wrong here. I'd say cancel it, wipe the drive and then test the integrity of the drive. Do some file transfers over to and see if it's behaving normally. It could be a bad USB cable, it could be a bad drive or bad enclosure. As it's new, I suspect you haven't really put it through its paces yet and it's important to do that first before commissioning it to serve as your "reliable backup."

• 6513 redundant power modes

  We have a 6513 with dual 6000w power supplies. We recently had a power issue that caused us to lose power to a few modules. Our power supplies were in redundant mode. We lost one power input to each power supply. Our modules require 3900w to keep everything running. When we lost inputs we had less than 3000w which is normal in redundant mode. My question is this. If we change to combined mode will everything still work with only one input yo each power supply? We need to rearrange the power but need to do it with any outages. When we tested this in combined mode we had all 4 power connects up and hade almost 10000w. We removed one power input and it dropped to about 5700w. Which from our reading is because the power supplies are not equal and it disables the lower one. If we unplug an input from the other power supple the both will only have one input and should be equal. So we should have 3000w from each power supply and a total around 6000w (minus all the overhead). But we will have more than the 3900 w we need to run all the modules and chassis. Does that sound accurate it will we experience a loss of power to a few modules?

  Please provide me any suggestions also let me know how many connection the devi
  ce can support i have two power supplies connected with it .

• Configure 6513 IDSM and Local SPAN failed

  Hi, my catalyst 6513 IOS version is 12.2(18)SXF16 and  12.2(33)SXI5 , today I want to configure my IDSM module,
  I should SPAN my vlan traffic to the IDSM, right?
  commands like :
  monitor session 4 source vlan 21
  monitor session 4 destination intrusion-detection-module 10 data-port 1
  But the switch tell me :
  % Local Session limit has been exceeded
  So, what should I do if I want my IDSM work.
  Thank you !

  Hi,
  You mayuse VACLs to pass the traffic to the IDSM2. VACL capture allows you to specify whatever vlans you would like to   have the IDSM2 monitor. 
  So if you know what vlans  passing on the  etherchannels, then you may include them in the VACL configuration 
  For Example :
  intrusion-detection module 4 data-port 1 capture allowed-vlan   10-20,40,70
  Please find the documentation to configure VACLs on the 6500 switch:
  http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_idsm2.html#wp1030767
  Hope that answers your query.
  Thulasi Shankar

• Configuring 6513 in DC ....

  hi,
  We are planning to have 6513 at our data center along with the FWSM , IDSM and DFC modules .
  i have a question regarding the same :
  I plan to use MSFC in front and then fwsm ..
  1.in this case does all of my dfc will be like L2 switches and even the inter vlan communication will happen through passing fwsm...
  2.If yes, do i need to define the rules on fwsm for every vlans ..
  3.considering the msfc is connected to my WAN routers on one end and fwsm on other end ..do i need to connect it to my fwsm outside interface..
  4.if yes, where will i connect my firewall router as firewall router has to be connected to outside interface of the firewall.
  thanks in advance

  Yes, dfc will be like L2 switches and even the inter vlan communication will happen through passing fwsm. yes, you need to define the rules on fwsm for every vlans

• How to configure Redundant Internet Access on WIndows Server 2008 R2

  I have a Windows Server 2008 R2 machine running in my basement.  I have an application installed on it that calls a web service out on the open internet on a periodic timer.  Everything works great until my ISP goes done. 
  For redundancy I got a second connection into my basement from a different ISP.  I want to now configure my service to use the first ISP until it goes down and then automatically switch to the second ISP. 
  I have installed a second NIC card into the server.  However, I need some help in configuring the redundant set up I am after. 
  For example it isn't clear to me  if these separate NICs should be configured on the same subnet? 
  The other complication is that this server is infact the DC for my domain.  Not sure if that complicates things or not.
  I do RDP into the server remotely currently, so there is another potential complication (would need to enable that through both ISP router/nic.  However, please note that other than the inbound RDP traffic, I am only interested in having the "outbound"
  web service traffic redundant at this time  - that is I am only using the machine as a client in this scenario).
  I have read up on Multi-homing and just feel this is overkill for what I am trying to accomplish.  All I want is for the internet to still be reachable from the machine via automatic switch over if my primary ISP goes down.
  Thanks in advance for any and all help in configuring this correctly.
  Rod

  Hi Rob,
  Thanks for posting here .
  TMG could help to implement internet redundancy feature with using maximum two ISP connections:
  Planning for Internet service provider high availability
  http://technet.microsoft.com/en-us/library/dd897038.aspx
  We can get more detail introductions form TMG/ISA forum If are interesting in this feature.
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
  Deploying other dedicate third party devices that support this feature is also a good choice .
  Regards,
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact 
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• To reduce a miror copy from high redundancy ASM configuration to normal?

  If we have configured "high redundancy ASM disk group", then late on, wanted to change it to "normal redundancy", then it becomes 2-mirror copies.
  Can I achive that, and what steps ?
  Thanks for your inputs in advance.

  backup database (someplace other than ASM)
  shut down database
  drop diskgroup
  recreate diskgroup with normal redundancy
  restore database
  or
  create new diskgroup with normal redundancy
  migrate all datafiles to new diskgroup
  (look at RMAN backup datafilecopy and switch datafile)
  you must shut down the database in order to move the system datafile etc... Which, if the database is small enough, it may be faster to do option 1.

• RETENTION POLICY TO REDUNDANCY value

  Hi,
  in 10g R2 on Win 2003,
  we do an incremental rman backup every night excepte sunday and every sunday a full rman backup. We want to be able to restore from last 3 weeks (I mean from 21 days before, if today is 25 of feb, to be able to restore/recover from 4 of Feb). Then what should be the value of RETENTION POLICY TO REDUNDANCY of RMAN catalog ?
  Many thanks.

  thank you . How about this :
  http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/setup005.htm#sthref261
  3.5.5.1 Configuring a Recovery Window-Based Retention Policy
  The RECOVERY WINDOW parameter of the CONFIGURE command specifies the number of days between the current time and the earliest point of recoverability. RMAN does not consider any full or level 0 incremental backup as obsolete if it falls within the recovery window. Additionally, RMAN retains all archived logs and level 1 incremental backups that are needed to recover to a random point within the window.
  Run the CONFIGURE RETENTION POLICY command at the RMAN prompt. This example ensures that you can recover the database to any point within the last week:
  RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
  RMAN does not automatically delete backups rendered obsolete by the recovery window. Instead, RMAN shows them as OBSOLETE in the REPORT OBSOLETE output and in the OBSOLETE column of V$BACKUP_FILES. RMAN deletes obsolete files if you run the DELETE OBSOLETE command.
  3.5.5.2 Configuring a Redundancy-Based Retention Policy
  The REDUNDANCY parameter of the CONFIGURE RETENTION POLICY command specifies how many backups of each datafile and control file that RMAN should keep. In other words, if the number of backups for a specific datafile or control file exceeds the REDUNDANCY setting, then RMAN considers the extra backups as obsolete. The default retention policy is REDUNDANCY=1.
  As you produce more backups, RMAN keeps track of which ones to retain and which are obsolete. RMAN retains all archived logs and incremental backups that are needed to recover the nonobsolete backups.
  Assume that you make a backup of datafile 7 on Monday, Tuesday, Wednesday, and Thursday. You now have four backups of the datafile. If REDUNDANCY is 2, then the Monday and Tuesday backups are obsolete. If you make another backup on Friday, then the Wednesday backup becomes obsolete.
  Run the CONFIGURE RETENTION POLICY command at the RMAN prompt, as in the following example:
  CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
  3.5.5.3 Showing the Current Retention Policy
  RMAN> SHOW RETENTION POLICY;
  see V$RMAN_CONFIGURATION

• [ISE + CWA] Redundant Guestportal

  Hello Community,
  I try to configure a redundant guest access with 2 ISE und 2 guests anchors. ISE Management and the sponsor portal are connected to eth0 (gig0) with hostname ise1.mydomain.com (ise2.mydomain.com for 2nd ISE). Eth0 is reachable from company network. The web authentication, where guests must enter their login credentials, is only reachable via eth1 (gig1) with hostname ise1-pub.mydomain.com (ise2-pub.mydomain.com for 2nd ISE). 
  The main problem is, that ISE always redirects to ise1.mydomain.com, which is on eth0 and therefore not reachable for wireless guests. I can configure a static hostname for redirection (which is cluster wide), but then I have no redundancy (there is no balancer reachable). So ISE must chose the correct hostname for the redirection URL depending on the ISE who authenticates the guest.
  I tried to define an alias for both ISE on CLI:
  ip host 10.1.1.1 ise1-pub ise1-pub.mydomain.com on primary ISE and
  ip host 10.1.1.2 ise2-pub ise2-pub.mydomain.com on secondary ISE
  and deleted the static ip/host entry in my authorization profile. But ISE always redirects to ise1.mydomain.com (or ise2.mydomain.com). My understanding was, that if I configure an alias, ISE will redirect to the alias IP. 
  Any hints?
  ISE is version 1.2.1 Patch 4
  Guest Anchors are 5760 with 3.6.1

  Instead of having just one authz rule for the cwa redirect as normal, you can create one for each of the servers (still configured on the primary of course).
  What you do is create one rule where your authz profile has the static host redirect set to ise1-pub.mydomain.com and the condition : server : ise1
  Then create a copy of that rule, where you redirect to ise2-pub.mydoamin.com, and use the condition server : ise2
  This will redirect to different names, depending on which of the ise servers the radius request was received by.
  I attached a screenshot of the rules.

• WLC 5508 HA SSO configuration failure

  I've just replaced an older 5508 with two new 5508 controllers that we wanted to run in redundancy mode.  I've followed the directions here: to configure my units.  at this time i have my management, and redundancy management IP addresses configured in the same vlan on both units, also the service port addresses are in the same vlan, and the virtual interface is the same on both units.  I setup the mirrored reference in the redundancy global configuration for redundancy mgmt IP and Peer redundancy mgmt IP on both units.  I have designated the primary and the secondary units.  after doing all of this i connected (with a patch cable) the RP ports on both units.  On either unit i enable the SSO option and get the following message:
  "Please configure Redundancy Management VLAN before enabling redundancy"
  Clicking OK on this disables the option and returns me to the redundancy global configuration page.  I have searched all over and have been unable to find a working resolution for this problem.  I'm not finding much reference to this at all actually.
  Thanks in advance.
  Beer

  I read that but i'm confused as to what it actually means.  I have no redundancy VLAN unless it refers to the network created by the two service port IP addresses.  the devices are setup back to back, and only connect through the RP ports on each device.  here are the steps i took in setting this up.  before taking these steps the primary unit was configured and fully operational and the secondary only had a management ip address on it.  (I expected the secondary to sync it's configuration from the primary so did not set anything up further than needed for connectivity.)
  Log into both controllers using their web interfaces
  Navigate Controller > Interfaces
  Set the Management IP addressBoth units must have the management addresses within the same VLAN
  Set the redundancy-management IP addressBoth units must have the redundancy management address  in the same VLAN as the management interfaces
  Set the Service-port Ip addressBoth units should be setup so their service ports are in the same VLAN
  Set the virtual port IP addressThis should be the same on both units.
  Navigate to Controller > redundancy > Global configuration
  Verify the redundancy mgmt IP is prepopulated with the IP address from the redundancy-Management interface
  Set the Peer redundancy mgmt IPThis is the redundancy management IP Address form the opposing WLC
  On the primary unit set the redundant unit to Primary
  On the secondary unit set the redundant unit to secondary
  Click apply on both units
  Verify physical connection is in place between the RP ports on both WLC units
  Set the SSO option to Enable and click Apply on both units, starting with the primary unitThis will trigger a reboot on each unit after clicking apply.  The redundancy configuration setup will cause both units to reboot 2-3 times as the configuration is synced from the primary unit to the secondary unit
  Did I somehow miss a critical step in this process?

• ISP Redundancy no work

  Hello, I have TMG Array(NLB) with 4 servers, I try configure ISP Redundancy(load balancing): add second network adapter for my vitrual servers, configure using article
  http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html but my balance is not an array or a general or throwing packets at random. Perhaps the problem in the routing table Windows 2008 R2. On all
  servers in the table are two routes
  0.0.0.0 0.0.0.0 IP_ISP1 metric 2
  0.0.0.0 0.0.0.0 IP_ISP2 metric 3
  Help please, why does not work balancing?

  Hi,
  Thank you for the update.
  “Your answer only applies to published applications? I have not balanced outbound.” - ISP Redundancy is used to balance outbound traffic between two links. NLB is used to load balance inbound traffic across the TMG array. And
  for configure ISP-R, you may read the following articles:
  http://blogs.technet.com/b/isablog/archive/2009/02/16/keeping-high-availability-with-forefront-tmg-s-isp-redundancy-feature.aspx
  http://blogs.technet.com/b/isablog/archive/2009/10/14/the-isp-redundancy-feature-of-forefront-tmg.aspx
  Regards,
  Nick Gu - MSFT

• CSM redundant bridged mode - alias IP required?

  Hi! I am a little bit confused about the configuration guides concerning csm + fwsm
  + csm bridged mode. in my opinion when using bridged mode with the csm i do not really need any alias ip configuration - neither in the client vlan nor the server vlan. in bridged mode the csm does not route - thus i won't have any routes pointing to the csm. why are there always alias ip configurations in redundant bridged mode config guides? can somebody please clear that up for me? is there any other function of the alias IPs that I need them for?
  Thanks,
  Daniel

  Daniel,
  In general, if no router is present on a server-side VLAN, then each server's default route points to the aliased IP address. In the case of bridge mode, like you have, there is no need for the alias ip.
  Regards
  Pete..

• Normal redundancy for voting files

  Hey, currently I configured normal redundancy for my ocr and voting disks.
  crsctl query css votedisk is showin orcl:ocr1, orcl:ocr2, orcl:ocr4 as configured disks.
  All disks resides on the same storage but in two different aggegrates - two raid groups.
  Does it makes sense to put one voting file on a seperat nfs share ?
  Just in case, one raid group is malfunctiong. I know, in case the storage is powered off, the cluster will die.

  Hi,
  I never heard about raid group is malfunctiong by itself (except when somebody makes a mess on RAID).
  RAID System (storage) is designed to support failures, you can choose the RAID level as needed. Raid is a feature of STORAGE the manufacturer of the storage must ensure that it will work. If it is proven that the issue of data loss was caused by failure of storage (bug) you can sue the manufacturer.
  I believe that the data (database) are on the same storage. right? If you have only two raid and one fails you will lose a part of your environment (e.g database, etc.). So NFS option is useless if it can't provide high availability.
  If you have more than 2 raid group you can use the other raid group instead of NFS, is more easy NFS fail than RAID fail. (but it's your choice)
  Regards,
  Levi Pereira

• SUPERVISOR WS-X45-SUP7-E REDUNDANCY, STATUS LED ORANGE?!?

  hi all,
  i have a 4510R+E with 2 SUPERVISOR WS-X45-SUP7-E configured in redundancy mode.
  The status leds of 2 supervisor is orange and don't become green!!
  Can you help me?
  Below you can see the redundancy configuration:
  redundancy
   mode sso
   main-cpu
    auto-sync startup-config
  Thanks to all!!!
  Alberto.

  You can see the show module:
  FERCAM_4510#sh module
  Chassis Type : WS-C4510R+E
  Power consumed by backplane : 40 Watts
  Mod Ports Card Type                              Model              Serial No.
  ---+-----+--------------------------------------+------------------+-----------
   2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1908L9HK
   3    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1903L5R5
   4    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1906L6Z7
   5     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1910L326
   6     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1910L2SX
   M MAC addresses                    Hw  Fw           Sw               Status
  --+--------------------------------+---+------------+----------------+---------
   2 84b8.024b.8a10 to 84b8.024b.8a3f 1.1                               Ok      
   3 84b8.024b.8e30 to 84b8.024b.8e5f 1.1                               Ok      
   4 84b8.024b.8a40 to 84b8.024b.8a6f 1.1                               Ok      
   5 74a2.e680.2dc0 to 74a2.e680.2dc3 3.0 15.0(1r)SG5  03.07.00.E       Ok      
   6 74a2.e680.2dc4 to 74a2.e680.2dc7 3.0 15.0(1r)SG5  03.07.00.E       Ok      
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+----------------------------------
   5   Active Supervisor   SSO                 Active                           
   6   Standby Supervisor  SSO                 Standby hot                      
  System Failures:
  Power Supply:   bad/off (see 'show power')