CSS redundant-interface ping response

Similar Messages

• CSS redundant interface and DNS server

  We're attempting to implement a pair of CSS's using redundant ASR and GSLB where the CSS's act as DNS servers.
  But I'm not sure if the 2 features are compatible. The CSS's answer DNS queries to their direct interface but not the redundant interface.
  Does anyone have any suggestions or work-arounds? We're running version 8.20.
  TIA,
  Dan

  Dan doing some research I can see that the option to configure redundant-interface to resolve dns queries is not included on CSS 11500 series, this from the documentation.
  On the document for CSS 11000 series that I provided before shows:
  Configuration Requirements and Restrictions
  The following requirements and restrictions apply to the configuration of this feature.
  •You can configure this feature only on Cisco 11000 series CSSs (not 11500)
  If I look at the redundant-interface configuration on old CSS 11000 series I see the option for dns:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/VIPRedun.html#wp1067528
  Look at this line:
  dns-server - Keyword that enables the CSS to respond to DNS queries destined for the redundant interface IP address. For more information, see the "Configuring a Redundant Virtual Interface to Respond to DNS Requests" section.
  On new CSS 11500 series this option is not available:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html#wp1067528
  I am trying to find if there is any workaround but so far semms that is expected to miss this feature on CSS11500.

• Why do we configure the Redundant Interface in CSS Public Face

  Hi,
  I have a question : Why do we configure the redundant interface in a CSS facing the public side of a CSS.
  I understand the need for the interface in the server side though. Please refer to the URL below;
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/redundgd/vipredun.htm#wp1063393

  this is not a requirement if your vips belong to the public vlan subnet.
  But if your vip addresses are from a different subnet, then the upstream router needs a route pointing to the CSS redundant interface ip.
  Gilles.

• Ability to ping redundant interface IP address

  Hi,
  I have this setup for our content switches.
  Primary F/W --> Primary CSS --> Local Switches
  | |
  | |
  Secondary F/W --> Secondary CSS --> Local Switches
  This is the relevant configuration.
  Primary CSS
  circuit VLAN4
  ip address 192.168.76.4 255.255.255.0
  ip virtual-router 4 priority 101 preempt
  ip redundant-interface 4 192.168.76.254
  Secondary CSS
  circuit VLAN4
  ip address 192.168.76.5 255.255.255.0
  ip virtual-router 4 priority 90
  ip redundant-interface 4 192.168.76.254
  The problem is that the Secondary F/W can not ping the redundant interface IP address via the secondary path when all devices are in normal mode.
  Is this normal?
  The ping is occuring for firewall failover checking.
  Thanks,
  Ben

  it should work.
  Your diagram does not display very well, so I don't know where are the | links.
  What should be the path of traffic from secondary firewall redundant-interface ?
  Is the traffic going to 1 CSS and being bridge to the 2nd CSS ?
  If that's the case, you need the command 'ip uncond-bridging' on both CSS to force CSS to bridge first and then route.
  Regards,
  Gilles.

• HH3::Enable ping response on WAN interface- there ...

  HH3::Enable ping response on WAN interface- there must be an easier way!!
  only way I've managed to get this working is to connect an old Buffalo Airstation via Ethernet, enable Ping response on its WAN interface and then assign the Buffalos WAN IP to the DMZ in the HH3
  DISCLAIMER: although I work in the industry I do not work for BT and any opinions given are purely my own.

  Apple's website is acting up.
  Open AirPort Utility on your Mac
  Click on the Time Capsule icon, then click Edit
  Click the Base Station tab at the top of the window
  Enter a check mark in the box next to Allow Setup over WAN
  Click Update
  If you do not see this option, the Time Capsule is not acting as the router for the network....another device is performing routing duties.

• Redundancy Interface for Content Server Release 6.x

  Third-generation Content Server is UCS C220 (Not Vmware).
  I see from TCS Release 6.x Quick Start which cannot use LAN2.
  I'm not sure. How to connect LAN for redundancy interface or not because it have many NIC card.
  Dual 1-Gb Ethernet ports:
  LAN1 (Arrow 7, left pointer)— Use this port to connect the Content Server to the network (also see Figure 3)
  LAN2 (Arrow 7, right pointer)— Not used

  Hi,
  The TCS server supports only single NIC in a deployment. That particular NIC value is used to generate the checksum, which needs to be passed along with the Release keys to bring up the content engine. That is the reason if you connect any other NIC to the network, the content engine will not start.
  Also, when the release keys are generated on the license server, it uses the NIC with the lowest value (always the first NIC on the server).
  I know its a complete waste to have so many NICs and use only one. But what can I say, thats the way Cisco designed the server..!!!
  Regards,
  -Deepti

• Ping response

  Please be gentle with me thiss is my first post and I'm not really sure if I'm in the right place - if I'm not let me know and I'll repost!!
  I have an iMac with a time capsule that I am using for back-up extra storage and wireless internet, I think I have the wireless bit sorted with the security protocols etc but..... when I use GRC (www.grc.com) to check my security it reports that everything is ok but.......I am responding to pings!! only when connected wirelessly!! that indicates it is the time capsule configuration that is causing my problem!! can anyone tell me how to stop my time capsule responding to pings??
  Thank you

  Hi Andrew, thanks for the reply, I thought a ping response located your computer on the internet!! therefore allowing others to gain access to it!! (not a network specialist so this is all new to me!!) I have been into the firewall settings, guess I'll go back and have another look at them!! this perceived problem only occurs when I am connected through the airport, using the cable directly it doesn't happen!! I have had a look at my modem settings but there are no user definable parameters so I cant stop the modem responding this leads me to think its the airport causing my 'problem'
  Mick

• CSS redundancy question

  Hello,
  I have a query regarding box-to-box redundancy - What will be the status of circuits in redundant CSS? Currently I have couple of CSS configured for box-to-box redundancy. The primary works just fine, while all the circuits on secondary are showing disabled while the physical ports are up. Is this normal behaviour to have or do we have any problem here?
  Thanks,
  Ranganath

  Found a note in CSS redundant configuration guide under 'Configuring Redundant circuits' -
  The redundancy command causes the specified VLAN to become silent when in backup mode.
  Does that mean the circuit enabled for redundancy will be "down-ipDisabled" when acting as redundant?
  Thanks.

• Reg. Redundant interfaces in ASA 8.0

  Hi
  In ASA 8.0,I have following queries related to redundant interfaces
  a)While configuring redundant interface can the redundant interface again be divided into logical interface like red1.1 , red1.2 ?
  b)Is Redundant interface supported in the Multiple context mode
  Regards
  Ankur

  Yes Ankur,it is possible.
  ##snippet##
  interface Ethernet0/0
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/1
  speed 100
  nameif inside
  security-level 100
  ip address 192.168.16.19 255.255.255.128
  ospf network point-to-point non-broadcast
  ospf message-digest-key 123 md5
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  nameif null0
  security-level 50
  ip address 10.2.1.1 255.255.255.0
  interface Management0/0
  no nameif
  security-level 0
  no ip address
  interface Redundant1
  member-interface Ethernet0/0
  member-interface Ethernet0/2
  no nameif
  no security-level
  no ip address
  interface Redundant1.1
  vlan 32
  no nameif
  no security-level
  ip address 1.1.1.8 255.0.0.0
  Regards,
  Sushil

• Redundant Interfaces with Management0/0 on ASA5510

  Readers,
  Is it possible to configure redundant interfaces on the Management port?
  Thanks,
  Timothy

  Timothy
  normal ASA boxes just have a single management interface.. I really dont feel the need for redundancy here.. If you need one, you can get a failver ASA box, and build up redundancy..
  in any case, you have other interaces like inside, through which you can enable management, like telnet, http etc, if required.. or any other DMZ interface (say network management DMZ)... its all flexible.. with all these, i really dont see any need for a redundant management port...
  Hope this helps.. all the best..
  Raj

• ASA Redundant interfaces with stack switches

  Hi All,
  we have two ASA 5510 connected in failover, and a pair of cisco 2960s switch connected in stack.
  Currently one interface of primary ASA is terminated on switch1 and a interface from standby is connected to switch2 as Inside, and switch1 and switch2 are in stack.
  for redundancy purpose i want to use multiple interfaces of ASA for inside , so first i thought to use etherchannel , but it has a limitation that , it cannot be terminated on stack switch(as per cisco document http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/interface_start.html ).
  So my question is :
  1. can we use redundant interface feature where  2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.
  2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).
  I have attached the nw diagram,
  Regards,
  Ashraf

  Hello Ashraf,
  1. can we use redundant interface feature where  2 physical interfaces combined to a redundant interface (eg interface redundant 1) for inside redundancy purpose.
  Sure, you can. That's the whole purpose of the feature.
  2. Can these ports from primary/standby ASA terminated on stack switches (2960s), will this work (if the switch with active port goes down, will the other port take over in the redundant interface with the other switch).
  It would make sense if that happens, as the status of the interface will be on a different state than up/up so failover to the other interface will be triggered,
  Regards,
  Julio

• ASA Redundant Interfaces

  Hi everybody,
  and thanks for a great forum!
  I have one asa and two switches, i would like the asa set up with a redundant interface consisting of one physical interface in each switch (vlan trunked across the two switches). Now... Is it possible to set a preferred active physical interface in this redundant interface bundle? Is there a way to make sure the same interface is always active (both interfaces a working as intented), even after a reboot?
  More specifically, i need this so i can decide where to establish my stp root, and always have the most optimal path (again ofcourse unless one interface fails).
  Cheers

  Hi,
  I see that you want to configure redundant interface on ASA and also need to ensure that same interface always remain active. Now, the interface which you will defined first using 'member-interface' command while configuring redundant interface will be the active one by default. If you already have it configured and you want to change the active interface, you can use following command:
  To change the active interface, enter the following command:
  hostname# redundant-interface redundantnumber active-member physical_interface
  Now, if active interface goes down, second one will take over as expected.
  Check this link for more info:
  http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838
  Hope this answers your question.
  Sourav

• Cisco ASA Redundant interface

  Hello,
  We are looking at upgrading an aging firewall with a Cisco ASA.  I have used the ASA before. 
  We would like to use the ASA in a colocation facility that will have a few site to site vpns.  The ASA MUST be able to have redundant interfaces to our switches.  Reading through ASA documentation this is possible.  (http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html#wp1045838) Can the ASA have redundant links to the same vlans?  Will any of our configuration for VPN's, etc have to be setup twice?
  Thanks

  There are four types of redundancy that one can use on ASAs. The first one you cited, redundant interfaces on a single physical device is the least common in my experience.
  The second is failover - when the ASA is mated is a failover ASA in a high availability configuration. This is the most common usage for customers requiring high availability (HA). That is the most common implementation and has been around since ASA 7.0 software (i.e. a good many years).
  The third is to bond your interfaces from a given ASA (or sets of interfaces if you have an HA pair) into an Etherchannel. This has the added advantage of giving you potentially higher trhoughput. Etherchannel support was introduced in ASA software version 8.4(1).
  The fourth and newest method is clustering. It was introduced just last fall in ASA 9.0 and is not very widely adopted just yet. It is primarily for high throughput requirements exceeding a single device's capacity but also gives the added benefit of redundancy.
  None of them require you setup things twice configuration-wise. Some file operations (software upgrade, certificate management, VPN profiles (XML files)) need to be copied onto both members in a failover pair or all members in a cluster scenario.
  Edit - there is a fifth type specific to VPNs whereby one can configure a secondary VPN gateway for clients, usually at a alternate site. That approach does require settting up everything separately on the ASAs.

• Remote connection established - delayed ping responses - why??

  When we have established a remote session with Cisco RAS it takes a long time - 30 secs to a minute - until we start to receive ping responses from a server on the network. Any ideas?

  There is nothing wrong with the configuration because connection is established. With Ping command the normal response occurs in 1 to 10 seconds, depending on network traffic. But in you case it is taking more than 30m sec. this may occur due to big length cable use or traffic. To determine if ping is getting delay looked at the CPU.

• Meaning of Ping Response?

  Dear All,
     I am getting different kind of ping responses..May i know the meaning of the same.
  1. QQQ
  2.MMM
  3.........
  4.????
  5.&&&&
  6.UUUU
  7.restrict in hardware
  Otherthan that is there any ping response.
  Advance in thanks
  Tks&Rgds
  Senthil

  Hi,
  Below are the symbols you can interpret for ping output
  Each exclamation point indicates receipt of a reply.
  Each period indicates the network server timed out while waiting for a reply.
  U
  A destination unreachable error PDU was received.
  Q
  Source quench (destination too busy).
  M
  Could not fragment.
  Unknown packet type.
  Packet lifetime exceeded.
  Regards
  Hitesh Vinzoda
  Please rate helpful posts