Internet anchor redundancy

Similar Messages

• Internet pipe redundancy

  I have Internet pipe from data center poeple. This pipe is directly going to cisco 2950 24 port switch(in public VLAN). I have another same switch trunk with primary switch.
  now in my production setup switch1 is the single point of Failure. Some body needs to manualy put the Internet pipe to switch 2.
  how DO I make my setup redundant in terms of Internet pipe ... My data center provider not able to provide Y connection--
  Please suggest me the solution

  Hi,
  I'am attaching my network digram in MS power point.
  Read Colour -- Public VLAN
  Gree Colour -- Private VLAN
  Doted line -- Trunk and HOW failover cable
  Internet pipe comming to switch1 public VLAN.
  I have only Cisco Pix 515E in HA mode -- I don't have router.
  My machine NIC1 connected to switch1 amd NIC2 connected to switch2 and BOTH the NIC in TEAM mode.

• Load-Balancing between Foreign and two Anchors

  Hi, we have two foreign controllers (one active, one standby) and two anchor controllers. All APs are connected to the active foreign controller. The layer 3 networks for the wlan clients on both anchors are different for the same SSID. SSID: Internet, anchor 1: Subnet A, anchor 2: Subnet B. So when a client is getting anchored to Anchor 1, the clients will get an ip from subnet A and when the client is getting anchored to anchor 2, the client will get an ip from subnet B.
  This is so far not a big problem because we only have a few accesspoints in some rooms. But what will happen, when we have a full covered wlan and the client roams from one AP to the other AP? Is there a possibility, that the client will anchored to a different anchor while roaming? I think this will result in a lack of connectivity because without a real disconnect the client will not ask for a new IP address.
  Other question: Is it possible to disable this load-balancing between anchor controllers? Or can i make a client sticky to only one anchor as long as an access-session is established?
  All controllers are 5760 with 3.3.3 software.

  Hi acontes, 
  It's an interesting question. 
  In this case, if all AP's are on WLC-A and there is no possibility that an L3 inter-subnet roam will occur between WLC-A and WLC-B, I would just forward WLC-A to Anchor A and WLC-B (in the event of fail over) to Anchor B (if Anchors reside on different subnets). If you must specify Anchor A and Anchor B on each WLC for redundancy purposes, it's important to understand the guidelines and limitations with regard to Foreign / Anchor Design.  
  As Scott mentioned, the limitation with Anchoring design is that there is no primary / secondary configuration for an Anchor on the Foreign WLC.
  If WLC-A has two entries (1) for Anchor-A and (2) for Anchor-B, the EoIP tunnels are establish and load-balancing occurs in a round robin fashion.
  Keep in mind the following with regard to guest N+1 redundancy:
  •A given foreign controller load balances wireless client connections across the list of anchor controllers configured for the guest WLAN. There is currently no method to designate one anchor as primary with one or more secondary anchors.
  •Wireless clients that are associated with an anchor WLC that becomes unreachable are re-associated with another anchor defined for the WLAN. When this happens, assuming web authentication is being used, the client is redirected to the web portal authentication page and required to re-submit their credentials.
  Since traffic is transported at Layer 2 via EoIP, the first point at which DHCP services can be implemented is either locally on the anchor controller or the controller can relay client DHCP requests to an external server. Since the IP address directly correlates to the DMZ subnet or the interface where the traffic egresses, it is possible for some clients to get IP's from both Subnet A or Subnet B in the event that WLC-A is building EoIP to both anchors.
  1) What happens if my clients roam?
  Nothing... since all AP's are on WLC-A, it's Intra-Controller Roaming
  Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address. The controller provides DHCP functionality with a relay function. Same-controller roaming is supported in single-controller deployments and in multiple-controller deployments.
  Would it be better to choose the same DHCP Pool on both anchors?
  It's probably better to have redundant anchors on the same subnet, but it's not required. 
  3) How would you design this :-)
  WLC-A <--EoIP--> Anchor A (DHCP Pool A)
  WLC-A <--EoIP--> Anchor B (DHCP Pool A)
  It's important to remeber what Scott mentioned about the lack of a primary / secondary relationship. If multiple controllers are added as mobility anchors for a particular WLAN on a foreign controller, the foreign controller internally sorts the controller by their IP address. The controller with the lowest IP address is the first anchor. For example, a typical ordered list would be 172.16.7.25, and 172.16.7.28. If the first client associates to the foreign controller's anchored WLAN, the client database entry is sent to the first anchor controller in the list, the second client is sent to the second controller in the list, and so on, until the end of the anchor list is reached. The process is repeated starting with the first anchor controller.
  If any of the anchor controller is detected to be down, all the clients anchored to the controller are deauthenticated, and the clients then go through the authentication/anchoring process again in a round-robin manner with the remaining controller in the anchor list. This functionality is also extended to regular mobility clients through mobility failover. This feature enables mobility group members to detect failed members and reroute clients.

• Arch without Internet

  I am rehashing an interest in Linux,  I've been goofing off with it since 1991.  Including installing many distros Slackware 0.94 being my first ever distro off of 3.5 diskettes.  I have been working with Crux for the last two months, but I'm tired of watching my Thinkpad T30 compile and compile and compile.  So now I've become intrigued with Arch and their precompiled binaries.  This is merely an exercise and toy for me to enjoy and learn from.
  Here's my problem, I don't have internet at home.  I have free use of it at work.  So I've been carring tarballs home to compile.  Then realizing I missed a dependency and having to bring them home the next day.  I can't continue doing this as the frustration is certainly going to kill my wife.
  Finally here comes the question
  Is there an Arch install disk with Xorg and a basic desktop so I can at least get that far?
  Is there a repository I can burn to a CD with the most common apps and their dependents?
  Is there any other way to install and maintain Arch without internet? (redundent I know)
  Am I going to be forced to go to the library to access a network point just to get a base (not core) system up and running?  Things I want to install are Abiword, Xine, XMMS, burn some CD's, and maybe later play some small games.
  Thanks

  Bear Chow wrote:
  I am rehashing an interest in Linux,  I've been goofing off with it since 1991.  Including installing many distros Slackware 0.94 being my first ever distro off of 3.5 diskettes.  I have been working with Crux for the last two months, but I'm tired of watching my Thinkpad T30 compile and compile and compile.  So now I've become intrigued with Arch and their precompiled binaries.  This is merely an exercise and toy for me to enjoy and learn from.
  Here's my problem, I don't have internet at home.  I have free use of it at work.  So I've been carring tarballs home to compile.  Then realizing I missed a dependency and having to bring them home the next day.  I can't continue doing this as the frustration is certainly going to kill my wife.
  Finally here comes the question
  Is there an Arch install disk with Xorg and a basic desktop so I can at least get that far?
  Is there a repository I can burn to a CD with the most common apps and their dependents?
  Is there any other way to install and maintain Arch without internet? (redundent I know)
  Am I going to be forced to go to the library to access a network point just to get a base (not core) system up and running?  Things I want to install are Abiword, Xine, XMMS, burn some CD's, and maybe later play some small games.
  Thanks
  You could eg install faunos to disc.
  Edit: A better solution would probably be to make a mirror of the arch mirrors on a external hd, and sync that on work from time to time.
  Last edited by Mr.Elendig (2008-11-14 16:03:40)

• How many EoIP tunnels at the same time? (One Anchor -- HA Pair )

  Hi Experts,
  With AP SSO, there should be two CAPWAP tunnels between an AP and the HA controller pair at the same time. Is it correct?
  Then how many EoIP tunnels between the internet anchor controller and the foreign controller HA pair at the same time?
  Thanks
  Cedar

  Hi Cedar,
  in AP SSO, only single CAPWAP tunnel maintan at a time & see the below reference for details.
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml
  There is only one CAPWAP tunnel maintained at a time between the APs and the WLC that is in an Active state. The overall goal for the addition of AP SSO support to the Cisco Unified Wireless LAN was to reduce major downtime in wireless networks due to failure conditions that may occur due to box failover or network failover.This allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC.
  in the same sense, EoIP tunnel limitation will be 71 for a anchor controller. See below
  https://supportforums.cisco.com/thread/2123756
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Can I run two DSL lines into my airport network?

  I have a 1.5M line from Qwest and can not get faster speed from anyoe else in my semi-rural community. Can I run two 1.5 DSL lines into one or two airport extremes and get the equivalent of a 3.0 line?

  If I have two DSL lines each connected to its own Actiontec modem with each modem connected via ethernet to its own airport extreme then it sounds like I need to have two wireless networks to take advantage of the second DSL connection. Correct? We have a lot of computers being used in the household so could put the kids on their own network.
  Apparently the airport extreme can not manage a network with two internet connections even if they are connected via separate airport extremes? I have worked at companies that have done this for internet connection redundancy purposes so there must be devices that can handle this.
  Message was edited by: David in Colorado
  Message was edited by: David in Colorado

• IWeb Publish to FTP: Double Site Name

  My attempt to mount an iWeb site publishing via FTP to my commercial host server on my acquired domain name josephscriven.org works well EXCEPT when it is up on the Internet a redundant duplication creeps into the URL. After clicking on or entering josephscriven.org the website comes up beautifully but the URL is listed as http://josephscriven.org/Home/Home.html.
  Changing the "Home" to anything else does not help as then the new name is simply duplicated.
  Any thoughts out there?
  Thanks

  I ran into that as well. Even worse, the redirect that iWeb set up to send site visitors to the subdomain that it stored the actual site files in didn't work in some browsers, including Microsoft Internet Explorer, which accounts for roughly 80% of site traffic on most of my sites.
  I just bought a Mac, so I set up a simple test site, just to help me get the feel of it. If you have access to your site via FTP. I had to use my PC for this, since I am thus far unfamiliar with any of the FTP programs available for a Mac, but I'm sure they will work well enough once I figure them out.
  Anyhow, if you access your site through FTP, you can move your site files and folders down one level, back to the command line for your domain, and everything should work fine, without the silly redirect.
  The only glitch I had in this is that the Index.html file that was used for the redirect that iWeb set up capitalized the first letter in the file name, whereas the index.html file used in the site itself was not capitalized. When I first did that, I would get a 404 upon trying to navigate back to the index (home) page of the site using the navigation menu. Changing the site index.html file to Index.html fixed that problem, as you can see in http://www.pinegrovealpacas.net/.

• Guest Mobility Anchor N+1 Redundancy Design

  Anchor WLC redundancy is achieved through the mobility groups. For redundancy, we can increase the mobility group size, including additional controllers for redundancy.
  Does N+1 redundancy works across different mobility groups (Anchor WLCs in different DMZ zones for different internet breakout points for Guest access)?
  Does it supports pre-empt (preferred) action when the failed primary Anchor WLC recovers?
  For WLC 4.1 version or later, mpings are used for keepalive packets between the foreign and anchor controllers. However, there is no setting to set the order of preferred Anchor controllers.

  You can have multiple anchor wlc in the DMZ. These will always have a different mobility group name than your foreign wlc's. There is no pre-empt in a multiple anchor wlc. I believe with 5.2 you can specify which anchor wlc you want traffic to go to, but then again, I don't like any of the 5.x code. With the 4.x and earlier versions of the 5.x code, the decision on where traffic will go to is calculated by the foreign wlc that has to anchor the trafic to one of the anchor wlc's in the DMZ. Local WLC uses these anchor wlc's in the order WLCs are configuredIs failover transparent to the user.... no. Since best practice is to make sure your dhcp scopes on the wlc do not overlap, users who is anchored to one that fails, will move to the other wlc. This usually will make the client renew its dhcp address.

• How to configure Redundant Internet Access on WIndows Server 2008 R2

  I have a Windows Server 2008 R2 machine running in my basement.  I have an application installed on it that calls a web service out on the open internet on a periodic timer.  Everything works great until my ISP goes done. 
  For redundancy I got a second connection into my basement from a different ISP.  I want to now configure my service to use the first ISP until it goes down and then automatically switch to the second ISP. 
  I have installed a second NIC card into the server.  However, I need some help in configuring the redundant set up I am after. 
  For example it isn't clear to me  if these separate NICs should be configured on the same subnet? 
  The other complication is that this server is infact the DC for my domain.  Not sure if that complicates things or not.
  I do RDP into the server remotely currently, so there is another potential complication (would need to enable that through both ISP router/nic.  However, please note that other than the inbound RDP traffic, I am only interested in having the "outbound"
  web service traffic redundant at this time  - that is I am only using the machine as a client in this scenario).
  I have read up on Multi-homing and just feel this is overkill for what I am trying to accomplish.  All I want is for the internet to still be reachable from the machine via automatic switch over if my primary ISP goes down.
  Thanks in advance for any and all help in configuring this correctly.
  Rod

  Hi Rob,
  Thanks for posting here .
  TMG could help to implement internet redundancy feature with using maximum two ISP connections:
  Planning for Internet service provider high availability
  http://technet.microsoft.com/en-us/library/dd897038.aspx
  We can get more detail introductions form TMG/ISA forum If are interesting in this feature.
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
  Deploying other dedicate third party devices that support this feature is also a good choice .
  Regards,
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact 
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Controllers in the same WISM module in the 6500, i'm trying to make one of them anchor controller for guest internet

  I have 2 controller in the same WISM module and I'm trying to make one of them Anchor controller for guest WLAN, but when I give put the anchor controller in a separated non-routed VLAN and connect it to an outside switch by creating VLAN 192 on the core. ( the Internet router is connected to the same switch).-it is showing path down... ( VLAN 192 visitor Internet and VLAN 224 my internal controller management VLAN are not talking)
  there is no routing between these 2 VLAN ( because of security), but i can't get the controller to communicate.
  -if I connect my laptop to this switch I'm able to go out on Internet but my visitor WLAN is not able to get IP address from the router connected to this switch.
  - I called Cisco and one the guys told me that i can leave the management in VLAN 224 for the controller to communicate ( which they did), but the issue I'm having right now is that my visitors are not getting IP addresses from this VLAN at all
  some one please advise
    vlan192   4/1 vlan 192              int g0/0 192.168.2.201
    6500 ----- switch ---- router---------  (outside)
      |         |   |
      |        DHCP server
     WLC

  A couple of questions, is VLAN 192 allowed across the trunk link to the wlc?  Do you have an interface tagged for vlan 192, with a valid address?  What is providing the DHCP?
  Cheers,
  Steve
  If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

• PIX Redundant Internet Line and Load balancing

  I would like to find out if it's possible to configure my Cisco PIX 525 to use a secondary internet line from a different provider and perform load balancing. I'm using PIX Version 6.3(1)

  PIX version 6.3 does not support Redundancy and load balancing. but PIX/ ASA with version 7.0 supports Redundancy.

• Guest access to the Internet with Guest Anchor Controller

  Hi;
  We are doing our initial implementation of an enterprise wireless system.  I deployed a WLC 5508 connected to our data center core switch using LAG.  The 5508 is configured in FlexConnect mode since it is serving APs deployed to a handful of remote offices.  Employee wireless access has been rolled out and is working well.
  I am designing guest access.  As is typical, I want to enforce a policy that guest wireless traffic is forwarded to the Internet Edge in our DMZ and directed out to the Internet.  We do not plan to deploy a Guest Anchor controller in the first phase of the roll out.
  What is the best way to enforce forwarding of guest traffic towards the Internet Edge once the guest traffic arrives at the 5508?  A guest VLAN between the core switch and the Internet Edge isn't feasible since there is a firewall between the core and DMZ that is configured in Routed mode.
  Thanks for the assistance!  Glenn Morrison

  you'd have to do a VLAN between the core and the firewall for the guest traffic until you get the anchor installed.
  HTH,
  Steve

• Sending to the internet redundancy..Is this possible

  Can anyone tell me how I can accomplish redundancy in mail transport to the internet
  Here is my setup
  Site A is production and holds all mailboxes
  Site B is our failover site
  In both site A and site B we have an ex2010 server that sends to the internet via a sonicwall mail appliance. All mailboxes for the company are on the server in site A. I have the servers in both sites config'd with DAGS and when the DBs dismount in site A
  the DAGS work as designed. However if the mail appliance goes down in site A all the emails Q up on site A ex2010. I need to configure somehow my ex2010 in site A to send email through the mail appliance in site B if the appliance goes down in site A.
  Any help is greatly appreciated!!

  There is nothing automatic unless you set both sonicwalls as smarthosts in a single send connector and then make the Site B sonicwall unavailable until its needed somehow. ( or not, maybe you are ok with messages going through the SiteB sonicwall anytime)
  or 
  You could try the same thing with 2 send connectors  with the same source servers, but whether Exchange correctly handles that when one of the sonicwalls is unavail is something you will need to test.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• DHCP loadsharing with redundant Guest Anchor Controllers

  Hi
  I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centres with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
  This is how I tried to distribute
  network. 10.1.0.0/23
  gateway: 10.1.1.254
  Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
  Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
  As the user loadbalancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
  I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP loadbalancing and having full redundancy at the same time?
  Any suggestion will be greatly appreciated.
  Regards

  Thanks Scott, I understand that it's quite obvious to get an external DHCP Server, unfortunately it's not an option for us The weired thing is, it seems when a client joins the guest WiFi, both the Anchor Controllers (both functioning as DHCP servers with mutually exclusive IP Address space) are providing IP addresses. While the client accepts only one the other Controller still reserves the IP address unused and hence depleting the DHCP Pool.
  I thought for load balancing (in the very beginning) the Foreign controller will forward the DHCP request to only one of tthe Anchor Controllers, but in reality it's forwarding it to both. I have tested this with only one test AP, so mobility doesn't seem to be an issue here. Any thoughts?

• ASA Active/Active Failover with Redundant Guest Anchors

  Does anyone know how an ASA and a guest anchor 5508 will interact if I setup an Active/Active failover pair with physical interface redundancy?  I see from documentation that I can create a logical group in the ASA to bond physical interfaces together, but it doesn't describe what protocol is being used to manage that bundle.  Do I assume etherchannel?  If I were to create this scenario, can I run the 5508 in LAG mode?
  The current failover configuration example is for PIX, and old code at that.  I'm referencing an ASA/PIX guide ISBN:1-58705-819-7 beginning on page 531.
  Regards,
  Scott

  In addition to what you have, you should add to each unit the global configuration command "failover".
  We generally don't manually configure the MAC addresses in single context mode since the ASA ill automatically assign virtual MAC addresses and manage their moving to the newly active unit in the event of a failover event. Reference.