Redundant Switch Configuration

Similar Messages

• What is the best design to connect redundant Firewalls to redundant switches?

  Hi All,
  I would like to know the best possible design to connect redundant Firewalls(Netscreen,FortiGate etc) to redundant switches.I have dealt with Cisco FWSM's in which both the Firewall and switch is in the same chassis. So for the Vlan's behind the Firewall, we just create the L3 interface on the fwsm and do a static route in the switch. The Gateway IP will be tied to the primary fwsm and the failover happens through the network. But now i need to know the best possible design when i am connecting to a different vendor firewall.
  Let's say i have 5 vlans and all these vlan's are behind the Firewall. The redundant switches will have the L2 vlan's created and have a static route to the Firewall. I am proposing the attached design in which i will have L2 vlan's created on the switch and L3 on the Firewall. The Firewall's and the switch will be connected with one trunk port and an access port for uplink and downlink traffic. The two switches will be connected each other using a vlan trunk.The two firewalls will be connected using a redundancy vlan.
  I am not so sure about the working of other firewalls such as Netscreen and FortiGate. I am also confused with the traffic path that the frames will take by having this design.Please advice if you have any suggestions.
  Appreciate your help and advice.
  regards
  dathan

  subhash007 wrote:It's not 802.3ad link aggreagated interface. In the switch side, the ports will be configured as normal access ports and the bonding config will be done on the server side.
  To be honest, I don't understand how the Linux bonding mode can work without anything configured the other end.
  My understanding of 'bonding' comes from Multilink PPP (MLP) where the data stream is chopped up and split across two (or more) circuits. At the other end, a similar MLP-enabled device reforms the data stream from the multiple circuits, maintaining packet order. But this requires MLP-enabled 'bonding' devices at each end.
  Perhaps you could help me better understand the Linux bonding...
  subhash007 wrote:If any single homed server is connected to Switch 2, what will be traffic path for its data packets?Switch 2 ------------------> Switch 1 ----------------------> Active firewall                                   ORSwitch 2 ------------------> Passive Firewall -----------> Active Firewall
  If the firewalls operate in the same fashion as Cisco ASAs, then the inter-firewall link doesn't carry traffic. It's for failover detection and HTTP replication only. But like I said, I'm not familiar with this vendor's products.
  subhash007 wrote:Also will there be any change in traffic path if the trunk between Switch 1 & Switch 2 is converted to L3 routed interface? Since there is no VRRP, i can convert the trunk to L3 right?
  Same as above.

• "Server either does not have a virtual switch configured or none of the configured virtual switches have an IP address assigned" error driving me nuts!

  OK; have been trying to setup a test VM based RDS deployment for a few days now with no luck.
  this error mentioned above:
  "Server <server name> either does not have a virtual switch configured or none of the configured virtual switches have an IP address assigned" error is driving me nuts!
  I have removed and re-added the RD Virtualization Host role numerous times, each time having the "create a virtual switch" checkbox selected, but it did NOT create any virtual switch.
  I created the external virtual switch manually and tried to create the desktop collection again, no luck with the same error.
  a few questions:
  1. you don't assign IP to a switch! you assign IP to Network Interfaces. why does the error puts it like this?! it is technically wrong.(yeah yeah I know all about how you'd assign IP to managed switches in real world to telnet into them and manage them.
  you know better than me that it is not the case here!)
  2.the RDS Virtualization hosts are using their wifi card as the card for the virtual switch. could that be the reason? I even disabled their unplugged wired NIC just to make sure that the wifi is the only available option for the RDS wizard to use for the
  virtual switch creation; but it didn't use it and it didn't create any virtual switch automatically.
  3.if WIFI nic is indeed the reason, is it your suspension or an official documents is there somewhere stating so (that the WIFI NICS on a Virtualization hosts are not supported as the hub for a virtual switch).
  4.what are the properties of the virtual switch the RDS requires? does it have to be external? why can't it work even with my manually created external switch?
  5.how would I fix it?
  P.S: the environment is made up of 2 laptops, having windows 2012 R2 trial installed on them, using their wifi to connect to the out world. no cable is plugged into their wired NIC card.

  Hi,
  Thank you for posting in Windows Server Forum.
  The simplest short term solution was to connect each computer to a small switch that had no other connectivity. This brought up the link light on the external NIC and allowed the creation of the collection to complete. You need to use an external switch. You
  can create one external switch which might fix the problem.
  Please check below article for information.
  VDI Deployment Error About Virtual Switch
  In addition please referthis article for information regarding virtual switch.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Switch configuration for AP's

  We are trying to install a 2106 controller with a few 1261 AP's which we have downgraded to Lightweight.
  We are getting our head around the 2106 config but am unsure as to what config to put on the switchport the AP's connect to.
  As far as our reading goes it is best practice to plug the AP's into a network swtich and trunk vlan's from the switch to the controller.
  Bit confused about the way the AP's connect to the switch.
  Thanks
  Roger

  Hi,
  As I understood ... you need to map existing vlan subnet with your wlan ...
  you will have interfaces which you first need to configure on your controller .
  1) Management IP of wlc
  2) AP- manager
  3) dynamic interface which will be used to map the vlan with respective wlan
  4) virtual
  procedure :
  1) if you do not have dhcp seperate configured , first you need to create vlan then configure svi interface with ip address and  dhcp pool for your ap to get ip address in your l3 switch which is connected to your controller with default-router command which will point to your switch
  2) login to your controller through console and configure the management IP address
  command  : WLC( config ) > interface address management ... ip address... mask .... gateway ( it will be your switch )
  configure AP-manager interface with above command with ap manager option ..
  Now switch side you configure the one port which is connected to your controller as a TRUNK
  connect ap to any port which will configured with above vlan which you have configured in l3 switch
  Now AP should get registered and then follow below procedure for getting client connected to respective WLAN
  3 ) once you configure login to gui of controller and configure dynamic interface with existing vlan subnet and give the dhcp server ip address if you have or else configure the dhcp pool for users also.
  4) go to " wireless " option
  5) select the respective wlan and map the vlan with respective dynamic interface
  check whether clients got ip address.
  please let me know ........ if you have doubt about it

• Switch configuration distributed environment

  Hi
  I have ISE 1.2 and catalyst 2960
  Please I nedd a document of controller and switch configuration exemple in distributed environement (primary and secondary ISE MNT PSN)
  Thanks

  https://supportforums.cisco.com/docs/DOC-18325
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.html
  https://supportforums.cisco.com/docs/DOC-18121

• IviSwitch looses value when sending, "configure switch" configuration = TRUE

  Hi all,
  we are currently evaluating Teststand 4.1 with a keithley 3706 system switch multimeter.
  After a first enthusiasm, thinking this tool together with the switch multimeter fits perfect our needs, real life seems some harder.
  Between several other problems, we need to tell the device, that the channel "s1com1" and "s1com2" are configuration channels.
  Configuring the teststand step : Edit IVI Switch Step -> IVI switching, Configure Switch : Channels "s1com1", Configuration = True
  leads to two actions observable in Ni Spy:
  GetAttributeViBoolean(...,"s1com1", _IS_CONFIGURATION_CHANNEL , VI_FALSE)
  SetAttributeViBoolean(...,"s1com1", _IS_CONFIGURATION_CHANNEL , VI_FALSE)
  manually calling this class functions from an interactive CVI fp works as expected (setting it to VI_TRUE)
  Does anybody have any hint what we could do wrong? Currently we are just before writing wrappers in cvi and skipping all the wonderful IVIStep Types in teststand.
  Looking forward to any feedback
  David Clus
  Solved!
  Go to Solution.

  David -
  This might the same problem that we recently discovered in our internal testing. For the problem that we found, we will likely include our fix in an upcoming maintenance release. Can you verify whether the problem still occurs if you change your regional settings to English in the control panel? If the problem no longer occurs, can you use this as a workaround for now?
  Message Edited by Scott Richardson on 10-06-2008 10:48 AM
  Scott Richardson
  National Instruments

• Sf300 switch configuration

  Hello , This is Shanker from India . can you tell me sf 300 switch configuration . how disable in traffic. . 
    my picture like i have ring network connect to my Gig port but i don't  want to input 1 to 24 port . 
  so tell me how configuration

  Hi Siva,
  Now it would be good idea to upgrade boot code and firmware to the latest one:
  firmware: 1.4.0.88
  boot code: 1.3.5.06
  to download:
  http://software.cisco.com/download/release.html?mdfid=283019670&softwareid=282463181&release=1.4.0.88&relind=AVAILABLE&rellifecycle=&reltype=latest
  for boot code upgrade:
  http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=f1e39061efb14c94a570bcbd6582167b_Firmware_Upgrade_Troubleshooting_on_300_and_500_Series_Manag.xml&pid=4&fcid=&fpid=&slnid=6
  Regards,
  Aleksandra

• Invalid switch configuration-oob error

  Hi all,
  We are using NAC in OOB Virtual Gateway mode only for wireless users.But we are facing an error on user PC stating that,
      invalid switch configuration-OOB error:OOB client MAC ADD/IP ADD not
                     found. Please contact your network administrator.
                Please contact your administrator if the problem persists.
  Thanks in advance.

  Please check your snmp settings on the wlc and the manager. This is usually seen when the agent passes the mac address and clients ip address to the CAS but the CAM never receives the mac notification trap.
  thanks,
  Tarik

• How can I automate switch configuration

  I am looking for a way to automate switch configurations. I want to create a standard configuration that I can apply to all new switches. What methods (software, scripts etc) are available to automate the configuration process? Ideally, the system would download and install a standard image and then apply a baseline config, which I could modify as needed after initial install.
  Thanks

  Sorry, this is correct URL - http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca735.html
  Also search Cisco website for release notes for your specific product since there might be some differences in supported features (like auto save of configuration after auto-install finished etc.). Here is one of them:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/prod_bulletin0900aecd803fdc15.html
  Regards,
  iLya

• Configuration Help 1130AG-VoIP-Vlans-Switch Configuration

  1130AG running c1130-k9w7-tar.124-3g.JA1, in autonomous mode.
  VoIP - Call manager 6x, Cisco phones only,
  Vlans - Open, secure data using WPA2, VoIP Vlan is using pre shared keys.
  Switch Configuration - C3548xl's, C356048ps, 6509 cores
  I have been looking for configuration examples to help me configure the interfaces from the 3546xl and the C356048ps switched to the 1130AG.
  Configuration between the C3548xl's, C356048ps, and 6509 cores on the trunk ports for QoS.
  The call Manager is on Vlan 210 and the Vlan for the wireless voice is 202.
  Any suggested links would be grate, I think I have found most of it but want to be sure.
  Thanks

  Just to expound upon the commands that were not working, I did use the /? switch to see available commands, so for example, the mls qos trust dscp command, I entered mls qos trust /? and the only option was cos.
  I globally configured the switches with:
  lldp run
  no lldp tlv-select power-management
  mls qos
  network-policy profile 50
  voice vlan 50 dscp 46
  All of these commands worked fine.  I was going to assign the network-policy 50 on each access port along with the commands of mls qos trust dscp, auto qos voip trust  too, but did not get to that step.

• Update Switch Configuration from Switch Executive 2.1 to 3.5

  Hi everybody,
  I tried to update from Switch Executive 2.1 to 3.5 and had to find out, that my configurations have stoppped working. To me, it looks like 3.5 doesn't like my IVI configuration for the switching modules.
  The Verify function in MAX tells me that the PXI cards are not accessible. The frontpage of the switch configuration shows no configurations / terminal blocks.
  Since the configuration consists of nine matrix cards with a lot of hardwires, I'd really appreciate a way to properly import the old configurations (xml files are available)
  Any ideas?
  Cheers
  Oli
  Programming languages don't create bad code, programmers create bad code....
  Solved!
  Go to Solution.

  Hey Oli,
  Background:
  By default, NISE 3.5 and later use the DAQmx API (instead of IVI) to directly control switch modules.  This is different from previous versions, which required setting up an IVI session for each NI Switch module.  You can still use IVI with NI Switch modules in NISE 3.5 and later, but this is not the default behavior.
  The KB Sebastian referenced lists three different upgrade paths to use exported IVI Virtual devices in NISE 3.5 and later.  As you've discovered, NISE 2.1 has fewer export formats, so we'll need to take the following steps:
  Assumptions:
  You have virtual devices created in NISE 2.1 (file format doesn't matter).
  IVI Sessions and Logical names haven't been setup on your NISE 3.5 machine:
  Action items:
  Create IVI sessions and logical names.  You could manually create the IVI sessions (as mentioned in the KB), but there's a MUCH easier method:
  Right click on the NISE Virtual Devices tab and select 'Create New':
  Click the 'auto create IVI devices' button.  A dialogue will pop up... just click yes:
  The NISE Create Virtual device window should now look like this:
  Notice that we now have IVI devices.  Sweet!  So now just click cancel (yes, cancel)... we only used this dummy virtual device to simplify the IVI creation process.
  If you look in MAX, it'll appear as if there still aren't any IVI devices:
  Fear not, all we need to do is refresh.  To do this, hit F5, and voila!:
  So now all you need to do is change the IVI Logical name to whatever your old IVI Logical name was and then import as normal. 
  At this point, you should be operational using IVI devices in NISE 3.5 (if not, post up).  If you'd like to go one step further and upgrade to purely DAQmx calls, just follow the steps in the 'Upgrading from IVI to NI-DAQmx' section.  Note that once you've upgraded to DAQmx, you'll only be able to use exported Virtual devices with NISE 3.5 and later.
  Have a great day!
  -John Sullivan
  Analog Engineer

• Switch configuration urgent help (edge and core)

  hi
  i have new project in with the bellow product :
  20 X WS-C2960-24TC-S
  2 X WS-C3750X-48T-S
  2 X WS-C2960S-24TS-S
  i need to configure this switch in order to work without having vlan, first the 2 core switch for redundancy, then each catalyst switch 2960(edge Switch) connected to the two core with 2 uplink each uplink will be connected to single core switch(i have 2 core switch and i want to configure it in stack mode redundancy) 
  i need help to configure this switch to work perfectly with each other in best redundancy mode any configuration for this switch will be very helpfull for me
  thank you

  Hey,
  This is a very open question but i believe the document below is a good point to start:
  http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Small_Enterprise_Design_Profile/chap2sba.pdf
  HTH.
  Regards,
  RS.

• To reduce a miror copy from high redundancy ASM configuration to normal?

  If we have configured "high redundancy ASM disk group", then late on, wanted to change it to "normal redundancy", then it becomes 2-mirror copies.
  Can I achive that, and what steps ?
  Thanks for your inputs in advance.

  backup database (someplace other than ASM)
  shut down database
  drop diskgroup
  recreate diskgroup with normal redundancy
  restore database
  or
  create new diskgroup with normal redundancy
  migrate all datafiles to new diskgroup
  (look at RMAN backup datafilecopy and switch datafile)
  you must shut down the database in order to move the system datafile etc... Which, if the database is small enough, it may be faster to do option 1.

• IDSM in redundant switching environment

  I have two 6500 switches/routers trunked to each other serving various devices. The two switches are installed for the purpose of redundancy and same VLANs are configured on both. My question is related to deploying IDSM-2 blades in this environment. Can I just use single blade in one switch and still be able to monitor desired VLANs traffic through VACL or SPAN/VSPAN/RSPAN or do I need two IDSM blades; one in each switch. Has anyone deployed IDS in this environment and what are the benefits of deploying 2 (one is each) versus 1.

  RSPAN is generally the method of choice for these types of configurations.
  The packets from both switches can then be monitored by a single IDSM-2 in one switch.
  You can also provide some redundancy by placing a second IDSM-2 in the other switch, and have both IDSM-2s monitoring the exact same traffic (each IDSM-2 is monitoring packets from both switches).
  You will get duplicate alarms (one from each IDSM-2) when both are running, but it will ensure you do not miss any alarms if one of the switches should happen to go down for maintenance or power loss.
  There are other deployment options, but these depend on some specifics that you will need to analyze:
  Do you have assymmetric traffic?
  Quite often in these types of setups, both the switches are carrying traffic at the same time, and on occasion the client traffic will go through one switch, but the server response traffic will come through the other switch. For the IDSM-2 to properly track these connections it needs to see traffic from both switches. So if assymetric traffic patterns exist, then RSPAN needs to be used so both switches can be monitored by a single IDSM-2.
  If assymetric traffic does not exist, then the IDSM-2 does not need to monitor both switches.
  You could deploy an IDSM-2 in each switch. Then using either span or VACL Capture the IDSM-2 could monitor just the traffic flowing through the switch where it is located.
  What are the traffic rates?
  The IDSM-2 has an upper performance limitation of 600Mbps. If you are forced to use RSPAN because of assymteric traffic patterns, then you will only have the ability to monitor 600Mbps and must choose wisely what will be RSPANed to the IDSM-2.
  If you do not have assymetric patterns then you can at least use 2 IDSM-2s (one in each switch) and possibly more (see below).
  If the traffic being routed by the switch/msfc?
  If no traffic is being routed by the switch, and you do not have assymetric traffic patterns then you are in luck. This is the easiest deployment scenario. You can have multiple IDSM-2s in each switch. Each IDSM-2 would be configured to monitor one or more vlans using VACL Capture. The performance limitations are 600 Mbps times the numbers of IDSM-2s you purchase and can fit in the switch.
  If traffic is being routed, however. You once again run into a situation where a single IDSM-2 has to monitor all of the vlans in the switch (when using VACL Capture). There is an interaction between the routing features of the switch/msfc which force a single IDSM-2 (per switch if no assymetric traffic patterns) to be used to monitor all of the vlans in that switch.
  And you are now limited to the 600 Mbps limitation (or 2*600Mbps if you place one in each switch and there are no assymetric traffic patterns).

• WAE-7326-K9 Content Services Switch Configuration

  Hello -
  Our ITC purchased a new Cisco 7326 Wide Area Application Engine equipped with three 300GB hard drives and ACNS version 5.5. We intend to utilize this applicance as a cache engine only.
  The 7326 will connect to our Cisco 7206 BGP Router and Cisco 6513. The BGP is connected to an 80Mbit/s Internet source and the other is 10Mbit/s.
  Anyone installed a 7326 cache engine? Any configuration examples or help is appreciated.
  We are replacing a StrataCache 3 server cache engine with an F5 switch.
  Thank You.

  Dim sReturn
  sReturn = Request.Cookies("MSCSFirstRequestedURL") & "guid=" & sGUID
  Response.Redirect sReturn