cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
3
Helpful
2
Replies

css 11503 ssl in box to box redundancy

qubenetworks
Level 1
Level 1

Hi all,

I have 2 css11503's in active/passive redundancy config. When using the commit_redundConfig command the ssl does not copy across correctly. I have cleared the standby box and started again, but with no luck. The config guides I have found offer little info on the ssl redundancy, just the normal IP redundancy, the question is should I configure the ssl config and import the certs on both boxes and then commit the redundant config when I have verified the ssl config on the standby unit? It is a live network so I don't have much opportunity to mess around,

Thanks in advance

2 Replies 2

jsivulka
Level 5
Level 5

Configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active/standby (only the master CSS processes flows). Can configure a dedicated Fast Ethernet (FE) link between the CSSs for the VRRP heartbeat. Do not configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active-active (both CSSs processing flows). Use VIP redundancy instead.

•Cannot configure a dedicated FE link between the CSSs.

The following URLs may help you:

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a0080228179.shtml

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/redundancy/guide/ASR.html#wp1061278

Thanks,got the boxes set up in active passive mode, in a one arm bandit type config, thats all fine, I just cant find anything anywhere that tells me if I have to set up the ssl part seperately on both boxes, coming to the conclusion I will have to do it that way but the docs aren't clear on the issue, they all seem to treat the ssl and redundancy seperately. Not top keen to mess around too much as its live at the moment, thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco