Customer's request is to make all requests go to real server 18.104.22.168 and if that server is down only then send all requests to backup server 22.214.171.124. But if server 126.96.36.199 comes back online then start sending all requests back to 188.8.131.52 and not use 184.108.40.206.
1. I think I have to put the two servers in VLAN 110 and not VLAN 12 and use the CSM in bridge mode by giving the same IP addresses of 220.127.116.11 for client VLAN 12 and server VLAN 110. Right?
2. There are two CAT 6500 with a CSM in each in Fault Tolerant Mode already configured and running and now need the above config changes added. Do I need to configure both CSM manually or if I configure one CSM will the other copy the config automatically.
3. I need to add VLAN 12 and VLAN 110 to Switch VLAN DATABASE, but not add VLAN 12 or VLAN 110 to the MSFC2 or should I only add VLAN 12 to MSFC2 and not VLAN 110.
4.Do new firewall rules need to be created for the two new server real IP addresses or VIP or non change required to the Firewall Rules.
4. What are some useful troubleshooting commands I can see if this doesn't work ? -
1 & 3) The servers will go into vlan 110. You need to create this vlan on the switch but there is not a routed interface for it.
The client vlan (vlan 12) will need a routed interface however it is not clear from your diagram where this should be. You will need to create vlan 12 on the switch as well. If you are putting a firewall in front of this vlan which it seems you are from your diagram then the routed interface for vlan 12 will be on the firewall not the MSFC. If you put it on the MSFC you will simply route round the firewall - probably not what you want.
2) Version 4.1(1) does not seem to support the command "hw-module csm 'slot no" standby config-sync" (worth checking tho). Looks like this was brought in on version 4.2. Without this command yes you will have to manually copy the config.
4) if you are not allowing through http ( assuming it is http) to the VIP already yes you will need a new firewall rule. That will allow application traffic. If you need direct access to the servers for management etc. then you will need to add in rules for those as well.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...