I'm preparing to implement a CS-MARS device into my network and need some advice how to handle two Catalyst6500 switches configured with HSRP. These two switches run VTP and has the same number of SVIs for the same VLANs. On each VLAN each switch has a dedicated IP and a standby HSRP IP with preemt.
How do I report this to CS-MARS? I recon only the HSRP master switch is acting as the layer 3 device for the subnets while the standby switch only acts as a layer 2 device. But do I use the HSRP IPs for the different VLANs as management IP and the SVI IPs as management IP? How will this differ betwen the master switch and the standby?
Short answer: use the "physical" IPs of BOTH boxes and add BOTH - they syslog to MARS individually so MARS will get more traffic from one or the other (the one active in HSRP), but each should be added separately.
The 6500 switches both run native IOS and doesn't have physical IPs as such, only SVIs for different VLANS.
The thing is that I've doing some tests with this process already. I've added the switches using the SVI IP for the VLAN used for network management and MARS seems to treat the switches different depending on the order in which they are added. Regardless if I'm adding the HSRP master switch first or last it treats the first added switch as the main router and draws up the network layout with this switch in the middle even though the added switch is only acting as HSRP slave. To me it seems like such a setup would produce wrong information.
I've not used the HSRP IP yet and wanted to check if anyone has worked on this already since the manual isn't to clear on this regarding the usage of layer 3 switches.
Well, this is just me, but I would not predicate anything I do with MARS based on the diagrams it produces. The Attack Map perhaps, but I much more concern myself with the Incidents etc. which are based on the sending unit.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :