I have two 100e CS-MARS appliance and I am just contemplating the use of one 100e MARS appliance as secondary in the network. I wanted to clarify a few things:
1. The Install / Setup guide for CS-MARS tells me that I can use the Secondary MARS appliance if I put the primary MARS appliance offline. Isn't it possible to use a secondary mars appliance with a different IP and use it just to analyze old archived event data?
2. If I choose to deploy any CS-MARS appliance as a standby only, does CS-MARS understand any dynamic protocol like HSRP that can be used to automatically failover to the secondary
in the event of a failure?
Would appreciate any inputs on deploying secondary / standby MARS appliance
1) I believe what they're referring to is a second CSMARS that has the same configuration as the other (for example, restored using pnrestore). You can probably have both online at the same time, if you plan it carefully. You have to at least consider:
a) devices where information is pulled (i.e. Cisco IPS, Checkpoint, Windows)
b) SNMP to network devices
c) the archive settings
d) rules with notifications
e) you'll have to update the license after a restore
f) obviously you'd have to change the IP address
Regarding using the second appliance to analyze old archived data, I keep hearing people talk about that but fail to see how it's feasible. I'm not aware of a pnrestore option that allows you to restore a range of dynamic data. I believe you can only restore from a certain date in the past to the present. Cisco recommends simply manipulating the archive date so that only the correct range is available. I don't consider that even remotely realistic or advisable.
2) no, there is no support for automatic failover.
We have a secondary device for DR purposes. It runs concurrently, for testing only. In the event of a failure of the primary, we will use pnrestore to recover it from archived data. We have tested this numerous times and it works.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :