I have one CSS11503 at the main datacentre and another at the standby datacentre (ie D/R scenario). The standby datacentre CSS I have configured so that if any DNS queires hit this site and the main data centre service is up, then prefer the main data centre (as apposed to standby).
But when testing, I suspended the service on the CSS in the main data centre, but the standby datacentre CSS still saw this service as 'alive', and therefore would not take over responsibility for the service.
I placed a sniffer on the standby datacentre CSS customer facing (APP port) vlan and could see keepalives being sent from this standby CSS to the main CSS service and the remote service still responding (even though I could not ping the main CSS service - because I had suspended it).
I then suspended the content on the main datacentre CSS and still the backup CSS saw this as alive and still got responses back from the main CSS service.
I have attached a config subset of both CSSs (ie one at each datacentre). Please note: I have configured for VRRP because at some stage we may have 2 at each data centre.
It appears to me like a bug. However, really am struggling so would appreciate some help if anybody has got any ideas.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...