I'm looking for ideas on how to have complete HA between a dedicated T1 and an L2L VPN over the internet.
We had discussed routing protocol OSPF but would like to avoid the converge issues that could rise and affect other customers in the same DMZ.
What would be our options if we do not want to use a routing protocol? How could we fail over to the backup line, the L2L, should the T1 fail. I had mentioned changing the metrics but this will not identify a problem on the line should the customers ethernet link goe down.
Feel free to include an ideas that would use routing protocols.
I had to revisit this configuration. I had decided since we are not going to use a routing protocol that a floating route between the T1 router and VPN is the best solution. although this should work if the router or Ethernet of the router goes down it should fail if the the Ethernet interface of the router, which has OSPF running between their network and our LAN, does not fail.
Can you use a separate instance of OSPF on the router with the backup link? So if you are running router ospf 1 on all of your devices, and say router ospf 101 on your backup link, 101 will not converge into 1.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...