I did not configure the management port, I thought to Telnet any of the circuit IP address. So I think I should make use of management port for Telnet.

I want to have active-backup redundancy with these 2 units of CSS, so I use VIP/Virtual Interface redundancy instead of ASR.

VRRP preemption is not a requirement.

Hi Marko,

For configuring "ip redundant-interface", I thought the IP addresses to be configured with this command is the physical IP address of another box in the same circuit (VLAN)?

am I wrong?

Hi Marko,

That means I could not to configure redundant-interface as I have redundant-vip configured already?

Actually the topology is:

VLAN550 is connecting to server farm

VLAN145 is where user sitting

my current config :

circuit VLAN145

  ip address 172.19.145.182 255.255.255.0

    ip virtual-router 1 priority 101

    ip redundant-vip 1 172.19.145.184

    ip redundant-interface 1 172.19.145.183

    ip critical-service 1 PING_DEFAULT_GATEWAY

circuit VLAN550

  ip address 192.168.50.18 255.255.255.0

    ip virtual-router 2 priority 101

    ip redundant-vip 2 192.168.50.20

    ip redundant-interface 2 192.168.50.19

    ip critical-service 2 PING_DEFAULT_GATEWAY

!*************************** OWNER ***************************

owner HLRLDAP

  content VIP_LDAP_16611

    vip address 172.19.145.184

    port 16611

    protocol tcp

    add service KPG-HV30-3

    add service KPG-HV30-6

    active

!*************************** GROUP ***************************

group Redundant_Server

  vip address 192.168.50.20

  active

So, I should have change my config like this:

CSS1

---------

circuit VLAN145

  ip address 172.19.145.182 255.255.255.0

    ip virtual-router 1 priority 101

    ip redundant-vip 1 172.19.145.184

    ip redundant-interface 1 172.19.145.181

    ip critical-service 1 PING_DEFAULT_GATEWAY

circuit VLAN550

  ip address 192.168.50.18 255.255.255.0

    ip virtual-router 2 priority 101

    ip redundant-interface 2 192.168.50.20

    ip critical-service 2 PING_DEFAULT_GATEWAY

CSS2

-----------

!************************** CIRCUIT **************************

circuit VLAN145

  ip address 172.19.145.183 255.255.255.0

    ip virtual-router 1 priority 90

    ip redundant-interface 1 172.19.145.181

    ip redundant-vip 1 172.19.145.184

    ip critical-service 1 PING_DEFAULT_GATEWAY

circuit VLAN550

  ip address 192.168.50.19 255.255.255.0

    ip virtual-router 2 priority 90

    ip redundant-interface 2 192.168.50.20

    ip critical-service 2 PING_DEFAULT_GATEWAY

Hi Marko,

Currently the loadbalancing and VRRP seem working fine, but I have problem to telnet to 172.19.145.183 which is the backup VRRP unit. I can ping to it but not telnet.

Anyhow, I will fine tune the VRRP configuration like I posted here earlier, and configure the management port with IP address and give a try again. Will update you guys later!!

Actually there should be no problem with this configuration and you should be able to reach both devices. So i consider you have another problem in your configuration. To use the management port will help maybe, but it will not solve the problem.

Hi,

Check if ACLs are enabled on the box, perhaps the ACL for that circuit is not properly configured/applied.

Have you tried SSH on that circuit? If ping works then you should check if the command "restrict telnet" is not configured on slave CSS.

HTH

__ __

Pablo

Hi Pablo,

I have no ACL configured and also no command "restrict telnet" is configured.

I can only telnet to the master CSS whichever holding the VRRP master role, the slave CSS is always only can be PING but not telnet ... weird!!

Hi Ian,

Thanks and noted. It is not a requirement because I do not want to have another failover happened again when the preempted unit comes alive. Anyway, your comments is noted.

I should have used management port with another IP for Telnet to manage the box, am I right?

Well you can (I like to) but its a matter of choice. Its good for out of band management to another switch...but it's not necessary. You should be able to telnet to your other interfaces though and to be honest telnet doesn't use much in the way of bandwidth.

You might want to consider the app_session commands though. They are really smart and then you can use the comit_Vip_redundancy scripts to automatically backup your config from your primary to secondary CSS. It's a built in script and saves a lot of time. You can even program it using expect or something to do a nightly backup/copy.

Also, like I said the rcmd command is great if you are connected to one of the CSS and want to issue a command on the other...no need to open up another putty session...but thats just being lazy

Regards,

Ian