myITmicroblog

Network design is not fixed process. Every time when we add or change something in the network, we should analyze if the network is still resilient, as it was in the original design. Let's analyze below scenario: Firewall - Fortigate 5.x Core switch - Nexus 5k NX-OS 7.X  Routing between core and firewalls - static With direct connection between FW01-Core01 and FW02-Core02 we can detect link failure easily. Firewalls here are in HA Active-Passive mode, what means the secondary box doesn't process any traffic. In case of Port1, Port2 or device failure - the secondary takes its role and sends ARP updates to the core switch. The same situation when Core01 or Core02 fails, FW01/02 can notice it and triggers failover. Let's imagine your are tasked to put IDS between core switches and perimeter firewalls, like on the diagram below: What is wrong with this scenario? Let's think if following failure scenarios are backed up: 1) FW01/Port1/Port2 failure -...

I would like to work today with Nexus5k in VTP Server mode and see what steps are necessary to recover configuration from the backup. This is the platform I have in my lab: N5548A# sh ver Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software   BIOS:      version 3.6.0   loader:    version N/A   kickstart: version 6.0(2)N2(3)   system:    version 6.0(2)N2(3)   Power Sequencer Firmware:           ...