Rebuild a NSRP Cluster

Configure the items that are unique to the box (Managment IP, SNMP, etc.)

On the active box, set the priority lower than the new box. The closer to 0 the more preferred.
set nsrp vsd-group id 0 priority 1

Copy the NSRP config from the running box and verify the cluster is up and working.
PUBLIC-CLUSTER:PUBLIC-FW-2(B)-> get nsrp
nsrp version: 2.0
cluster info:
cluster id: 1, name: PUBLIC-CLUSTER
local unit id: 8996608
active units discovered:
index: 0, unit id: 8996608, ctrl mac: 00228389470d, data mac: 00228389470d
index: 1, unit id: 111360, ctrl mac: 001db501b30d, data mac: 001db501b30d
total number of units: 2
VSD group info:
init hold time: 5
heartbeat lost threshold: 3
heartbeat interval: 1000(ms)
master always exist: enabled
group priority preempt holddown inelig master PB other members
0 100 yes 3 no 111360 myself
total number of vsd groups: 1
Total iteration=267567,time=481125964,max=20277,min=85,average=1798
RTO mirror info:
run time object sync: enabled
route synchronization: disabled
ping session sync: enabled
coldstart sync done
nsrp data packet forwarding is enabled
nsrp link info:
control channel: ethernet0/9 (ifnum: 13) mac: 00228389470d state: up(probe)
data channel: ethernet0/9 (ifnum: 13) mac: 00228389470d state: up(probe)
ha secondary path link not available
NSRP encryption password: 86t459W4q9
NSRP authentication password: 74H6GqxB67
device based nsrp monitoring threshold: 255, weighted sum: 0, not failed
device based nsrp monitor interface: ethernet0/8(weight 100, UP) ethernet0/7(weight 100, UP) bgroup0/0(weight 100, UP) bgroup1/0(weight 100, UP)
device based nsrp monitor zone:
device based nsrp track ip: (weight: 255, disabled)
number of gratuitous arps: 4 (default)
config sync: enabled
track ip: disabled

Copy the config (cut-n-past) except for the rule base, groups, customer ports, etc. Save the config and reset To enable the automatic synchronization of configurations, use the set nsrp config
sync CLI command on all members in the cluster

To discover if the configuration of one device is out of sync with that of another, use the exec nsrp sync global-config check-sum command

PUBLIC-CLUSTER:PUBLIC-FW-2(B)-> exec nsrp sync global-config check-sum
PUBLIC-CLUSTER:PUBLIC-FW-2(B)-> *configuration in sync*

To synchronize PKI objects, such as local and CA certificates, key pairs, and CRLs, use CLI exec nsrp sync global-config save CLI command.

Leave a Reply

Your email address will not be published. Required fields are marked *