![]() ![]() Toggle lets you easily enable or disable flow mobility for a particular class of traffic or applications. See the site-idcommand.Ĭluster-level configuration to enable flow mobility-You must also enable flow mobility at the cluster level. Site IDs-The ASA uses the site ID for each cluster unit to determine the new owner. See the cluster flow-mobility lisp command. Service Policy to enable flow mobility on specified traffic-You should enable flow mobility on business-critical traffic.įor example, you can limit flow mobility to only HTTPS traffic, and/or to traffic to specific servers. With a source IP address of the first hop router and a destination address of the ITR or ETR. For example, you should inspect LISP traffic The ASA maintains an EID table that correlates the EID and the site ID. LISP traffic inspection-The ASA inspects LISP traffic for the EID-notify message sent between the first hop router and the See the policy-map type inspect lisp, allowed-eid,and validate-key commands. Include EIDs for the 2 sites involved with the cluster. For example, if the cluster is only involved with 2 sites, but LISP is running on 3 sites, you should only (Optional) Limit inspected EIDs based on the host or server IP address-The first hop router might send EID-notify messagesįor hosts or networks the ASA cluster is not involved with, so you can limit the EIDs to only those servers or networks relevant LISP integration, the ASA cluster members can inspect LISP traffic passing between the first hop router and the ETR or ITR,Īnd can then change the flow owner to be at the new site.Ĭluster flow mobility includes several inter-related configurations: The ASA inspects LISP traffic for location changes and then uses this information for seamless clustering operation. The clear lisp eidcommand clears EID entries in the table.Ībout LISP Inspection for Cluster Flow Mobility The following table shows the modes in which you can enter the command: ![]() Removes the specified IP address from the EID table. To clear the ASA EID table, use the clear lisp eidcommand in privileged EXEC mode.Ĭlear lisp eid Syntax Description clear user-identity user no-policy-activated.clear user-identity ad-agent statistics.clear user-identity active-user-database. ![]() clear service-policy inspect radius-accounting. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |