clock timezone Asia/Chongqing
ip domain-name oa.gdb.local
ip name-server 10.0.0.1
ntp server 10.0.0.1
ad-agent-configuration dns.dc.oa.test.local S001DC016.oa.test.local
show ad-agent-configuration oa.test.local进行查看
Attribute-Value（AV） Pairs 属性和值的pairs
Radius Attribute Type 26 表示厂商私有属性 是专门给厂商自己定义的
下面的value 9表示cisco type 1表示Cisco-AVPair
下面的value 2636就是juniper的 311是微软的 下面的可以是厂商自己定义的
Configuration replication is the function of synchronizing the configuration of the primary PIX Firewall to the secondary PIX Firewall. For configuration replication to succeed, both the primary and secondary PIX Firewalls must be exact matches of each other in both hardware and software (as previously stated). Configuration replication occurs over the failover cable from the active PIX Firewall to the standby PIX Firewall when any of these three events occurs:
When the standby PIX Firewall completes its initial bootup, the active PIX Firewall replicates its entire configuration to the standby PIX Firewall.
As commands are entered on the active PIX Firewall, they are sent across the failover cable to the standby PIX Firewall.
By entering the write standby command on the active PIX Firewall, which forces the entire configuration in memory to be sent to the standby PIX Firewall.
Configuration replication only occurs from the running config of the Primary to the running config of the Secondary. Because this is not a permanent place to store configurations, you must use the write memory command to write the configuration into NVRAM on both units. If failover occurs during replication, the new active PIX Firewall will have only a partial configuration. To recover from a configuration synchronization failure, you will need to force the Primary back to active and use the write standby command to update the Secondary.
A failover occurs when one of the following situations takes place:
The standby active command is issued on the Primary PIX.
The failover active command is issued on the Secondary PIX.
Block memory exhaustion occurs for 15 consecutive seconds or more on the active PIX Firewall
Network Interface Card (NIC) status. If the Link Status of a NIC is down, the unit will fail. "Down" means that the NIC is not plugged into an operation port. If a NIC has been configured as "down," it does not fail this test.
Failover Network communications. The two units send "hello" packets to each other over all network interfaces. If no "hello" messages are received for two failover poll intervals, the non-responding interface is put in testing mode to determine who is at fault.
Failover cable communication. The two units send "hello" messages to each other over the failover cable. If the standby doesn’t hear from the active within two failover poll intervals, and the cable status is OK, the standby takes over as active.
Cable errors. The failover cable is wired so that each unit can distinguish between:
- A power failure other unit.
- A cable unplugged this unit.
- A cable unplugged other unit.
If the standby detects that the active is powered off (or reload/reset), it takes active control. If the failover cable is unplugged, a syslog is generated but no switching will occur.