Руководство Пользователя для Cisco Cisco Email Security Appliance C170
8-26
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 8 Centralized Management
The best way to create your override or exceptional settings is to copy the settings from the higher (e.g.
cluster) level down to a lower (e.g. group) level.
cluster) level down to a lower (e.g. group) level.
For example, after creating the cluster our
dnsconfig
settings initially looked like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: No
Group Rome: No
Machine lab2.cable.nu: No
If we "Copy to Group" the DNS settings, it will look like this:
Configured at mode:
Cluster: Yes
Group Main_Group: No
Group Paris: Yes
Group Rome: No
Machine lab2.cable.nu: No
Now you can edit the Paris group-level DNS settings, and other machines in the Paris group will inherit
them. Non-Paris machines will inherit the cluster settings, unless they have machine-specific settings.
Besides DNS settings, it is common to create group level settings for SMTPROUTES.
them. Non-Paris machines will inherit the cluster settings, unless they have machine-specific settings.
Besides DNS settings, it is common to create group level settings for SMTPROUTES.
Tip: when using the CLI CLUSTERSET function in various menus, you can use a special option to copy
settings to All Groups, which is not available through the GUI.
settings to All Groups, which is not available through the GUI.
Tip: complete listeners will be automatically inherited from the group or cluster, and you normally only
create these on the first system in the cluster. This reduces administration considerably. However, for
this to work you must name the Interfaces identically throughout your group or cluster.
create these on the first system in the cluster. This reduces administration considerably. However, for
this to work you must name the Interfaces identically throughout your group or cluster.
Once the settings are defined correctly at the group level, you can join machines to the cluster and make
them part of this group. This requires two steps:
them part of this group. This requires two steps:
First, to join our remaining 4 systems to the cluster, we run
clusterconfig
on each. The larger and more
complex the cluster, the longer it takes to join, and this can take several minutes. You can monitor the
joining progress with the LIST and CONNSTATUS sub-commands. After the joins are complete you can
use SETGROUP to move the machines from the Main_Group into Paris and Rome. There is no way to
avoid the fact that initially, all machines added to the cluster inherit the Main_Group settings, not the
Paris and Rome settings. This could affect mail flow traffic if the new systems are already in production.
joining progress with the LIST and CONNSTATUS sub-commands. After the joins are complete you can
use SETGROUP to move the machines from the Main_Group into Paris and Rome. There is no way to
avoid the fact that initially, all machines added to the cluster inherit the Main_Group settings, not the
Paris and Rome settings. This could affect mail flow traffic if the new systems are already in production.
Tip: do not make your lab machines part of the same cluster as your production machines. Use a new
cluster name for lab systems. This provides an added layer of protection against unexpected changes
(someone changing a lab system and accidently losing production mail, for example).
cluster name for lab systems. This provides an added layer of protection against unexpected changes
(someone changing a lab system and accidently losing production mail, for example).
Summary of GUI Options for Using CM Settings Other Than the Cluster Default
Override settings, and start with default settings. For example, the default settings for the
SMTPROUTES configuration is a blank table, which you can then build from scratch.
SMTPROUTES configuration is a blank table, which you can then build from scratch.