# (Optional) Deploy the secondary NSX Autonomous Edge in HA mode (on-premises site)

## <mark style="color:green;">O</mark><mark style="color:green;">**verview**</mark> <a href="#overview" id="overview"></a>

Optionally, use the following steps to deploy a secondary NSX-T Autonomous Edge (Layer 2 VPN client) in HA mode in your on-premises environment:

| **#** | **OVF Template Name** | **Port Group**   | **Primary Node**                                             | **Second Node (optional)**                                                                                 | **Remark**                      |
| ----- | --------------------- | ---------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------- | ------------------------------- |
| 1     | Network 0             | Management       | <mark style="background-color:yellow;">192.168.137.79</mark> | <mark style="background-color:yellow;">192.168.137.</mark>8<mark style="background-color:yellow;">0</mark> |                                 |
| 2     | Network 1             | Uplink           | <mark style="background-color:yellow;">192.168.138.77</mark> | –                                                                                                          | must to have access to internet |
| 3     | Network 2             | Trunk            | –                                                            | –                                                                                                          |                                 |
| 4     | Network 3             | – (HA, optional) | <mark style="background-color:yellow;">192.168.137.81</mark> | 1<mark style="background-color:yellow;">92.168.137.82</mark>                                               |                                 |

## <mark style="color:green;">**Procedure**</mark> <a href="#procedure" id="procedure"></a>

{% stepper %}
{% step %}
**Step 1:** Follow the steps in [Deploy NSX Autonomous Edge (on-premises site)](https://higio-support.atlassian.net/wiki/spaces/v2/pages/69992630) until you reach the **Customize template** step.
{% endstep %}

{% step %}
**Step 2:** On the **Customize template** step, do the following instead:

* In the **Application** section, do the following:
  * Set the **System Root User Password**.
  * Set the **CLI "admin" User Password**.
  * Select the **Is Autonomous Edge** checkbox.
  * Leave the remaining fields empty.

{% hint style="warning" %}
NSX Edge core services do not start unless you enter passwords meeting these requirements:

At least 12 characters

At least one uppercase letter

At least one lowercase letter

At least one digit

At least one special character

At least five different characters
{% endhint %}

* In the **Network Properties** section, do the following:

  * Set the **Hostname**.
  * Set the **Management Network IPv4 Address**. This is the management IP for the autonomous edge.
  * Set the **Management Network Netmask**. This is the management network prefix length.
  * Set the **Default IPv4 Gateway**. This is the default gateway of the management network.

  <figure><img src="/files/ih0AVBMENaPU5KtfjLXL" alt=""><figcaption></figcaption></figure>
* In the **DNS** section, do the following:
  * In the **DNS Server list** field, enter the DNS server IP addresses separated by spaces.
  * In the **Domain Search List** field, enter the domain name.
* In the **Services Configuration** section, do the following:
  * Enter the **NTP Server List**.
  * Enter the **NTP Servers**, separated by spaces.
  * Select the **Enable SSH** checkbox.
  * Select the **Allow Root SSH logins** checkbox.
* Leave **External** section empty.
* In the **HA** section, do the following:

-Enter the **HA Port** details in the following format: VLAN\_ID, Exit Interface, IP, Prefix Length.

*For example:* *137,eth2,192.168.137.81,24*. Replace the following values:

VLAN ID: VLAN ID of the uplink VLAN

Exit Interface: interface ID reserved for uplink traffic

IP: IP address reserved for the uplink interface

Prefix Length: prefix length for the uplink network

-In the **HA Port Default Gateway** field, enter the default gateway of the management network

-Select the **Secondary API Node** checkbox.

-In the **Primary Node Management IP** field, enter the management IP address of the primary autonomous edge.

-In the **Primary Node Username** field, enter the username of the primary autonomous edge (for example, "admin").

-In the **Primary Node Password** field, enter the password of the primary autonomous edge.

-In the **Primary Node Management Thumbprint** field, enter the API thumbprint of the primary autonomous edge.

> You can get this by connecting using SSH to the primary autonomous edge using admin credentials and running the command: “**get certificate api thumbprint**”

<figure><img src="/files/fvoFitwrCyW2qBvDS1KK" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/s4SB9A3VXp7mnCKhrAmL" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 3:** Complete the remaining OVF template deployment steps to deploy the secondary autonomous edge (on-premises Layer 2 VPN client).

<figure><img src="/files/rIOFLhgED1rQ5R6D0KE7" alt=""><figcaption></figcaption></figure>

PowerOn the second NSX autonomous edge
{% endstep %}

{% step %}
**Step 4:** Validate:

It will take some minutes to sync.

Log in to both NSX autonomous nodes, check High Availability, L2VPN\\

-Primary node:

<figure><img src="/files/Ay8bFTLJw6GNiU6XnJKg" alt=""><figcaption></figcaption></figure>

-Secondary node:

<figure><img src="/files/qfzB4ZsAfBfqwOfQEEeV" alt=""><figcaption></figcaption></figure>

-Port ID, Tunnel ID, exit interfaces are same on both nodes.

<figure><img src="/files/2qxEa2cUbliwFM0j01GU" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 5:** Failover test:

To test the NSX autonomous failover:

-Ping from on-premises to HI GIO cloud.

-Shutdown NSX autonomous primary node

-Result:

NSX autonomous secondary status will change to ACTIVE, L2 VPN = UP

<figure><img src="/files/BMUP016W23e9h4FwfAdV" alt=""><figcaption></figcaption></figure>

The connection drop \~ 5-10 seconds

<figure><img src="/files/mUds1wGpkqJlh68GT9Bu" alt=""><figcaption></figcaption></figure>

After powering on the NSX autonomous primary node, the HA status between the nodes was re-established. The secondary edge remains active, and the primary will become active only in case of additional failure.

<figure><img src="/files/m9zRWcs2V3z9iQShBJUp" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.higiocloud.vn/hi-gio-draas/stretching-layer-2-networks-for-hi-gios-draas/optional-deploy-the-secondary-nsx-autonomous-edge-in-ha-mode-on-premises-site.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.