Box-to-Box redundancy question ?

Answered Question
Mar 30th, 2007
User Badges:

guys,

i have two CSS 11506 configured as Box-to-Box Master/Backup mode.


im trying to apply the commit_redundancy "argument" command from the Master CSS


the configuration has been sent to the Backuo EXCEPT the commands related to ssl certiface that the process fail:

associate rsakey

associate cer

thats because i have generate the cer and rsakey on each CSS with different names.


is there anything that can help me? or i have to re-generate the cer and rsakey again with the same name ??


please check the attached file that will clarify my point !!


please advice,

Thanks in advance



Attachment: 
Correct Answer by joquesada about 10 years 2 months ago


Dear Hasan,


Is great to know that the sync worked fine. It is an indicator that everything is ok.


If the config is the same in both boxes, SSL should work fine in the backup CSS as it is working on the master CSS.


Kindest regards,


Jose.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
joquesada Fri, 03/30/2007 - 15:33
User Badges:
  • Bronze, 100 points or more


Dear Hasan,


As you correctly said, having the SSL files with different names is definitely going to cause a failure on the sync script.


Unfortunately, the only way to fix this is by having the same certs and keys on both CSS'; but you don't need to create new certs and keys, as you can export the certs and keys you have on CSS1.


The command to export the certs off the CSS1 is: 'copy ssl..'


Here is the reference: http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/cmdrefgd/cmdgena.htm#wp1030885


Actually, if you create new certs and keys, there is a possibility that the files would have a different amount of bytes than the ones you have on CSS1, if that happens, the script would fail due to a different byte count between the CSS'.


Thanks & Regards,


Jose Quesada.


hassan_oudeh Mon, 04/02/2007 - 02:15
User Badges:

Dear Jose,


i have exported the files from CSS1 and importes them to CSS2,

but im trying now to apply commit_redundany command and still showing me failed to synch

here you have the output that i got:


CSS1# commit_redundConfig "10.0.207.18 -d -s"

Checking the disk space locally before continuing with the script.

COMMIT_REDUNDANCY Version: 4.6

Verifying that ip redundancy is activated on Master switch.

Verifying that app session is up with backup switch.

Making sure app session is up.

Seconds to wait before calling it quits: 120

Checking the disk space remotely before continuing with the script.

Config Sync Failed.


CSS1# commit_redundConfig "10.0.207.18"

Checking available disk space on systems ...

Verifying app and redundancy configs ... /|-\-

Previous synchronization still occurring on remote switch.


i tired to dissconnet and restart CSS2 (Backup) but still im getting that message "Previous synchronization still occurring on remote switch."


please advice,

Thanks,

hasan odeh

Gilles Dufour Mon, 04/02/2007 - 05:01
User Badges:
  • Cisco Employee,

try the '-f' option for FORCE.

Also, since it failed the first time after checking disk space I would suggest to do a 'show disk' and see if you have empty space.


If not clear some of your log files or core files before running the config synch script again.


Gilles.

hassan_oudeh Tue, 04/03/2007 - 11:32
User Badges:

Gilles,


i tried the "-f" and its working fine now :-)


Jose

i tried also the import and export and i have no issue when doing the commit_redundConfig, all of the configuration replicated the to the CSS2 (Backup) including the CSS associate


but i didnot test the SSL request from the CSS2, but i think when it has been taken it should work, am i right ?


Thanks guys,


Correct Answer
joquesada Tue, 04/03/2007 - 12:29
User Badges:
  • Bronze, 100 points or more


Dear Hasan,


Is great to know that the sync worked fine. It is an indicator that everything is ok.


If the config is the same in both boxes, SSL should work fine in the backup CSS as it is working on the master CSS.


Kindest regards,


Jose.


Actions

This Discussion