06-12-2007 12:39 AM
Hi
I'm new to the ACE modul and trying to set up some szenarios and i run already into some troubles.
Question 1)
I configured redundancy to another module - virtulised mode. Config sync between the context worked fine. If i change s'thing in the activ context it was copied to the standby context. But if i changed something in the active Admin context it was not copied to the standby Admin context.
Question 2)
FT Switchover in the Admin context is not possible returns the following fault:
ACE_Switch08/Admin# ft switchover
This command will cause card to switchover (yes/no)? [no] yes
Invalid FT group. FT switchover command will be ignored.
ACE_Switch08/Admin#
If I switch a single FT group it works. But how is it possible to switch all FT groups a the same time? Do i have to switch each context by itself?
Question 3)
After i have switched the active context to the standby context, the ft group x command shows both peers as active. After i take the standby ft group no inservice and back inservice it shows correctly Active and standby_HOT.
The configuration:
hostname ACE_Switch08
boot system image:c6ace-t1k9-mz.3.0.0_A1_4a.bin
resource-class RC1
limit-resource all minimum 10.00 maximum equal-to-min
class-map type management match-any REMOTE_ACCESS
description -- Remote Access traffic match --
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
interface vlan 2100
ip address 172.29.190.16 255.255.255.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 2020
ip address 192.168.100.1 255.255.255.0
peer ip address 192.168.100.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 2020
ip route 0.0.0.0 0.0.0.0 172.29.190.1
context sf0-2200
allocate-interface vlan 2201
allocate-interface vlan 2207
member RC1
context sf0-2220
allocate-interface vlan 2221
allocate-interface vlan 2227
member RC1
ft group 1
peer 1
no preempt
priority 200
peer priority 150
associate-context sf0-2200
inservice
ft group 2
peer 1
no preempt
priority 200
peer priority 150
associate-context sf0-2220
inservice
username admin password xxx role Admin domain
default-domain
username www password xxx role Admin domain de
fault-domain
Any help is appreciated
pat
06-12-2007 03:14 AM
Hi Pat,
1)
for my config i just put the "user" or "backend" contexts into ft groups. I don't sync the admin contexts on both aces. I am not even sure if that makes sense or is "best practicse".
So if you don't put the admin context into an extra ft group it won't be synced. you have to configure the admin contexts on each physical ace separately.
Putting the contexts sf0-2200 & sf0-2220 into an ft group and not having an ft group for admin is the way to go IMHO.
2)
If you do a switchover you always have to specify which context you want to switchover. I don't think that you can actually switchover a whole bunch of contexts with this command. If you want to do that a reload is the only way AFAIK.
Try:
ft switchover 1
ft switchover 2
3)
This could be because you have not configured the other ACE's admin context to participate in the ft properly.
My configs looke like this.
ACE01:
ft interface vlan 777
ip address 172.16.99.1 255.255.255.252
peer ip address 172.16.99.2 255.255.255.252
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 777
query-interface vlan 444
ft group 3
peer 1
priority 150
peer priority 110
associate-context FOO
inservice
ft group 4
peer 1
priority 150
peer priority 110
associate-context BAR
inservice
ft group 2
peer 1
priority 150
peer priority 110
associate-context FOO-BAR
inservice
----
ACE02:
ft interface vlan 777
ip address 172.16.99.2 255.255.255.252
peer ip address 172.16.99.1 255.255.255.252
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 777
query-interface vlan 444
ft group 2
peer 1
no preempt
priority 110
peer priority 150
associate-context FOO
inservice
ft group 3
peer 1
no preempt
priority 110
peer priority 150
associate-context BAR
inservice
ft group 4
peer 1
no preempt
priority 110
peer priority 150
associate-context FOO-BAR
inservice
----
Hope that helps
Roble
06-12-2007 03:47 AM
Hi Roble
Thanks for your replay. We solved the problem earlier that day and it was exactly as you described. Sadly the documents on CCO from Cisco doesn't mention the fact, that the admin has also to be in a ft group.
And whats even worse, that you cannot switch all ft groups together... we have 50 context in our serverfarm... will be a lot of work if i have to switch them all -> reboot could be the solution, but a bad one....
thanks again.
pat
06-12-2007 04:21 AM
So you have the admin group in an ft group now and sync the configs between both?
In my opinion you might encounter some problems because the second ace needs some "unique" configuration settings like ip address and other stuff which will probably get overwritten by a sync.
I tried the "admin context in a ft group" approach with an earlier A2 release of the ACE and always ran into this problem. Afterwards i never bothered with it again. Anyhow good to hear you solved your issues.
Viel Spass weiterhin...
Roble
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: