cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1655
Views
0
Helpful
5
Replies

ACE ft difficulty

lou_young
Level 1
Level 1

I'm having a difficult time getting the ft configuration on my two ACE modules to work. This is my development pair. My production pair is working fine and they seem to be configured the same way. I believe this pair was working at one point, but I had a contractor in here working on a problem and between upgrading the code on the ACE and screwing around with certs, they lost their syncronization.

When I got around to looking at them, they were showing their ft peers in an UNKNOWN state. I sync'd up all the certs and got both of the ACEs on the same code level, but they refused to leave the UNKNOWN state. I deleted the FT groups and re-configured them, but now they are both showing their peer in the INIT state. Each ACE can ping their peers FT VLAN IP address.

Can any see what I may have done wrong here?

Here's the config:

ACE 1:

ft interface vlan 226

ip address 172.20.26.13 255.255.255.0

peer ip address 172.20.26.14 255.255.255.0

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 226

ft group 1

peer 1

peer priority 200

associate-context Admin

inservice

ft group 2

peer 1

peer priority 200

associate-context DevQAExternalDMZ

inservice

PHXDevACE01/Admin# sho ft grou bri

FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT

Context Name: Admin Context Id: 0

FT Group ID: 2 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT

Context Name: DevQAExternalDMZ Context Id: 1

ACE 2:

ft interface vlan 226

ip address 172.20.26.14 255.255.255.0

peer ip address 172.20.26.13 255.255.255.0

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 226

ft group 1

peer 1

associate-context Admin

inservice

ft group 2

peer 1

associate-context DevQAExternalDMZ

inservice

PHXDevACE02/Admin# sho ft grou bri

FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT

Context Name: Admin Context Id: 0

FT Group ID: 2 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT

Context Name: DevQAExternalDMZ Context Id: 1

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

strange.

I'm not sure if this will change anything but on ACE1 you set peer priority to 200 but define no priority for the device itself.

On ACE2 you did not define any priority.

So, if you want ACE1 to be active, use the command 'priority 200' and remove the 'peer priority 200'.

If after that the problem persist, collect the following info :

switch/Admin# sho ft history ?

cfg_cntlr Display Cfg Cntlr debug log

ha_dp_mgr Display HA-DP Manager's debug log

ha_mgr Display HA Manager's debug log

and let us know which version you run.

Gilles.

Thanks for the catch on the priority commands. I've made those changes and it didn't make a different on the status of the ft. They both show their peer as INIT.

I'm running Version 3.0(0)A1(6.3a).

Attached is the info you requested.

Just my 2 cent. Are you sure vlan 226 is correctly trunked between the two chassis?

If both blades are in init state maybe there is an inter-chassis communication problem.

Roble

The blades are actually in different chassis' and they are both able to ping their peers ft interface.

lou_young
Level 1
Level 1

What ended up fixing this was a simultaneous reboot of both ace blades. Not exactly what I call a good fix. Still not sure what got them into the state they were in in the first place.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: