Help in setting two ACE appliances in redundancy

Answered Question
Sep 24th, 2008

Can you please provide a sample configuration on setting up two ACE appliances for redundancy. Also, if you have two redundant ACEs, does the config is copied from the active to the standby or do i have to configure the standby separately?

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 8 years 1 month ago

From the following link

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/command/reference/if.html#wp1068700

"ACE automatically includes the FT VLAN in the VLAN trunk link"

It means FT ports are put by default in trunk mode. Could you change the ports on the switches to trunk port and see if it works.

Syed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
ronnel.maranan Thu, 11/06/2008 - 12:39

not sure why but the link doesnt work for me... to give you an idea i copied the config on my two aces... can you please advise what is wrong with these configs... when i view the status of the the fault tolerant all the heartbeats being sent are missed.

*************************

hostname FP_ACE_PlanB_1

interface gigabitEthernet 1/1

switchport trunk allowed vlan 2

no shutdown

interface gigabitEthernet 1/2

shutdown

interface gigabitEthernet 1/3

shutdown

interface gigabitEthernet 1/4

description ACE_Heartbeat

ft-port vlan 320

no shutdown

access-list ALL line 8 extended permit ip any any

class-map type management match-any remote_access

201 match protocol icmp any

202 match protocol telnet any

203 match protocol ssh any

204 match protocol https any

205 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 2

ip address 10.146.2.22 255.255.255.0

alias 10.146.2.21 255.255.255.0

peer ip address 10.146.2.23 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

ft interface vlan 320

ip address 10.146.1.233 255.255.255.252

peer ip address 10.146.1.234 255.255.255.252

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 320

query-interface vlan 2

ft group 1

peer 1

priority 200

peer priority 50

associate-context Admin

inservice

ip route 0.0.0.0 0.0.0.0 10.146.2.1

************************

hostname FP_ACE_Prodn_1

interface gigabitEthernet 1/1

switchport trunk allowed vlan 2

no shutdown

interface gigabitEthernet 1/2

shutdown

interface gigabitEthernet 1/3

shutdown

interface gigabitEthernet 1/4

description ACE_Heartbeat

ft-port vlan 320

no shutdown

access-list ALL line 8 extended permit ip any any

class-map type management match-any remote_access

2 match protocol xml-https any

4 match protocol icmp any

5 match protocol telnet any

6 match protocol ssh any

7 match protocol http any

8 match protocol https any

9 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 2

ip address 10.146.2.23 255.255.255.0

alias 10.146.2.21 255.255.255.0

peer ip address 10.146.2.22 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

ft interface vlan 320

ip address 10.146.1.234 255.255.255.252

peer ip address 10.146.1.233 255.255.255.252

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 320

query-interface vlan 2

ft group 1

peer 1

priority 50

peer priority 200

associate-context Admin

inservice

ip route 0.0.0.0 0.0.0.0 10.146.2.1

Syed Iftekhar Ahmed Thu, 11/06/2008 - 15:08

How are the two ACE appliances connected?

Are they using an intermediate switch or a cross cable?

Syed

ronnel.maranan Thu, 11/06/2008 - 17:23

the ft-port for both ACE are connected using an intermediate switch which are configured as an access port and with access to vlan 320

Ronnel

ronnel.maranan Thu, 11/27/2008 - 11:44

you have to make the ft vlan the native vlan in the trunk in order to work.

switchport trunk native vlan "your ft vlan"

Actions

This Discussion