NAC CAM HA-Pair database sync

Kristen Sims · ‎04-21-2010

How do I know if my CAM HA-Pair's database is syncronized between the two.

We are currently running a "white list" by mac-address and every once in a while, a MAC is entered into the filter list as "allow", but then has to be

re-entered again. Also the peer standby was 'dead' this morning and no-one could access the Web GUI. I had to restore the database to get it back up and running. Last time this happened, database restores did not work and TAC had me rebuild the one CAM.

If the active CAM that is running, is actually the CAM that is configured as the secondary, should I failover, so the CAM that was originally configured as the primary is running as the active?? Could that be what seems to be database sync issues?

Faisal Sehbai · ‎04-21-2010

Kristen,

Once you configure HA both the CAMs are completely equal in their capabilities and there is no discernable difference between them. Once they're configured one becomes active, and the other becomes the standby. At that point in time, it doesn't matter which one you configured for Primary or Secondary.

Re-check your HA config and ensure it doesn't say the other peer as dead. If it is, it points towards HA or heartbeat problems, and that might be why you're not seeing the sync happen successfully.

HTH,

Faisal

Kristen Sims · ‎04-21-2010

The other peer is not dead anymore. I just wanted to be sure that the database does sync and didn't know if there is a

command or something that I can look at to make sure that the database is sync'd on both.

Thanks!

Faisal Sehbai · ‎04-21-2010

Kristen,

Try running the /perfigo/common/bin/fostate.sh command on both CAMs One should return "I'm active, other guy is standby" and the other should say "I'm standby, other guy is active"

If you see that output, it means HA is working and sync's happening. If you see anything else, then there's issues with your HA setup that will need to be looked at.

HTH,

Faisal