Thank you, i didn't had the vlan 2 assigned to the ACE's.

Now when i do a switchover with a persistent pin g between hosts, the ping fails and it seems like the failover mechanism doesn't transfer the ip addresses and sessions.

When Context C is active on ACE 1, i can ping the vlan interface addresses from the ACE and from the hosts.

When i do a switchover for Context C, it gets passive on ACE 1 and active on ACE 2. Then from the ACE 2 i can't ping the vlan interface addresses nor can i ping them from hosts.

When i do a sh ft group summ on ACE 2 i get this :

FT Group : 30

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 200

My Net Priority : 200

My Preempt : Disabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100

Peer Net Priority : 100

Peer Preempt : Disabled

Peer Id : 1

No. of Contexts : 1

What am i missing here ? The configs of both ACE context are in sync.

before testing failover you should verify that the ACE-2 can access all the devices.

Make sure the rserver are alive and that you can ping them from the ACE module.

If you can't, you need to do some normal connectivity troubleshooting.

Check arp entry.

Capture sniffer trace to see if packets are coming out of the ACE module and if the server respond back, ...

Check Layer 2 cam table.

Gilles.

Make sure that you trunk the vlans necessary for the contexts between the two cat 6k5 chassis.

Ace1<->FT VLAN<->Ace2 (VLAN 2)

Cat6K <-Trunk-> Cat6K (VLAN 2,10,20 etc.)

Edit:

Checking you're ft config. I think you should put only 1 Ace with "no preempt" and make sure that you have the priorities right also.

Anyhow i am curious why you choose to put Frontend and Backend in seperate contexts?

Example:

ACE A (Primary):

ft group 10

peer 1

priority 200

peer priority 100

associate-context FRONTEND

inservice

ACE B (Secondary):

ft group 10

peer 1

no preempt

priority 100

peer priority 200

associate-context FRONTEND

inservice

I have splitted the Front End and Back End in seperate context's as we wanted to split them because of security & administration levels.

I changed the config so only 1 context is in "preempt" and 1 is in "no preempt" configuration.

What ip address should i use as gateway for the hosts communicating through the ACE ?

I now use the primary ip address of the context's of ACE01. Maybe that's the problem ?

you can't use a context for front-end and another one for back-end.

That's not the purpose of context.

Context is to separate different organisations, groups, companies, traffic from one another.

In your case you need traffic to go from 1 context to the other.

This is not possible.

So, you have to group front-end and backend into a single context.

Gilles.

Hi Gilles,

I understand what you are saying. But we've got servers with network cards in both context's. The traffic is flowing through the servers and not through the context's.

But the "gateway" problem has been solved. Thanks for the help

Sebastian