Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

replacing a clustered machine


We are going to replace our clustered C600 series by C650 machines.
Since we have a rather complex firewall config I like to do a “in-place” machine swap.
What I’m planning to do is the following:
• Give the new machine IP addresses as our production machines have now
• Install the certificates on the new machine
• Shut down the listeners of the new machine
• Shut down the new machine
• Shut down the listeners on the old machine
• Wait until the queue’s are empty
• Remove the machine from the cluster
• Shutdown the machine
• Replace the C600 by the C650
• Connect only the management interface and boot the machine
• Check if the listeners are still stopped
• Connect DATA1 and DATA2
• Check if the connectivity is as expected (can I connect to my internal mail servers, can I connect to internet mail servers)
• Check if DNS is working
• Add the machine to the cluster.
• Check the configuration
• Start the listeners

I have a few questions:
• Is this a good / safe approach or am I overlooking something?
• Is it sensible to install the certificates while the machine is still stand-alone or will I have to do it after machine has become a part of the cluster? (it’s a terrible job so I like to do it only once)
• When I stop the listeners before shutting down the machine, will they stay stopped after booting the systems again or will they be started automatically?

All input / responses are appreciated. Thank you!


New Member

Re: replacing a clustered machine

I can't see any traps in your approach so far.

IMHO, you should install certificates before joining the cluster if you use them for TLS connections. As soon as the machine is part of the cluster it has listeners defined which will be active for incoming connections. These connection may fail if the sender expects official certificates.

The listeners stay suspended after a reboot.


CreatePlease to create content