Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Out of Sync entries rise

My console shows that I have 51 of the 96 devices are out-of-sync.  I have am running up to date IOS, but it does not seem to be tied to firmware version or to model.  Many have the "VLAN:Running" is shown in the events.  When I run a sync job, it states that it was successful, but there will be no reduction in the number of items in out of sync.  Manual sync jobs come back successful, but the number rarely reduces.  I upgraded the software to run ssh, but that had no effect.

I am running a vtp environment, is the vlan.dat necessary? 

Everyone's tags (3)
10 REPLIES
Cisco Employee

Re: Out of Sync entries rise

The VLAN config is required unless you run in a VTP transparent mode.  If you don't want change events for vlan.dat (and many people do not).  Disable them under RME > Admin > Change Audit > Config Change Filter.  Check the box next to "Enable vlan Change Audit Filter".  Then changes to vlan.dat will not be seen in change audit reports.

As for out-of-sync configs, what part of the config is showing as out of sync?

New Member

Re: Out of Sync entries rise

Ok, I found that the startup config is newer than the running config according to LMS.   However, on the switch itself is a different story.

LMS

Startup - Mar 23, 2010 14:52:36                   Running - Mar 22, 2010 10:41:52

The switch shows:

Startup - Mar 23, 2010 13:57                       Running - Mar 23, 2010 13:57

I just changed the line


clock summer-time DST date Mar 7 2010 2:00 Nov 7 2010 2:00

from its current

clock summer-time DST date Mar 8 2009 2:00 Nov 8 2009 2:00

This did not reduce the out of syncs.

I began tracing that part down.  Where is the definitive location to get the answer to that question?

UPDATE:

I just looked one more time and found that the running config shows the certif. while the startup does not.

Cisco Employee

Re: Out of Sync entries rise

This certificate out-of-sync problem should be fixed in RME 4.3.1.  I cannot reproduce.  I took a 7206 running 12.4(24)T, and noticed quite a few config diffs between startup and running (including the cert).  I did a write mem on it, then did a sync archive job in RME where I fetched both the startup and the running config.  I then went to Out-of-sync Summary, and the device was gone.

What protocol are you using to fetch the config?  What version of code is your device running?  Have you performed a sync archive job with the "Fetch Startup Config" box checked?

New Member

Re: Out of Sync entries rise

I FOUND SOMETHING!!!

The 50 units that are not reporting properly have these things in common:

1.  They are all running version 12.2(52)SE

2.  They all see the startup-config is newer than the running-config.

3.  The switches show the software at the same date and time.

4.  Credentials are ok

5.  They all are running SSH.

6.  Deleting them and letting the discovery process pick them up does not fix the problem.

7.  Units running 12.2(35) and other versions are fine.

8.  The models involved are WS-C2960G-48TL-L, WS-C2960G-24TL-L, and WS-C2975GS-48PS-L.

9.  I could not find a 12.2(52)SE version that was working.

Summation:  It looks to be the IOS version.  I am testing my hypothesis now.

New Member

Re: Out of Sync entries rise

I went ahead and updated an additional 2960 to 12.2(52)se.  This is a K9 edition.   Before upgrading this unit, the machine was not out of sync.  After the out of sync count went up by one.  I also upgraded a 3750, it also went from 'in-sync' to 'out of sync' after the edition.

I felt it might have something to do with ssh, or the like, but I have 2950's that are at 12.1.22.ea13.  This does not have any problem with newer secure versions on 2811 routers.

Symptom:  Out of syncs are 53.  Sync the systems does not change this.  Manual review of the equipment shows the versions to be the same.  LMS shows the startup-config to be newer than the running-config.  (Yes, startup is newer than running).

Credentials on all the devices are SSH enabled, and Credetials tests show no problems.

Machines at version 12.2.(46)se are fine, and show no problems.

Models seen in:  WS-C2960-24TT-L, WS-C2960G-24TL-L, WS-C2960G-48TL-L, WS-C2975SX-48P, WS-C3750G-24TL-L

Cisco Employee

Re: Out of Sync entries rise

I have a 3550 running 12.2(52)SE in the lab.  I'll see if I can reproduce this behavior.  It would be helpful to see your current running and startup configs as well as the diffs you see in RME.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: Out of Sync entries rise

Here is a presentation of the issue.  I think I put in enough information.  If you need more please tell me.

Cisco Employee

Re: Out of Sync entries rise

I would like to see the out-of-sync configs with the Diffs Only box checked.  I have been unable to reproduce locally using my 3550 with SSH transport.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: Out of Sync entries rise

Here you go.

New Member

Out of Sync entries rise

Hi Robert, Did you get it working? i am having the same issue, and same difference as per your attached file,

Looks like crypto keys are not getting copied.

How to fix this ?:-s i am stuck. i read all thread regarding this issue, but no resolution.

1089
Views
0
Helpful
10
Replies
CreatePlease to create content