Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

Failover - ACL order changed

rsommer
Level 1
Level 1

‎02-17-2004 11:27 AM - edited ‎02-20-2020 09:23 PM

We have a pair of 525 configured for stateful failover. Recently we had a failover, and found that after the fail - some ACL items were in different locations - as in a bottom "deny all" ended up in the middle. Not good. We save the config to flash after changes. We do not do a write standby.

Any idea as to what could have caused that?

Note: Recent changes (1 day old) made prior to the pix were present after the failover...just some jumbled up ACL's.

Labels:
0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎02-19-2004 09:02 AM

Hi,

tried to search for any known bugs, but no hits.

are you 100% that the config in the flash were different then the running config

If this is reproduceable, then seems to be a bug.

Thanks

Nadeem

0 Helpful

rsommer
Level 1
Level 1
In response to nkhawaja

‎02-19-2004 10:25 AM

I can't be sure if the configs were the same in flash - we save the config after changes (write mem). Is that good enough? (I thought that wrote to the standby PIX also.)

Since failover is quick - I was under the assumption that the dynamic (DRAM) config was being used in the secondary. True? Or after a fail is the config loaded from flash?

Is the command "write standby" a good practice?

It seems odd that the things that were missing were not the most recent. Recent changes were present after the fail.

Thanks for the reply and the time you spent on this.

Rick

0 Helpful
Customers Also Viewed These Support Documents