Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover - ACL order changed

We have a pair of 525 configured for stateful failover. Recently we had a failover, and found that after the fail - some ACL items were in different locations - as in a bottom "deny all" ended up in the middle. Not good. We save the config to flash after changes. We do not do a write standby.

Any idea as to what could have caused that?

Note: Recent changes (1 day old) made prior to the pix were present after the failover...just some jumbled up ACL's.

Cisco Employee

Re: Failover - ACL order changed


tried to search for any known bugs, but no hits.

are you 100% that the config in the flash were different then the running config

If this is reproduceable, then seems to be a bug.



New Member

Re: Failover - ACL order changed

I can't be sure if the configs were the same in flash - we save the config after changes (write mem). Is that good enough? (I thought that wrote to the standby PIX also.)

Since failover is quick - I was under the assumption that the dynamic (DRAM) config was being used in the secondary. True? Or after a fail is the config loaded from flash?

Is the command "write standby" a good practice?

It seems odd that the things that were missing were not the most recent. Recent changes were present after the fail.

Thanks for the reply and the time you spent on this.


CreatePlease to create content