Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
855
Views
0
Helpful
2
Replies

ACE 4710 Redundant Appliance Telnet Issue

pauldzummo
Level 1
Level 1

‎01-22-2013 01:43 PM

I have a pair of ACE 4710's that I am deploying within a datacenter.  The primary and secondary ACE appliances have identical configurations except for the IP addressing and priorities for FT.  The FT peer is going into a TL error state. 

On the primary ACE appliance, I am able to ping and telnet from/to it without any issues.  All of the routing works as it should and everything is seen in the ARP table as it should.  The secondary appliance is able to ping everywhere, but telnet out of or into that appliance does not work.   

This is very odd behavior.  I am able to see the IP addresses in the arp table and can successfully ping end to end from the secondary device, just unable to telnet into or out of it.  When I try to telnet out of the secondary device, it reports that there is no route, even though the IP's I am trying to telnet to are directly connected and those interfaces are up and working (otherwise ping would fail).  Please keep in mind that the exact same filters (access-lists, service-policies) are configured in the exact same format and applied to the exact same interfaces. 

Has anybody run into this issue before?  I tried removing all of the fault tolerance configurations and just created a Layer 3 vlan interface for management and I am still unable to telnet into or out of the appliance.  This is not a complicated setup and I have to think there is something obvious that I'm missing, but I'm hung up on the fact that the config's are almost identical while one works exactly as intended and the other reports no route to host for a directly connected interface.

Labels:
0 Helpful
2 Replies 2

mwinnett
Level 3
Level 3

‎02-14-2013 04:09 AM

Paul, does this still occur after a reload of the secondary 4710 ? Does ssh in and out work ok ? Can you check "show int vlan nnn" where nnn is the mgmt vlan and check for "config download failures" (the counter will not show if it is zero). Check show int and be sure that the interfaces are up (sorry its basic, but I've done the same & the ping success could be a duplicate ip). Matthew

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎02-19-2013 01:53 PM

Paul,

Could you upload these outputs?

# show ft group detail

# show ft group brief 

# show ft group status

# show ft group summary 

Could you check under dir core: for any core dump?

You may get a #show tech-support for each box and then force a failover to see when the other takes ownership if he can get access again.

Did you compare both management interfaces and configuration?

Jorge

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card