04-04-2008 04:41 PM
I'm having a difficult time getting the ft configuration on my two ACE modules to work. This is my development pair. My production pair is working fine and they seem to be configured the same way. I believe this pair was working at one point, but I had a contractor in here working on a problem and between upgrading the code on the ACE and screwing around with certs, they lost their syncronization.
When I got around to looking at them, they were showing their ft peers in an UNKNOWN state. I sync'd up all the certs and got both of the ACEs on the same code level, but they refused to leave the UNKNOWN state. I deleted the FT groups and re-configured them, but now they are both showing their peer in the INIT state. Each ACE can ping their peers FT VLAN IP address.
Can any see what I may have done wrong here?
Here's the config:
ACE 1:
ft interface vlan 226
ip address 172.20.26.13 255.255.255.0
peer ip address 172.20.26.14 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 226
ft group 1
peer 1
peer priority 200
associate-context Admin
inservice
ft group 2
peer 1
peer priority 200
associate-context DevQAExternalDMZ
inservice
PHXDevACE01/Admin# sho ft grou bri
FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT
Context Name: Admin Context Id: 0
FT Group ID: 2 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT
Context Name: DevQAExternalDMZ Context Id: 1
ACE 2:
ft interface vlan 226
ip address 172.20.26.14 255.255.255.0
peer ip address 172.20.26.13 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 226
ft group 1
peer 1
associate-context Admin
inservice
ft group 2
peer 1
associate-context DevQAExternalDMZ
inservice
PHXDevACE02/Admin# sho ft grou bri
FT Group ID: 1 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT
Context Name: Admin Context Id: 0
FT Group ID: 2 My State:FSM_FT_STATE_ACTIVE Peer State:FSM_FT_STATE_INIT
Context Name: DevQAExternalDMZ Context Id: 1
04-05-2008 06:19 AM
strange.
I'm not sure if this will change anything but on ACE1 you set peer priority to 200 but define no priority for the device itself.
On ACE2 you did not define any priority.
So, if you want ACE1 to be active, use the command 'priority 200' and remove the 'peer priority 200'.
If after that the problem persist, collect the following info :
switch/Admin# sho ft history ?
cfg_cntlr Display Cfg Cntlr debug log
ha_dp_mgr Display HA-DP Manager's debug log
ha_mgr Display HA Manager's debug log
and let us know which version you run.
Gilles.
04-07-2008 08:53 AM
04-07-2008 09:14 AM
Just my 2 cent. Are you sure vlan 226 is correctly trunked between the two chassis?
If both blades are in init state maybe there is an inter-chassis communication problem.
Roble
04-07-2008 09:16 AM
The blades are actually in different chassis' and they are both able to ping their peers ft interface.
04-15-2008 01:58 PM
What ended up fixing this was a simultaneous reboot of both ace blades. Not exactly what I call a good fix. Still not sure what got them into the state they were in in the first place.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide