Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1327
Views
0
Helpful
0
Comments

Migrating from CISCO ACE 10/20 Modules to ACE 30

Rupesh Goel
Community Member

on ‎01-09-2014 12:12 PM

############ The Below steps are for configuring the Primary ACE 30 module, but it is not in the production################


# It shouldn't have any non exportable SSL cert or keys. Verify the same with show crypto files.

# Preemption should be disabled.

# During the Cisco ACE migration process, there will be two forced failover events. For all Layer 3 and Layer 4 traffic, there will be no significant impact to active connections as connection flow information and sticky persistence

tables are replicated to the backup ACE. For connections requiring Layer 7 TCP Splicing and Re-proxy, there is a chance they will be impacted by the failover events. These flows have essentially two phases: one is a Layer 7

inspection phase and the second is the Layer 4 data transmission phase. If the connection is being inspected at Layer 7 at the time of the failover event, the connection will be impacted by the event. If the connection is a Full

Proxy connection, it will also be impacted during the failover event. For all Layer 7 processed flows, persistence

can be maintained provided sticky replication has been configured.

# Take the back up of the ACE 10 module with the command:

                ACE-pri/Admin# backup all

# Verify the status of the backup with the command:

                ACE-pri/Admin# show backup status

Backup Archive: 20a-ace-sol_2011_09_12_23_29_09.tgz

Type                                                      : Full

Start-time                                           : Mon Sep 12 23:29:58 2011

Finished-time                    : Mon Sep 12 23:29:09 2011

Status                                                   : SUCCESS

Current vc                                           : web-apps

Completed                                         : 11/11

# You should get the output in the above format mentioned.

# Export the backup files of ACE 10/20 to a FTP/SFTP server

                ACE-pri/Admin# copy backup-all sftp://172.25.91.127----------Primary device

                ACE-sec/Admin# copy backup-all sftp://172.25.91.127----------Secondary device

# Download the A4.2.1a version of the Cisco ACE image from Cisco.com to your FTP/SFTP server.

# Physically install a new Cisco ACE30 module into Cisco Catalyst 6500 Series chassis

# Log into the ACE from the Supervisor Engine 720 and configure an interface and IP address to allow the ACE to connect to the backup server where the ACE10 or ACE20 backup files were stored in the preceding staging steps. If needed, add the appropriate default route to access backup servers if they are a hop away.

# Install the A4.2.1a Cisco ACE Software image on ACE30.

                switch/Admin# copy sftp://172.25.91.127 image:

# Restore the backup of the primary ACE10/20 to ACE30 . Disregard the warning about the licensing file, which is a normal part of the migration process. Note that the ACE30 command prompt will change immediately after the restore begins. This is due to the Cisco ACE hostname being restored. Again this is an expected behaviour.

                switch/Admin# copy sftp://172.25.91.127 disk0:

                switch/Admin# restore all disk0:20a-primary.tgz

                ACE-pri/Admin# show restore status

#  If you have any upgraded license purchased with the ACE 30 module install the same.

                ACE30/Admin# copy sftp://172.25.91.127 disk0:

                ACE30/Admin# license install disk0:ACE30-MOD-16-K9.lic

# Boot the device to with the new image you have installed that is A4(2.1a)        

                ACE-pri/Admin(config)# boot system image:c6ace-t1k9-mz.A4_2_1a.bin

                ACE-pri/Admin(config)# no boot system image:c6ace-t1k9-mz.A2_3_4.bin

# Create a checkpoint of the ACE configuration, so it can be restored after the production environment is migrated to the Cisco ACE30 modules.

                ACE-pri/Admin# checkpoint create cfg-preempt              

# If the Admin context has preempt configured within the FT groups, then it must be removed to allow manual context failover and to prevent a premature failover during the Cisco ACE migration process. The best way to ensure the no preempt command is applied to all FT groups is to copy the show run ft | inc group output to an editor and append a newline with the no preempt command.

# Save the ACE configuration and reload the Cisco ACE30 module to ensure that it boots the new image as expected:

                ACE-pri/Admin# wr mem all

########### The Blow steps are for configuring the secondary ACE 30 module, but again it will not be in production ##################

# Physically install a new Cisco ACE30 modules into the Cisco Catalyst 6500 Series chassis

# Log into the ACE from the Supervisor Engine 720 and configure an interface and IP address to allow the ACE to connect to the backup server where the ACE10 or ACE20 backup files were stored in the prededing staging steps. Add the appropriate default route to access backup servers if they are a hop away.

# Install the A4.2.1a Cisco ACE Software image on ACE30

                switch/Admin# copy sftp://172.25.91.127 image:

# Restore the backup of the Secondary ACE10 or ACE20 to ACE30b. Disregard the warning about the licensing file, which is a normal part of the Cisco ACE migration process. Note that the ACE30b command prompt will change immediately after the restore begins.

                switch/Admin# copy sftp://172.25.91.127 disk0:

                Enter source filename[]?20b-secondary.tgz

                Enter the destination filename[]? [20b-secondary.tgz]

                switch/Admin# restore all disk0:20b-secondary.tgz

                ACE-sec/Admin# show restore status   

# Install the bandwidth license for the Cisco ACE30 module if applicable:

                ACE30/Admin# copy sftp://172.25.91.127 disk0:

                Enter source filename[]? ACE30-MOD-16-K9.lic

                ACE30/Admin# license install disk0:ACE30-MOD-16-K9.lic

# Modify the boot string to load the A4.2.1a software image. Since the Cisco ACE10 or ACE20 configuration was restored, the boot string is referencing the Cisco ACE10 or ACE20 image, which will not load on the Cisco ACE30. View the current boot string, and then add the new boot string referencing the A4.2.1a image. Then remove the previous boot string for the Cisco ACE10/20 image:

                ACE-sec/Admin(config)# boot system image:c6ace-t1k9-mz.A4_2_1a.bin

                ACE-sec/Admin(config)# no boot system image:c6ace-t1k9-mz.A2_3_4.bin

                ACE-sec/Admin(config)# exit

# If the Admin context has preempt configured within the FT groups, it must be removed to allow manual context failover and to prevent a premature failover during the Cisco ACE migration process. The best way to ensure the no preempt command is applied to all FT groups is to copy the show run ft | inc group output to a editor and append a newline with the no preempt command, then paste it back into the Admin context.

# Save the ACE configuration and reload the Cisco ACE30 module to ensure that it boots the new image as expected.

                ACE-sec/Admin# wr mem all

                ACE-sec/Admin# reload

############### The below steps are for Migrating from CISCO ACE 10/20 module to ACE 30 Module.#################

# On the primary (active) Cisco ACE10 or ACE20 module, create a checkpoint for the current configuration.

                ACE-pri/Admin# checkpoint create pri-orig

# If the Admin context on the primary Cisco ACE10 or ACE20 module has preempt configured within its FT groups, then they must be removed to allow manual context failover and to prevent a premature failover during the Cisco ACE migration process. The best way to ensure “no preempt” is applied to all ft groups is to copy the “show run ft | inc group” output to a editor and append a newline with “no preempt”, then paste it back into the Admin context.

# Power-down the backup ACE10 or ACE20 from the secondary Cisco Catalsyt Supervisor Engine 720

                cat6k-sec#conf t

                cat6k-sec(config)#no power enable module <slot number in which the module is installed>

# Physically replace the backup Cisco ACE10 or ACE20 module with the Cisco Secondary ACE30 module.

# Power-on secondary ACE30. The ACE30 secondary will boot as standby.

                cat6k-sec(config)#power enable module <module number>

# Once secondary ACE30 is warm perform the ACE10 or ACE20 failover.

                ACE-sec /Admin# show ft group brief

                                The output of this command will be state: STANDBY_WARM could be like this example:

FT Group                     : 1

No. of Contexts              : 0

My State                     : FSM_FT_STATE_STANDBY_WARM

                ACE-sec/Admin# ft switchover all

                This command will cause card to switchover (yes/no)? [no] yes

# The above command will make the secondary ACE 30 module as perimary ACE 30 and the previous primary ACE 10/20 module will become the standby device, all the traffic will move on ACE 30.

# Follow the above mentioned steps for replacing the other ACE 10/20 module with the ACE 30 module which is left uninstalled.

# Once you will have both the ACE 30 modules will be up and running at this stage, ACE 30 which we actually configured as secondary device is our main/Active device and the ACE 30 which we configured as primary ACE 30 is our standby.

# We can do the failover once again and this will make the primary ACE 30 as active and standby ACE 30 secondary.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents