cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1265
Views
0
Helpful
10
Replies
Highlighted
Beginner

Out of Sync entries rise

My console shows that I have 51 of the 96 devices are out-of-sync.  I have am running up to date IOS, but it does not seem to be tied to firmware version or to model.  Many have the "VLAN:Running" is shown in the events.  When I run a sync job, it states that it was successful, but there will be no reduction in the number of items in out of sync.  Manual sync jobs come back successful, but the number rarely reduces.  I upgraded the software to run ssh, but that had no effect.

I am running a vtp environment, is the vlan.dat necessary? 

10 REPLIES 10
Highlighted
Hall of Fame Cisco Employee

The VLAN config is required unless you run in a VTP transparent mode.  If you don't want change events for vlan.dat (and many people do not).  Disable them under RME > Admin > Change Audit > Config Change Filter.  Check the box next to "Enable vlan Change Audit Filter".  Then changes to vlan.dat will not be seen in change audit reports.

As for out-of-sync configs, what part of the config is showing as out of sync?

Highlighted

Ok, I found that the startup config is newer than the running config according to LMS.   However, on the switch itself is a different story.

LMS

Startup - Mar 23, 2010 14:52:36                   Running - Mar 22, 2010 10:41:52

The switch shows:

Startup - Mar 23, 2010 13:57                       Running - Mar 23, 2010 13:57

I just changed the line


clock summer-time DST date Mar 7 2010 2:00 Nov 7 2010 2:00

from its current

clock summer-time DST date Mar 8 2009 2:00 Nov 8 2009 2:00

This did not reduce the out of syncs.

I began tracing that part down.  Where is the definitive location to get the answer to that question?

UPDATE:

I just looked one more time and found that the running config shows the certif. while the startup does not.

Highlighted
Hall of Fame Cisco Employee

This certificate out-of-sync problem should be fixed in RME 4.3.1.  I cannot reproduce.  I took a 7206 running 12.4(24)T, and noticed quite a few config diffs between startup and running (including the cert).  I did a write mem on it, then did a sync archive job in RME where I fetched both the startup and the running config.  I then went to Out-of-sync Summary, and the device was gone.

What protocol are you using to fetch the config?  What version of code is your device running?  Have you performed a sync archive job with the "Fetch Startup Config" box checked?

Highlighted

I FOUND SOMETHING!!!

The 50 units that are not reporting properly have these things in common:

1.  They are all running version 12.2(52)SE

2.  They all see the startup-config is newer than the running-config.

3.  The switches show the software at the same date and time.

4.  Credentials are ok

5.  They all are running SSH.

6.  Deleting them and letting the discovery process pick them up does not fix the problem.

7.  Units running 12.2(35) and other versions are fine.

8.  The models involved are WS-C2960G-48TL-L, WS-C2960G-24TL-L, and WS-C2975GS-48PS-L.

9.  I could not find a 12.2(52)SE version that was working.

Summation:  It looks to be the IOS version.  I am testing my hypothesis now.

Highlighted

I went ahead and updated an additional 2960 to 12.2(52)se.  This is a K9 edition.   Before upgrading this unit, the machine was not out of sync.  After the out of sync count went up by one.  I also upgraded a 3750, it also went from 'in-sync' to 'out of sync' after the edition.

I felt it might have something to do with ssh, or the like, but I have 2950's that are at 12.1.22.ea13.  This does not have any problem with newer secure versions on 2811 routers.

Symptom:  Out of syncs are 53.  Sync the systems does not change this.  Manual review of the equipment shows the versions to be the same.  LMS shows the startup-config to be newer than the running-config.  (Yes, startup is newer than running).

Credentials on all the devices are SSH enabled, and Credetials tests show no problems.

Machines at version 12.2.(46)se are fine, and show no problems.

Models seen in:  WS-C2960-24TT-L, WS-C2960G-24TL-L, WS-C2960G-48TL-L, WS-C2975SX-48P, WS-C3750G-24TL-L

Highlighted
Hall of Fame Cisco Employee

I have a 3550 running 12.2(52)SE in the lab.  I'll see if I can reproduce this behavior.  It would be helpful to see your current running and startup configs as well as the diffs you see in RME.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

Highlighted

Here is a presentation of the issue.  I think I put in enough information.  If you need more please tell me.

Highlighted
Hall of Fame Cisco Employee

I would like to see the out-of-sync configs with the Diffs Only box checked.  I have been unable to reproduce locally using my 3550 with SSH transport.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

Highlighted

Here you go.

Highlighted

Hi Robert, Did you get it working? i am having the same issue, and same difference as per your attached file,

Looks like crypto keys are not getting copied.

How to fix this ?:-s i am stuck. i read all thread regarding this issue, but no resolution.

Content for Community-Ad