Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1576
Views
0
Helpful
2
Replies

High Availability Failure on NAC 3310 CAS

Tochukwu Iwuora
Level 1
Level 1

‎12-21-2011 07:18 AM - edited ‎02-21-2020 04:31 AM

Hi All,

Please I need your help.

Yesterday I discovered the primary and secondary CAS were both in active state and reporting their fellow peer as dead (I did this using ./fostate.sh), causing authentication errors on the network. I had to stop the perfigo process on the primary one to restore service.

After closer investigation I have discovered that when I put my laptop on the same subnet as their eth2 interfaces (eth0, eth1 and serial are not used for heartbeat only eth2), I can ping the eth2 ip address for the primary device, but can't ping that of the secondary device. See configs and outputs below. I am also wondering why the secondary CAS shows its eth0 and eth1 interfaces as fake0 and fake1. Any help will be highly appreciated. Thanks

[root@CAS-SEC ~]# ifconfig eth2

eth2      Link encap:Ethernet  HWaddr 00:1F:29:5D:1C:6C 

          inet addr:172.29.254.10  Bcast:172.29.254.11  Mask:255.255.255.252

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:11205 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1445 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1237137 (1.1 MiB)  TX bytes:243730 (238.0 KiB)

          Memory:dc220000-dc240000

[root@CAS-PRI ~]# ifconfig eth2

eth2      Link encap:Ethernet  HWaddr 00:1F:29:5D:41:06 

          inet addr:172.29.254.9  Bcast:172.29.254.11  Mask:255.255.255.252

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1889 errors:0 dropped:0 overruns:0 frame:0

          TX packets:11028 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:297308 (290.3 KiB)  TX bytes:1200820 (1.1 MiB)

          Memory:dc220000-dc240000

[root@CAS-SEC ~]# netstat -rn

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

172.29.254.8    0.0.0.0         255.255.255.252 U         0 0          0 eth2

xx.xx.xx.xx    0.0.0.0         255.255.255.248 U         0 0          0 fake1

xx.xx.xx.xx   0.0.0.0         255.255.255.248 U         0 0          0 fake0

0.0.0.0         xx.xx.xx.xx   0.0.0.0         UG        0 0          0 fake0

[root@CAS-PRI ~]# netstat -rn

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

172.29.254.8    0.0.0.0         255.255.255.252 U         0 0          0 eth2

xx.xx.xx.xx   0.0.0.0         255.255.255.248 U         0 0          0 eth1

xx.xx.xx.xx   0.0.0.0         255.255.255.248 U         0 0          0 eth0

0.0.0.0         xx.xx.xx.xx   0.0.0.0         UG        0 0          0 eth0

0 Helpful
2 Replies 2

Tochukwu Iwuora
Level 1
Level 1

‎12-22-2011 02:29 AM

Hi All,

Please any advise will be appreciated.

I have noticed a discrepancy in the output of 'more perfigo.conf' on both machines. The one that I can't ping its eth2 has

PEERGUSSK=00_1F_29_71_9D_06_00_1F_29_71_9D_07, while the other has PEERGUSSK=. Does anyone know what this means.

Also checking the /var/log/ha-log of the same I appliance I can't ping all I see is

ERROR: Unable to send [-1] ucast packet: No such process

Thanks for any information.

0 Helpful

Tochukwu Iwuora
Level 1
Level 1
In response to Tochukwu Iwuora

‎12-22-2011 06:04 AM

Hi All,

Making some progress now.

I have noticed that when I change the IP addresses on the eth2 of  both CAS, the devices can ping each other.

I plan to schedule a maintenance window to configured the high-availability using a new subnet for the eth2 hearbeat.

Regards.....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card