Cisco 4700M Administration Manual page 164

Configuring Redundant ACEs
You can enable automatic synchronization of the running-configuration and the startup-configuration
files after they have been explicitly disabled.
Toggling ft auto-sync running-config in the Admin context may have undesirable side effects if the
Caution
same command is also disabled in an active user context. If ft auto-sync running-config is disabled in
the active Admin context and in an active user context, and you subsequently enable ft auto-sync
running-config in the active Admin context first, the entire configuration of the standby user context
will be lost. Always enable ft auto-sync running-config in the active user context first, and then enable
the command in the active Admin context.
Restrictions
This topic includes the following restrictions:
•
•
•
•
•
•
•
•
Cisco 4700 Series Application Control Engine Appliance Administration Guide
6-20
The configurations on both the active context and the standby context must be identical. If there is
a mismatch between configuration objects, then configuration synchronization may fail.
If the standby ACE has reached the maximum resource limit for a configuration object even if some
of the configuration objects are not in the redundant context and you configure one more object of
the same type in the redundant context of the active ACE, configuration synchronization will fail.
For example, suppose that you have configured two contexts on each ACE (Admin and C1) and the
C1 context is the only one in the FT group. On the standby ACE, you have configured 8,192 match
source-address statements in the Admin context and in the C1 context for a total of 16,384 match
source-address statements (the ACE limit). When you configure one new match source-address
statement on the acti v e ACE in C1, configuration synchronization will fail, the new match statement
will not be replicated to the standby, and syslog ACE-1-727005 is generated.
If you operate the active ACE with config sync disabled for a prolonged period of time, you must
manually duplicate any changes that you make to the active ACE on the standby ACE to ensure that
connection replication works properly.
If a license mismatch occurs between the two ACEs in a redundant configuration, the ft auto-sync
command is automatically disabled and a syslog message is generated.
If you temporarily disable ft auto-sync running-config on the active ACE (for example, to test
changes to your configuration), when you subsequently reenable config sync, any changes that you
made to the active ACE are duplicated on the standby ACE. Note that the standby ACE remains in
the STANDBY_HOT state even when config sync is disabled on the active ACE.
If the configuration synchronization fails, the running-configuration file reverts to the
startup-configuration file.
The ACE does not copy or write changes in the running-configuration file to the
startup-configuration file unless you enter the copy running-config startup-config command or the
write memory command for the current context. To write the contents of the running-configuration
file to the startup-configuration file for all contexts, use the write memory all command. At this
time, if the ft auto-sync startup-config command is enabled, the ACE synchronizes the
startup-configuration file on the active ACE to the standby ACE.
The ACE does not synchronize the SSL certificates and key pairs that are present in the active
context with the standby context of an FT group. If the ACE performs a configuration
synchronization and does not find the necessary certificates and keys in the standby context, config
sync fails and the standby context enters the STANDBY_COLD state.
Chapter 6 Configuring Redundant ACEs
OL-20823-01