Device trust Corrupt

Delete all peer list and re-establish the trust between peers, make sure to put the standby in offline mode while doing so, else it will end up in an Active-Active setup and may impact production traffic

 

Go to -

 

Device management >> Device trust >> Peer list (11.x)

 

 

Thanks

 

Ajmal

Anything in Device trust is appear like this picture http://upic.me/show/45360568

 

 

I search and see it's might be Known issue sol14104. I'll try to workaournd this and update again

 

 

another question ... When I'll upgrade 10.2.4 pair into 11.2.1

 

 

Must I clear Network failover address and unplug hardwire failover while perform upgrading?

 

 

Thank you

As far as I know, the best way (infact no other way) to upgrade a 10.2 Active-Standby pair to 11.x is to break the HA pair and upgrade them as individual devices, then rebuild the HA in 11.x (I've upgraded 2-3 pairs)

 

 

Also I would recommend that instead of going for 11.2.1 go to 11.3.0 HF4 directly as it it the latest and more stable version available.

 

 

Thanks

 

Ajmal

 

Must I clear Network failover address and unplug hardwire failover while perform upgrading? in addition to Ajmal suggestion, it is also possible to upgrade while having hardware failover cable. anyway, it could have service interruption since connection mirroring may not work.

and what about Network failover ?

 

I used management IP for network failover ....and in Document Upgrading 10.x to 11.x it said unplug all cable except management cable

 

Does this will cause problem if I not clear network failover and not unplug management cable?

 

 

ps. sorry if it's basic question, I've perform upgrading without unplug HW failover and this problem occur , so I want to know this throughly that HW failover have nothing to do with this problem. (NW failover too)

 

Thank you

I used management IP for network failover ....and in Document Upgrading 10.x to 11.x it said unplug all cable except management cable

 

Does this will cause problem if I not clear network failover and not unplug management cable? hardware failover has higher precedence. as long as hardware failover is connnected, network failover is not used.

While going from 10.x to 11.x, it is advised to set the High Availability option to "Single Device" (System >> Platform >> High Availability), so in that case there will be no issues whether you have Hardware cable or network failover as the devices will not look for any other peer.

 

 

Nitass did suggested this to me in one of my posts to upgrade the devices as independent boxes and then rebuild the HA after upgrade, and believe me that is the best possible option to go from 10.x to 11.x for a Active/Standby pair.

 

 

Thank you very much

 

I perform upgrading via Manual and the problem is each device isn't see each other >> It's generate dummy peer even though It's doesn't have peer list >>> and when add True peer list, dummy peer didn't change into peer list that just added.

 

 

Updated: Delete everything and rebuild HA isn't work too , so I tried to reset Device Trust First then rebuild HA and this algorithm work

 

 

ps. I restore config 10.2.4 HF6 platform 3900 >> 11.3.0 HF5 platform 2200s

In 10.2.4 , I've 3 vlan with unique mac masquerade

 

 

and when I upgrade to 11.2.4 or else

 

 

HA setting is changed and mac masquerade is change in behavior by it's applied only Traffic Group not Vlan anymore

 

 

Is there any problem ? Can Traffic process properly?

 

 

Thank you

Is there any problem ? Can Traffic process properly? it could be fine if switch has fdb per vlan.

anyway, if you want mac masq per vlan, you can change tm.macmasqaddr_per_vlan key.

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys db tm.macmasqaddr_per_vlan
sys db tm.macmasqaddr_per_vlan {
    value "false"
}