Clarification on Cisco ACE Post

To clarify my post about the condition of STANDBY_COLD in the Cisco ACE, I dont’ think it’s a bug necessarily. The documentation (who reads documentation?) tells you to upload the SSL certificates and keys to both the active and standby.

The issue is that it’s easy to make the mistake of not uploading to both. Because the rest of the configuration is sync’d automatically, it’s easy to make the assumption the keys and certs are sync’d too. When you import the certs and keys there’s no warning that tells you that you should upload to both the active and standby.

And if you did make that mistake, there’s no red light that says “hey, I’m in STANDBY_COLD!”. If you don’t know to look for it, you could be in it and not know it. Also, STANDBY_COLD isn’t exactly a descriptive error state.

So it’s not a bug per say, but it is a bit tricky. It’s more of an operational bug. There should be more of an indication that the system is in STANDBY_COLD.  That’s why many of my students are surprised to find that they are, in fact, in STANDBY_COLD and didn’t know it.

One Response to Clarification on Cisco ACE Post

  1. The issue is that it’s easy to make the mistake of not uploading to both. Because the rest of the configuration is sync’d automatically,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: