Clarification on Cisco ACE Post
July 15, 2011 1 Comment
To clarify my post about the condition of STANDBY_COLD in the Cisco ACE, I dont’ think it’s a bug necessarily. The documentation (who reads documentation?) tells you to upload the SSL certificates and keys to both the active and standby.
The issue is that it’s easy to make the mistake of not uploading to both. Because the rest of the configuration is sync’d automatically, it’s easy to make the assumption the keys and certs are sync’d too. When you import the certs and keys there’s no warning that tells you that you should upload to both the active and standby.
And if you did make that mistake, there’s no red light that says “hey, I’m in STANDBY_COLD!”. If you don’t know to look for it, you could be in it and not know it. Also, STANDBY_COLD isn’t exactly a descriptive error state.
So it’s not a bug per say, but it is a bit tricky. It’s more of an operational bug. There should be more of an indication that the system is in STANDBY_COLD. That’s why many of my students are surprised to find that they are, in fact, in STANDBY_COLD and didn’t know it.