It should be refreshed at reboot but I've found that I usually have to sit with a console open to the core switch, typing "Clear arp" a few times to get it to happen. When I discovered this the CASes were able to ping each other, which is why we initially did not think it was a networking issue, though nothing else was able to ping them. I would suggest rebooting the CASes and issuing a couple of clear arps once they come up to see if it clears the issue. I've gone as far as starting a recurring ping on my desktop in one window while I clear the arp in another. Invariably you'll see the ping start to work and the CASes then connect as normal.
This is a known bug according to Cisco (who only called it a known bug two months after I discovered the issue while working with TAC all night) though I don't know the TAC number for it. The issue is with the switches and not the CASes, I believe. - Sean ---- Sean Hennessey Networking and Information Security Systems Administrator The University of Portland -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Dennis Xu Sent: Thursday, January 08, 2009 3:35 PM To: [email protected] Subject: Re: HA CAS pair cannot reconnect to CAM after reboot the switch I was waiting for about 10 minutes and the CAS cannot reconnect to CAM. Yes usually the switch won't reboot by itself. I found this issue after I manually reboot the switch for some other reasons. We didn't try to clear the ARP table. But I think as the switch got rebooted, the ARP table should be fresh? Dennis Xu Network Analyst(CCS) University of Guelph 5198244120 x 56217 ----- Original Message ----- From: "Sean Hennessey" <[email protected]> To: [email protected] Sent: Thursday, January 8, 2009 5:34:51 PM GMT -05:00 US/Canada Eastern Subject: Re: HA CAS pair cannot reconnect to CAM after reboot the switch Hey all - Try going onto your core switches/routers and clearing the ARP table. I've found, as I've pointed out on list before, that the ARP table on Cisco switches/routers (at least) tend to get "poisoned" when CASes go up and down. I spent 16 hours working on this with Cisco once before deciding to clear the ARP for the hell of it and having that fix it. Just a thought. - Sean ---- Sean Hennessey Networking and Information Security Systems Administrator The University of Portland -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Homer Manila Sent: Thursday, January 08, 2009 1:59 PM To: [email protected] Subject: Re: HA CAS pair cannot reconnect to CAM after reboot the switch We're using eth2 for heartbeat on our CASes as well and we also don't have any link-detect IP set, but our CAS boxes are connected to switch-routers that almost never get rebooted, so it's hard to say. l. How long have you waited for the CASes to reconnect to the CAM? --Homer Manila Information Security Engineer Information Technology, American University 202-885-2209 Dennis Xu wrote: > Thank you for the comment. Our heartbeat interface is eth2 which is nothing > to do with the switch. I was thinking of the link detect IP. We had the trust > side link detect IP set to be the default gateway. When the switch reboot, > both CASes in the HA pair cannot connect the the default gateway. Then I > thought they may screw up. But I have tested to set the link detect IP to be > N/A and still the same problem. > > Dennis Xu > Network Analyst(CCS) > University of Guelph > 5198244120 x 56217 > > ----- Original Message ----- > From: "Homer Manila" <[email protected]> > To: [email protected] > Sent: Tuesday, January 6, 2009 12:12:46 PM GMT -05:00 US/Canada Eastern > Subject: Re: HA CAS pair cannot reconnect to CAM after reboot the switch > > I believe we have. I think what happens is that failover fails because > both are offline, and they don't know who should be active once > connection has been restored. I think YMMV depending on the type of > interface the heartbeats go through. > > --Homer Manila > Information Security Engineer > Information Technology, American University > 202-885-2209 > > > > Dennis Xu wrote: > >> Our CAM/CAS are running version 4.1.6 and CAS servers are in central >> deployment mode. We just found if we reboot the switch(c3750 or c6506) which >> connect to the HA pairs, the HA CAS pairs cannot reconnect to CAM >> automatically(showing as "Not Connected"). The standalone CAS server can >> reconnect to CAM automatically without problem after the switch reboots. For >> the HA CAS pairs, we had to reboot the active one, then the standby one can >> reconnect to CAM automatically. >> >> Has anyone seen this issue in your environment? >> >> Dennis Xu >> Network Analyst(CCS) >> University of Guelph >> 5198244120 x 56217 >> >>
