FWSM - failover active/standby preempt query

pokwan · ‎04-07-2008

Hi,

How do you configure the primary unit to be the always the active FWSM when both the primary and secondary units are up (after a failover to the secondary)? According to the Cisco website, the command "Failover preempt" on the primary unit should do the job but there no such command.

Can you please advice? We are running version 3.1(8).

TIA

PF

Jon Marshall · ‎04-07-2008

You can only use the preempt command when you are running the FWSM's in active/active multiple context mode. When you run in this mode you create failover groups and it is under the failover group configuration that you can add the preempt. From cisco doc

=============================================

Configuring Failover Group Preemption

Assigning a primary or secondary priority to a failover group specifies which unit the failover group becomes active on when both units boot simultaneously. However, if one unit boots before the other, then both failover groups become active on that unit. When the other unit comes online, any failover groups that have the unit as a priority do not become active on that unit unless manually forced over, a failover occurs, or the failover group is configured with the preempt command. The preempt command causes a failover group to become active on the designated unit automatically when that unit becomes available.

Enter the following commands to configure preemption for the specified failover group:

hostname(config)# failover group {1 | 2}

hostname(config-fover-group)# preempt [delay]

=============================================

So if you are running in active/standby mode then you cannot preempt automatically. You can manually log in and force failover or you could conceivably write a script that logged in and if the FWSM was on the secondary it failed it back to the primary but it won't happen automatcially.

Jon

pokwan · ‎04-07-2008

Jon,

Thanks for the reply. According to what I am reading on the website, preempt seems to be permitted. See below the extract from the website.

Thanks.

PF

Configuring Optional Active/Standby Failover Settings

You can configure the following optional Active/Standby failover setting when you are initially configuring failover or after failover has already been configured. Unless otherwise noted, the commands should be entered on the active unit.

This section includes the following topics:

â€¢Configuring Failover Preemption

â€¢Enabling HTTP Replication with Stateful Failover

â€¢Configuring Interface and Unit Poll Times

â€¢Configuring Failover Criteria

Configuring Failover Preemption

When the primary unit in an Active/Standby failover configuration fails, or if the secondary unit boots before the primary unit, the secondary, standby unit becomes active. When the failover condition is resolved on the primary unit, it boots to the standby state by default and the secondary unit remains in the active state.

You can use the failover preempt command to cause the primary unit to become the active unit automatically after a specified amount of time. Enter the following command to configure preemption for the primary unit:

hostname(config)# failover preempt [delay]

Jon Marshall · ‎04-07-2008

Apologies, i missed that but i like you cannot find how to configure it as it doesn't seem to be an option. I have an FWSM v3.x that i can test on but i'm out the office all day today so unless someone else can answer this i'll look at it tomorrow for you.

Jon

Syed Iftekhar Ahmed · ‎04-09-2008

I think premption for Active/standby was introduced in 3.2 code. 3.1 config guide doesnt mention it.

I am running 3.2 and I am using it.

From FWSM 3.2 Config guide

"You can use the failover preempt command to cause the primary unit to become the active unit automatically after a specified amount of time. Enter the following command to configure preemption

for the primary unit:

hostname(config)# failover preempt [delay]

The delay is the wait time, in seconds, before the secondary unit is preempted. Valid values are from 1 to 1200 seconds. If the delay is not specified, there is no delay."

Syed