12-21-2009 09:48 AM - edited 03-11-2019 09:50 AM
I have two FWSM in the lab. I was hoping to conduct some failover testing with these but it seems I have different licenses on them. One is a 50 context license and the other is a 20. I'm ok with temporarily downgrading the 50 context to a 20 to get the testing done but I don't know if that is even possible without purchasing the 20 context license. Is that something Cisco would help with? Does anyone have any experience with this scenario? Perhaps this is a better question for our Cisco SE, but I thought I would put it out here first.
Thanks,
DW
Solved! Go to Solution.
12-21-2009 10:59 AM
You can only take the context license to 3 (the default) by clearing the activation-key on both of them.
conf t
clear activation-key
I'd suggested saving a "sh ver" from both units before doing this.
You can do the failover testing with the default 3 context license in both units and once done you can copy and paste the activation key from the saved "sh ver".
If you absolutely need 20 context or any other number of contexts then your first of seeing your SE is your best bet.
-KS
12-21-2009 10:59 AM
You can only take the context license to 3 (the default) by clearing the activation-key on both of them.
conf t
clear activation-key
I'd suggested saving a "sh ver" from both units before doing this.
You can do the failover testing with the default 3 context license in both units and once done you can copy and paste the activation key from the saved "sh ver".
If you absolutely need 20 context or any other number of contexts then your first of seeing your SE is your best bet.
-KS
12-21-2009 01:43 PM
Does the default license support failover?
12-21-2009 03:13 PM
I answered my own question. The default license does appear to support failover, however, I only have two contexts to use and not three. One of them gets chewed up by the admin context as well so I really only have 1 usable context. This will do what I need though I think. Thanks!!!
02-05-2010 12:42 PM
Hello,
A little bit different of a question, but I think it relates.
I have two FWSMs in failover mode... in multiple context mode - we have the default number of contexts... Recently we just purchased 20 more contexts and need to apply the key. Would it be possible to apply the key to the standby FWSM and reboot, then once it's back up, apply the key to the primary unit, failover to the standby, so traffic is now running threw the 2nd unit while rebooting the primary?
Thank you,
Chris
INX, Inc.
02-05-2010 01:04 PM
Follow the steps in this link
https://supportforums.cisco.com/message/2008230#2008230
that one our forum users provided. I am still in the process of fixing our Cisco document (docId=70390 ) that lists the steps that apparently broke failover in two cases.
-KS
02-05-2010 01:09 PM
Thanks for the reply. Is there a way to do what i'm trying to do without an outage?
Chris
02-05-2010 02:00 PM
Ok I just quickly tested this.
1. Applied license on the secondary/standby - this disabled failover due to license mismatch - sh fail will show pseudo standby
2. write mem on secondary
3. Applied license on Primary/active
4. write mem on Primary
5. enable failover on Primary
6. secondary automatically detects the mate and syncs up.
I tested this on 3.2.x I am sure this will be the same in 4.x as well.
-KS
02-05-2010 02:29 PM
Thank you very much for testing it for me... Amazing!
Is a reboot required for the activation keys to be effective?
02-05-2010 03:40 PM
No problem. I just had a pair so was easy to test.
No. I didn't reboot. It wrote to flash.
Once failover looks good.
"sh ver" shows the correct activation key. Then you are welcome to reboot the secondary/standby and make that active and then reload the primary if needed.
-KS
02-22-2010 08:50 AM
Hello,
I have another question regarding activation keys... on a 5580 - maybe you know the answer !
I have a customer who has purchased a 5580 and 20 contexts.... Once I apply the new key, I should have 20 contexts... If the client purchases 20 more, will the key application be the same as the first instance? Is it even possible to go to from 2 to 20 to 40??
Thank you,
Chris
INX, Inc.
02-22-2010 10:42 AM
That is correct. Once you purchase the additional 20 context lincense to go to a total of 40 Cisco will give you another activation key that you need to key in using the activation-key command.
-KS
02-22-2010 10:48 AM
Ok - this document explains it a little differently - can you have a look and please let me know what you think:
http://www.cisco.com/en/US/docs/security/asa/asa82/license/license82.html#wp176651
"You cannot add two separate licenses for the same feature together; for example, if you purchase a 25-session SSL VPN license, and later purchase a 50-session license, you cannot use 75 sessions; you can use a maximum of 50 sessions."
Thank you,
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide