cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2915
Views
0
Helpful
12
Replies

FWSM license downgrade to facilitate failover testing

David Williams
Level 1
Level 1

I have two FWSM in the lab.  I was hoping to conduct some failover testing with these but it seems I have different licenses on them.  One is a 50 context license and the other is a 20.  I'm ok with temporarily downgrading the 50 context to a 20 to get the testing done but I don't know if that is even possible without purchasing the 20 context license.  Is that something Cisco would help with?  Does anyone have any experience with this scenario?  Perhaps this is a better question for our Cisco SE, but I thought I would put it out here first.

Thanks,

DW

1 Accepted Solution

Accepted Solutions

Kureli Sankar
Cisco Employee
Cisco Employee

You can only take the context license to 3 (the default) by clearing the activation-key on both of them.

conf t

clear activation-key

I'd suggested saving a "sh ver" from both units before doing this.

You can do the failover testing with the default 3 context license in both units and once done you can copy and paste the activation key from the saved "sh ver".

If you absolutely need 20 context or any other number of contexts then your first of seeing your SE is your best bet.

-KS

View solution in original post

12 Replies 12

Kureli Sankar
Cisco Employee
Cisco Employee

You can only take the context license to 3 (the default) by clearing the activation-key on both of them.

conf t

clear activation-key

I'd suggested saving a "sh ver" from both units before doing this.

You can do the failover testing with the default 3 context license in both units and once done you can copy and paste the activation key from the saved "sh ver".

If you absolutely need 20 context or any other number of contexts then your first of seeing your SE is your best bet.

-KS

Does the default license support failover?

I answered my own question.  The default license does appear to support failover, however, I only have two contexts to use and not three.  One of them gets chewed up by the admin context as well so I really only have 1 usable context.  This will do what I need though I think.  Thanks!!!

cperkins2
Level 1
Level 1

Hello,

A little bit different of a question, but I think it relates.

I have two FWSMs in failover mode... in multiple context mode - we have the default number of contexts... Recently we just purchased 20 more contexts and need to apply the key.  Would it be possible to apply the key to the standby FWSM and reboot, then once it's back up, apply the key to the primary unit, failover to the standby, so traffic is now running threw the 2nd unit while rebooting the primary?

Thank you,

Chris

INX, Inc.

Follow the steps in this link

https://supportforums.cisco.com/message/2008230#2008230

that one our forum users provided. I am still in the process of fixing our Cisco document (docId=70390 ) that lists the steps that apparently broke failover in two cases.

-KS

Thanks for the reply.  Is there a way to do what i'm trying to do without an outage?

Chris

Ok I just quickly tested this.

1. Applied license on the secondary/standby - this disabled failover due to license mismatch - sh fail will show pseudo standby

2. write mem on secondary

3. Applied license on Primary/active

4. write mem on Primary

5. enable failover on Primary

6. secondary automatically detects the mate and syncs up.

I tested this on 3.2.x I am sure this will be the same in 4.x as well.

-KS

Thank you very much for testing it for me... Amazing!

Is a reboot required for the activation keys to be effective?

No problem. I just had a pair so was easy to test.

No. I didn't reboot. It wrote to flash.

Once failover looks good.

"sh ver" shows the correct activation key. Then you are welcome to reboot the secondary/standby and make that active and then reload the primary if needed.

-KS

Hello,

I have another question regarding activation keys... on a 5580 - maybe you know the answer !

I have a customer who has purchased a 5580 and 20 contexts.... Once I apply the new key, I should have 20 contexts... If the client purchases 20 more, will the key application be the same as the first instance?  Is it even possible to go to from 2 to 20 to 40??

Thank you,

Chris

INX, Inc.

That is correct. Once you purchase the additional 20 context lincense to go to a total of 40 Cisco will give you another activation key that you need to key in using the activation-key command.

-KS

Ok - this document explains it a little differently - can you have a look and please let me know what you think:

http://www.cisco.com/en/US/docs/security/asa/asa82/license/license82.html#wp176651

"You cannot add two separate licenses for the same  feature together; for example, if you purchase a 25-session SSL VPN  license, and later purchase a 50-session license, you cannot use 75  sessions; you can use a maximum of 50 sessions."

Thank you,

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: