09-10-2010 01:05 PM - last edited on 03-25-2019 05:45 PM by ciscomoderator
Have two fwsm's in aseperate 6500 chassis running the lates leve 4.1(2).
I can not get Failover up having tried very thing.
At the moment I am seeing droped packets on the two sate interfaces but see no way of configuring any thing to allow them to work.
Any one any ideas ?
Thanks
Interface Vlan300 "", is up, line protocol is up
Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
Available for allocation to a context
MAC address f866.f2f7.8b00, MTU not set
IP address unassigned
Interface Vlan395 "RTFTC3FAILOVER", is up, line protocol is up
Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
Description: LAN Failover Interface
MAC address f866.f2f7.8b00, MTU 1500
IP address 10.1.1.2, subnet mask 255.255.255.252
Traffic Statistics for "RTFTC3FAILOVER":
1221 packets input, 104640 bytes
3782 packets output, 349452 bytes
1100 packets dropped
Interface Vlan396 "RTFTC3STATE", is up, line protocol is up
Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
Description: STATE Failover Interface
MAC address f866.f2f7.8b00, MTU 1500
IP address 10.1.1.6, subnet mask 255.255.255.252
Traffic Statistics for "RTFTC3STATE":
0 packets input, 0 bytes
0 packets output, 0 bytes
1100 packets dropped
UKTC3-N01-FFW02#
09-10-2010 01:42 PM
Hello,
Can you please provide the following outputs?
"show run | inc firewall" from both switches
"show vlan" from both FWSMs
"show run failover" from both FWSMs
"show failover" from both FWSMs
Thanks.
09-10-2010 01:53 PM
Hi
As requested :
Swi A
UKTC3-N01-COR01#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1 300,395,396
UKTC3-N01-FFW01# sh vlan
300, 395-396
UKTC3-N01-FFW01# sh run failover
failover
failover lan unit primary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW01# sh failover
Failover On
Failover unit PrimaryFailover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 1 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:06 UTC Sep 10 2010
This host: Primary - Active
Active time: 4971 (sec)
admin Interface admin (172.23.31.9): Normal (Waiting)
Other host: Secondary - Failed
Active time: 0 (sec)
admin Interface admin (172.23.31.10): Unknown (Waiting)
Stateful Failover Logical Update Statistics
Link : RTFTC3STATE Vlan 396 (up)
Stateful Obj xmit xerr rcv rerr
General 0 0 0 0
sys cmd 0 0 0 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
AAA tbl 0 0 0 0
DACL 0 0 0 0
Acl optimization 0 0 0 0
OSPF Area SeqNo 0 0 0 0
Mamba stats msg 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 0 0
Xmit Q: 0 0 0
UKTC3-N01-FFW01# ping 172.23.31.2
Sending 5, 100-byte ICMP Echos to 172.23.31.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
UKTC3-N01-FFW01#
SWI B
UKTC3-N01-COR02#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1 300,395,396
UKTC3-N01-FFW02# sh vlan
300, 395-396
UKTC3-N01-FFW02# sh run failover
failover
failover lan unit secondary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW02# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:09 UTC Sep 10 2010
This host: Secondary - Active
Active time: 5270 (sec)
Other host: Secondary - Failed
Active time: 0 (sec)
Stateful Failover Logical Update Statistics
Link : RTFTC3STATE Vlan 396 (up)
Stateful Obj xmit xerr rcv rerr
General 0 0 0 0
sys cmd 0 0 0 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
AAA tbl 0 0 0 0
DACL 0 0 0 0
Acl optimization 0 0 0 0
OSPF Area SeqNo 0 0 0 0
Mamba stats msg 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 0 0
Xmit Q: 0 0 0
09-10-2010 02:00 PM
Hi
Cracked it, did a deb fover rx
and saw invlaid packets, so remove the keys and it come up !!!
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: