cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
885
Views
0
Helpful
3
Replies

FWSM failover in context mode

Ian Beck
Level 1
Level 1

Have two fwsm's in aseperate 6500 chassis running the lates leve 4.1(2).

I can not get Failover up having tried very thing.

At the moment I am seeing droped packets on the two sate interfaces but see no way of configuring any thing to allow them to work.

Any one any ideas ?

Thanks

Interface Vlan300 "", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Available for allocation to a context
        MAC address f866.f2f7.8b00, MTU not set
        IP address unassigned
Interface Vlan395 "RTFTC3FAILOVER", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Description: LAN Failover Interface
        MAC address f866.f2f7.8b00, MTU 1500
        IP address 10.1.1.2, subnet mask 255.255.255.252
  Traffic Statistics for "RTFTC3FAILOVER":
        1221 packets input, 104640 bytes
        3782 packets output, 349452 bytes
        1100 packets dropped
Interface Vlan396 "RTFTC3STATE", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Description: STATE Failover Interface
        MAC address f866.f2f7.8b00, MTU 1500
        IP address 10.1.1.6, subnet mask 255.255.255.252
  Traffic Statistics for "RTFTC3STATE":
        0 packets input, 0 bytes
        0 packets output, 0 bytes
        1100 packets dropped
UKTC3-N01-FFW02#

3 Replies 3

Allen P Chen
Level 5
Level 5

Hello,

Can you please provide the following outputs?

"show run | inc firewall" from both switches

"show vlan" from both FWSMs

"show run failover" from both FWSMs

"show failover" from both FWSMs

Thanks.

Hi

As requested :

Swi A

UKTC3-N01-COR01#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1  300,395,396
UKTC3-N01-FFW01# sh vlan
300, 395-396
UKTC3-N01-FFW01# sh run failover
failover
failover lan unit primary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW01# sh failover
Failover On
Failover unit PrimaryFailover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 1 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:06 UTC Sep 10 2010
        This host: Primary - Active
                Active time: 4971 (sec)
                admin Interface admin (172.23.31.9): Normal (Waiting)
        Other host: Secondary - Failed
                Active time: 0 (sec)
                admin Interface admin (172.23.31.10): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : RTFTC3STATE Vlan 396 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         0          0          0          0
        sys cmd         0          0          0          0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          0          0
        UDP conn        0          0          0          0
        ARP tbl         0          0          0          0
        Xlate_Timeout   0          0          0          0
        AAA tbl         0          0          0          0
        DACL            0          0          0          0
        Acl optimization        0          0          0          0
        OSPF Area SeqNo         0          0          0          0
        Mamba stats msg         0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       0       0
        Xmit Q:         0       0       0
UKTC3-N01-FFW01# ping 172.23.31.2
Sending 5, 100-byte ICMP Echos to 172.23.31.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
UKTC3-N01-FFW01#

SWI B

UKTC3-N01-COR02#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1  300,395,396
UKTC3-N01-FFW02# sh vlan
300, 395-396
UKTC3-N01-FFW02# sh run failover
failover
failover lan unit secondary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW02# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:09 UTC Sep 10 2010
        This host: Secondary - Active
                Active time: 5270 (sec)
        Other host: Secondary - Failed
                Active time: 0 (sec)

Stateful Failover Logical Update Statistics
        Link : RTFTC3STATE Vlan 396 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         0          0          0          0
        sys cmd         0          0          0          0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          0          0
        UDP conn        0          0          0          0
        ARP tbl         0          0          0          0
        Xlate_Timeout   0          0          0          0
        AAA tbl         0          0          0          0
        DACL            0          0          0          0
        Acl optimization        0          0          0          0
        OSPF Area SeqNo         0          0          0          0
        Mamba stats msg         0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       0       0
        Xmit Q:         0       0       0

Hi

Cracked it, did a deb fover rx

and saw invlaid packets, so remove the keys and it come up !!!

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: