Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
4
Replies

Change preffered role on Primary to Secondary?

rswitzer
Level 1
Level 1

‎10-24-2008 11:10 AM - edited ‎03-11-2019 07:02 AM

Hi,

I'm running 2 asa5540's ver 8.0. I need to swap the preferred roles. I'd like the current primary to become the secondary and the secondary to become the primary. Is there a way I can make this change without disrupting traffic?

Thanks!

Labels:
0 Helpful
4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

‎10-24-2008 11:18 AM

Hi,

You manually force the failover group to the other unit with the "no failover active" command on the primary or "failover active" on the standby.

To answer your specific question of "disrupting traffic", depending on whether you are doing Stateful Failover or not, your applications will take a hit. For example, if you are doing routing on the Firewall, then your routing tables are not going to failover and you might take a hit during routing reconvergence.

So, if possible it is a good idea to switch roles during off hours.

Regards,

Arul

*Pls rate if it helps*

0 Helpful

rswitzer
Level 1
Level 1
In response to ajagadee

‎10-24-2008 11:24 AM

Don't the failover commands just change the active unit? I need to change what unit is the PRIMARY vs SECONDARY.

Thanks!

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to rswitzer

‎10-24-2008 11:59 AM

Hi,

Yes, you are correct. The "Failover Active" and "No Failover Active" will only change roles between the Primary/Active and Secondary/Standby on the firewall. If you want to change the roles of the actual Chassis itself, the only way I can think of is by bringing both the chassis down, make the configuration changes, bring the now secondary/standby as the primary/active and then bring up the now primary/active as the secondary/standby.

Please do share your thoughts and any other (better) way you find to change the roles.

Regards,

Arul

*Pls rate if it helps*

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to ajagadee

‎10-24-2008 12:22 PM

Hi,

Also, want to share the below command that might be useful.

failover lan unit primary

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp1760079

Regards,

Arul

*Pls rate if it helps*

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card