Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Change preffered role on Primary to Secondary?

Hi,

I'm running 2 asa5540's ver 8.0. I need to swap the preferred roles. I'd like the current primary to become the secondary and the secondary to become the primary. Is there a way I can make this change without disrupting traffic?

Thanks!

4 REPLIES
Cisco Employee

Re: Change preffered role on Primary to Secondary?

Hi,

You manually force the failover group to the other unit with the "no failover active" command on the primary or "failover active" on the standby.

To answer your specific question of "disrupting traffic", depending on whether you are doing Stateful Failover or not, your applications will take a hit. For example, if you are doing routing on the Firewall, then your routing tables are not going to failover and you might take a hit during routing reconvergence.

So, if possible it is a good idea to switch roles during off hours.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: Change preffered role on Primary to Secondary?

Don't the failover commands just change the active unit? I need to change what unit is the PRIMARY vs SECONDARY.

Thanks!

Cisco Employee

Re: Change preffered role on Primary to Secondary?

Hi,

Yes, you are correct. The "Failover Active" and "No Failover Active" will only change roles between the Primary/Active and Secondary/Standby on the firewall. If you want to change the roles of the actual Chassis itself, the only way I can think of is by bringing both the chassis down, make the configuration changes, bring the now secondary/standby as the primary/active and then bring up the now primary/active as the secondary/standby.

Please do share your thoughts and any other (better) way you find to change the roles.

Regards,

Arul

*Pls rate if it helps*

Cisco Employee

Re: Change preffered role on Primary to Secondary?

Hi,

Also, want to share the below command that might be useful.

failover lan unit primary

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp1760079

Regards,

Arul

*Pls rate if it helps*

168
Views
0
Helpful
4
Replies
CreatePlease to create content