Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover Assistance Needed Please

Hello,

I disabled failover by issuing the following command:

hostname(config)#no failover

if I type the command "sho fail"  I get the following:

fw1# sho fail

Failover Off

Failover unit Primary

Failover LAN Interface: cv_fw_failover Ethernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 110 maximum

fw1# sho fail

Failover Off (pseudo-Standby)

Failover unit Secondary

Failover LAN Interface: cv_fw_failover Ethernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 110 maximum fw1# sho fail
Failover Off (pseudo-Standby)
Failover unit Secondary
Failover LAN Interface: cv_fw_failover Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 110 maximum

However, now I can't seem to get the units in active/standby failover mode.  Do I need to reload in order to force it into active/standby?

I really need to get this resolved ASAP.  Any help would be greatly appreciated.

Thanks,

Michael

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Failover Assistance Needed Please

Great to hear all is working good now. Thanks for your update.

Please kindly mark the post answered so others can learn from your post. Thank you.

8 REPLIES
Cisco Employee

Failover Assistance Needed Please

Just re-enable "failover" on both primary and secondary unit. That should bring the failover back up and they should go in Active/Standby mode.

Have you enabled the failover again on both units?

New Member

Failover Assistance Needed Please

Hello Jennifer,

I had to leave for the evening.  I'll try that first thing when I get into the office tomorrow morning.  Just so that I'm clear;

config t

failover

exit

Those commands on both units will put it back into Active/Standby mode.  Documentation was showing "failover active", but that didn't work either.  I did not enter that on both units, so I'm not sure if that command would have corrected the issue had I done so to both.

I'll let you know how it went tomorrow.  Thank you for your reply.

Michael

Cisco Employee

Failover Assistance Needed Please

Yes, you are right:

config t

failover

exit

on both units, that would enable the failover feature on both units, and it will detect who is the Active and Standby and once detected will put the pair in Active/Standby mode.

The command: failover active, is used when you want to force the standby unit to become the active unit.

However since you turned off failover, the command is irrelevant.

Let us know how it goes tomorrow.

New Member

Failover Assistance Needed Please

One quick question before proceeding: will the firewall or experience any momentary loss of connection when enabling failover?  Right now, we are in production hours and I can't have any interruptions in service.

Thanks,

Michael

Cisco Employee

Failover Assistance Needed Please

It might, i would suggest that you enable it during non peak hours.

New Member

Failover Assistance Needed Please

Thanks for the clarification Jenifer.  I'll make changes later and update you how it went.

Michael

New Member

Failover Assistance Needed Please

Hello Jennifer,

Enabled failover on primary unit after production hours.

fw1(config)# failover

fw1(config)# exit

        No Response from Mate

fw1# Beginning configuration replication: Sending to mate.

End Configuration Replication to mate

A sho fail on the primary unit confirmed Primary - Active state.

I lost my SSH session to the standby unit.  No traffice interruption on primary firewall.  When FW2 was accessible, it was in Standby - Ready state.

All systems are up and functional.  So when failover is enabled on the primary firewall, it sends the configuration automatically to the standby unit without having to manually enable failover.

Take away's:

  • no failover disables failover
  • failover enables failover
  • invoking failover on primary unit causes it to become Primary-Active and synchronizes its configuration with its mate.

Thank you so much for your assistance.

Michael

Cisco Employee

Failover Assistance Needed Please

Great to hear all is working good now. Thanks for your update.

Please kindly mark the post answered so others can learn from your post. Thank you.

402
Views
0
Helpful
8
Replies
CreatePlease login to create content