Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover---- this host primary - disabled

hi everyone,

On single ASA  5505 with Security plus license i did some failover config for testing purposes

below is the  output

ASA1# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: test Vlan4 (Configuration incomplete)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 23 maximum

Version: Ours 9.1(1), Mate Unknown

Last Failover at: 12:27:17 MST Aug 4 2013

       This host: Primary - Disabled

                Active time: 0 (sec)

                slot 0: ASA5505 hw/sw rev (0.2/9.1(1)) status (Up Sys)

                  Interface outside (192.168.71.2): Unknown (Waiting)

                  Interface inside (10.0.0.1): No Link (Waiting)

                  Interface DMZ (192.168.70.1): No Link (Waiting)

                slot 1: empty

        Other host: Secondary - Not Detected

                Active time: 0 (sec)

                  Interface outside (0.0.0.0): Unknown (Waiting)

                  Interface inside (0.0.0.0): Unknown (Waiting)

                  Interface DMZ (0.0.0.0): Unknown (Waiting)

ASA1#    sh failover state

               State          Last Failure Reason      Date/Time

This host  -   Primary

               Disabled       None

Other host -   Secondary

               Not Detected   None

====Configuration State===

====Communication State===

need to know why is asa showing up   this host primary  --  as disabled?

Is there a way i can make it as active???

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

Failover---- this host primary - disabled

Hi,

More interesting output would be

show run failover

and

show run interface

The above output you posted would seem to indicate that your configuration is incomplete

- Jouni

Super Bronze

Failover---- this host primary - disabled

Hi,

You need to assing some of the Ethernet0/x ports to the Vlan4

interface Ethernet0/x

switchport access vlan 4

Then you need to connect that port to the other ASA

You will also need to configure the IP address for the Failover link

failover interface ip test x.x.x.x 255.255.255.0 standby x.x.x.y

- Jouni

4 REPLIES
Super Bronze

Failover---- this host primary - disabled

Hi,

More interesting output would be

show run failover

and

show run interface

The above output you posted would seem to indicate that your configuration is incomplete

- Jouni

New Member

Failover---- this host primary - disabled

Hi jouni,

ASA1/pri/act# sh run failover

failover

failover lan unit primary

failover lan interface test Vlan4

ASA1/pri/act# sh run int

ASA1/pri/act# sh run interface

!

interface Ethernet0/0

description Connection From Outside Int of ASA to 3550A

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

description DMZ Connection to Switch

switchport access vlan 3

!

interface Ethernet0/3

switchport access vlan 3

!

interface Ethernet0/4

description Connection to Sony Laptop

switchport access vlan 3

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

shutdown

!

interface Vlan1

description Connection to Outside 3550A

nameif outside

security-level 0

ip address 192.168.71.2 255.255.255.0

!

interface Vlan2

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Vlan3

nameif DMZ

security-level 50

ip address 192.168.70.1 255.255.255.0

!

interface Vlan4

description LAN Failover Interface

!

interface Vlan19

no nameif

no security-level

no ip address

Here is the interesting output.

Regards

MAhesh

Super Bronze

Failover---- this host primary - disabled

Hi,

You need to assing some of the Ethernet0/x ports to the Vlan4

interface Ethernet0/x

switchport access vlan 4

Then you need to connect that port to the other ASA

You will also need to configure the IP address for the Failover link

failover interface ip test x.x.x.x 255.255.255.0 standby x.x.x.y

- Jouni

New Member

Failover---- this host primary - disabled

Hi jouni,

It worked great.

ASA1/pri/act# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: test Vlan4 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 23 maximum

Version: Ours 9.1(1), Mate Unknown

Last Failover at: 13:24:32 MST Aug 4 2013

        This host: Primary - Active

                Active time: 37 (sec)

                slot 0: ASA5505 hw/sw rev (0.2/9.1(1)) status (Up Sys)

                  Interface outside (192.168.71.2): Unknown (Waiting)

                  Interface inside (10.0.0.1): No Link (Waiting)

                  Interface DMZ (192.168.70.1): No Link (Waiting)

                slot 1: empty

        Other host: Secondary - Failed

                Active time: 0 (sec)

                  Interface outside (0.0.0.0): Unknown (Waiting)

                  Interface inside (0.0.0.0): Unknown (Waiting)

                  Interface DMZ (0.0.0.0): Unknown (Waiting)

Regards

Mahesh

1008
Views
0
Helpful
4
Replies
CreatePlease login to create content