Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
893
Views
0
Helpful
3
Replies

FWSM failover in context mode

Ian Beck
Level 1
Level 1

‎09-10-2010 01:05 PM - last edited on ‎03-25-2019 05:45 PM by Community Manager

Have two fwsm's in aseperate 6500 chassis running the lates leve 4.1(2).

I can not get Failover up having tried very thing.

At the moment I am seeing droped packets on the two sate interfaces but see no way of configuring any thing to allow them to work.

Any one any ideas ?

Thanks

Interface Vlan300 "", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Available for allocation to a context
        MAC address f866.f2f7.8b00, MTU not set
        IP address unassigned
Interface Vlan395 "RTFTC3FAILOVER", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Description: LAN Failover Interface
        MAC address f866.f2f7.8b00, MTU 1500
        IP address 10.1.1.2, subnet mask 255.255.255.252
  Traffic Statistics for "RTFTC3FAILOVER":
        1221 packets input, 104640 bytes
        3782 packets output, 349452 bytes
        1100 packets dropped
Interface Vlan396 "RTFTC3STATE", is up, line protocol is up
  Hardware is EtherSVI, BW Unknown Speed-Capability, DLY 10 usec
        Description: STATE Failover Interface
        MAC address f866.f2f7.8b00, MTU 1500
        IP address 10.1.1.6, subnet mask 255.255.255.252
  Traffic Statistics for "RTFTC3STATE":
        0 packets input, 0 bytes
        0 packets output, 0 bytes
        1100 packets dropped
UKTC3-N01-FFW02#

Labels:
0 Helpful
3 Replies 3

Allen P Chen
Level 5
Level 5

‎09-10-2010 01:42 PM

Hello,

Can you please provide the following outputs?

"show run | inc firewall" from both switches

"show vlan" from both FWSMs

"show run failover" from both FWSMs

"show failover" from both FWSMs

Thanks.

0 Helpful

Ian Beck
Level 1
Level 1
In response to Allen P Chen

‎09-10-2010 01:53 PM

Hi

As requested :

Swi A

UKTC3-N01-COR01#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1  300,395,396
UKTC3-N01-FFW01# sh vlan
300, 395-396
UKTC3-N01-FFW01# sh run failover
failover
failover lan unit primary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW01# sh failover
Failover On
Failover unit PrimaryFailover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 1 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:06 UTC Sep 10 2010
        This host: Primary - Active
                Active time: 4971 (sec)
                admin Interface admin (172.23.31.9): Normal (Waiting)
        Other host: Secondary - Failed
                Active time: 0 (sec)
                admin Interface admin (172.23.31.10): Unknown (Waiting)

Stateful Failover Logical Update Statistics
        Link : RTFTC3STATE Vlan 396 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         0          0          0          0
        sys cmd         0          0          0          0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          0          0
        UDP conn        0          0          0          0
        ARP tbl         0          0          0          0
        Xlate_Timeout   0          0          0          0
        AAA tbl         0          0          0          0
        DACL            0          0          0          0
        Acl optimization        0          0          0          0
        OSPF Area SeqNo         0          0          0          0
        Mamba stats msg         0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       0       0
        Xmit Q:         0       0       0
UKTC3-N01-FFW01# ping 172.23.31.2
Sending 5, 100-byte ICMP Echos to 172.23.31.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
UKTC3-N01-FFW01#

SWI B

UKTC3-N01-COR02#sh run | inc firewall
firewall module 8 vlan-group 1
firewall vlan-group 1  300,395,396
UKTC3-N01-FFW02# sh vlan
300, 395-396
UKTC3-N01-FFW02# sh run failover
failover
failover lan unit secondary
failover lan interface RTFTC3FAILOVER Vlan395
failover key *****
failover replication http
failover link RTFTC3STATE Vlan396
failover interface ip RTFTC3FAILOVER 10.1.1.1 255.255.255.252 standby 10.1.1.2
failover interface ip RTFTC3STATE 10.1.1.5 255.255.255.252 standby 10.1.1.6
UKTC3-N01-FFW02# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: RTFTC3FAILOVER Vlan 395 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 0 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(2), Mate Unknown
Last Failover at: 19:23:09 UTC Sep 10 2010
        This host: Secondary - Active
                Active time: 5270 (sec)
        Other host: Secondary - Failed
                Active time: 0 (sec)

Stateful Failover Logical Update Statistics
        Link : RTFTC3STATE Vlan 396 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         0          0          0          0
        sys cmd         0          0          0          0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          0          0
        UDP conn        0          0          0          0
        ARP tbl         0          0          0          0
        Xlate_Timeout   0          0          0          0
        AAA tbl         0          0          0          0
        DACL            0          0          0          0
        Acl optimization        0          0          0          0
        OSPF Area SeqNo         0          0          0          0
        Mamba stats msg         0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       0       0
        Xmit Q:         0       0       0

0 Helpful

Ian Beck
Level 1
Level 1
In response to Ian Beck

‎09-10-2010 02:00 PM

Hi

Cracked it, did a deb fover rx

and saw invlaid packets, so remove the keys and it come up !!!

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card