Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

svc-asa-sm1 configuration problems

Hello Everyone:

     Two 6506 switches, the configuration of the VSS. Configure a SVC-ASA-SM, and now need to configure failover on each switch.

Then the following problems: two ASA-SM can be mounted to the switch, but can not detect each other, are active. Attach specific configuration

     There are potential problems, please point out that I would be grateful !

============================================================================================================

ciscoasa(config)# sho run

: Saved

:

ASA Version 8.5(1)

!

hostname ciscoasa

!

interface Vlan201

nameif outside

security-level 0

ip address 172.17.4.6 255.255.255.252

!

interface Vlan202

nameif DB

security-level 100

ip address 172.16.1.254 255.255.255.0

!

interface Vlan203

nameif YeWu

security-level 100

ip address 172.16.2.254 255.255.255.0

!

interface Vlan208

nameif Management

security-level 100

ip address 172.31.2.2 255.255.255.0 standby 172.31.2.1

management-only

!

interface Vlan209

description LAN Failover Interface

!

interface Vlan210

description STATE Failover Interface

!

failover

failover lan unit primary

failover lan interface folink Vlan209

failover link statlink Vlan210

failover interface ip folink 172.31.0.2 255.255.255.0 standby 172.31.0.1

failover interface ip statlink 172.31.1.2 255.255.255.0 standby 172.31.1.1

monitor-interface Management

----------------------------------------------------------------------------------------------------------------------------------------

ciscoasa(config)#   show ver

Cisco Adaptive Security Appliance Software Version 8.5(1)

Device Manager Version 6.5(1)

Hardware:   WS-SVC-ASA-SM1, 23552 MB RAM, CPU Xeon 5600 series 2000 MHz

            2 CPUs, 24 cores

Licensed features for this platform:

Maximum Interfaces                : 1024           perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

DES                               : Enabled        perpetual

3DES-AES                          : Disabled       perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

Botnet Traffic Filter             : Disabled       perpetual

----------------------------------------------------------------------------------------------------------------------------------------------------

ciscoasa(config)# sho fail int

        interface folink Vlan209

                System IP Address: 172.31.0.2 255.255.255.0

                My IP Address    : 172.31.0.2

                Other IP Address : 172.31.0.1

        interface statlink Vlan210

                System IP Address: 172.31.1.2 255.255.255.0

                My IP Address    : 172.31.1.2

                Other IP Address : 172.31.1.1

----------------------------------------------------------------------------------------------------------------------------------------------------------

ciscoasa(config)# sho fail

Failover On

Failover unit Primary

Failover LAN Interface: folink Vlan209 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 1025 maximum

Version: Ours 8.5(1), Mate Unknown

Service Module Backplane Connection: Up

Last Failover at: 15:20:17 beijing Jan 24 2014

        This host: Primary - Active

                Active time: 4571 (sec)

                slot 6: WS-SVC-ASASM-1 hw/sw rev (0.1/8.5(1)) status (Up Sys)

                  Interface Management (172.31.2.2): Normal (Waiting)

                  Interface outside (172.17.4.6): Normal (Not-Monitored)

                  Interface DB (172.16.1.254): Normal (Not-Monitored)

                  Interface YeWu (172.16.2.254): Normal (Not-Monitored)

        Other host: Secondary - Failed

                Active time: 0 (sec)

                slot 0: empty

                  Interface Management (172.31.2.1): Unknown (Waiting)

                  Interface outside (0.0.0.0): Unknown (Not-Monitored)

                  Interface DB (0.0.0.0): Unknown (Not-Monitored)

                  Interface YeWu (0.0.0.0): Unknown (Not-Monitored)

===========================================================================================================

===========================================================================================================

SVC-ASA(config)# sh run

: Saved

:

ASA Version 8.5(1)

!

interface Vlan208

nameif Management

security-level 100

ip address 172.31.2.1 255.255.255.0 standby 172.31.2.2

management-only

!

interface Vlan209

description LAN Failover Interface

!

interface Vlan210

description STATE Failover Interface

!

same-security-traffic permit inter-interface

failover

failover lan unit secondary

failover lan interface folink Vlan209

failover link statlink Vlan210

failover interface ip folink 172.31.0.1 255.255.255.0 standby 172.31.0.2

failover interface ip statlink 172.31.1.1 255.255.255.0 standby 172.31.1.2

monitor-interface Management

-----------------------------------------------------------------------------------------------------------------------------------------------

SVC-ASA(config)#  sh ver

Cisco Adaptive Security Appliance Software Version 8.5(1)

Device Manager Version 6.5(1)

Compiled on Tue 03-May-11 14:21 MDT by builders

System image file is "disk0:/asa851-smp-k8.bin"

Config file at boot was "startup-config"

SVC-ASA up 90 days 6 hours

failover cluster up 90 days 6 hours

Hardware:   WS-SVC-ASA-SM1, 23552 MB RAM, CPU Xeon 5600 series 2000 MHz

            2 CPUs, 24 cores

Licensed features for this platform:

Maximum Interfaces                : 1024           perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

DES                               : Enabled        perpetual

3DES-AES                          : Disabled       perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

Botnet Traffic Filter             : Disabled       perpetual

This platform has an WS-SVC-ASA-SM1 No Payload Encryption license.

Failover cluster licensed features for this platform:

Maximum Interfaces                : 1024           perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

DES                               : Enabled        perpetual

3DES-AES                          : Disabled       perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

Botnet Traffic Filter             : Disabled       perpetual

----------------------------------------------------------------------------------------------------------------------------

SVC-ASA(config)# sho fai int

        interface folink Vlan209

                System IP Address: 172.31.0.1 255.255.255.0

                My IP Address    : 172.31.0.2

                Other IP Address : 172.31.0.1

        interface statlink Vlan210

                System IP Address: 172.31.1.1 255.255.255.0

                My IP Address    : 172.31.1.2

                Other IP Address : 172.31.1.1

------------------------------------------------------------------------------------------------------------------------------             

SVC-ASA(config)#  sho fai

Failover On

Failover unit Secondary

Failover LAN Interface: folink Vlan209 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 1025 maximum

Version: Ours 8.5(1), Mate Unknown

Service Module Backplane Connection: Up

Last Failover at: 16:03:13 beijing Jan 24 2014

        This host: Secondary - Active

                Active time: 7799564 (sec)

                slot 6: WS-SVC-ASASM-1 hw/sw rev (0.1/8.5(1)) status (Up Sys)

                  Interface Management (172.31.2.1): Normal (Waiting)

        Other host: Primary - Failed

                Active time: 0 (sec)

                slot 0: empty

                  Interface Management (172.31.2.2): Unknown (Waiting)

====================================================================================================

====================================================================================================

Core-switch#        sh run | inc fir

firewall autostate

firewall multiple-vlan-interfaces

firewall switch 1 module 6 vlan-group 1

firewall switch 2 module 6 vlan-group 1

firewall vlan-group 1  201-210

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Core-switch#sho module switch 1 sl 6

Switch Number:     1   Role:   Virtual Switch Active

----------------------  -----------------------------

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  6    3  ASA Service Module                     WS-SVC-ASA-SM1     SAL17110U0S

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  6  70ca.9b8f.3920 to 70ca.9b8f.392f   1.1   12.2(50r)SYL 15.1(1)SY    Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

6/0 ASA Application Processor   SVC-APP-PROC-1     SAL17152MT0  1.0    Ok

Base PID:

Mod  Model         Serial No.

---- -----------   ----------

  6 WS-SVC-APP-HW-1    SAL17110U0S

Mod  Online Diag Status

---- -------------------

  6  Pass

6/0 Pass

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Core-switch#sho module switch 2 sl 6

Switch Number:     2   Role:  Virtual Switch Standby

----------------------  -----------------------------

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  6    3  ASA Service Module                     WS-SVC-ASA-SM1     SAL17110U17

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  6  70ca.9b8f.37c0 to 70ca.9b8f.37cf   1.1   12.2(50r)SYL 15.1(1)SY    Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

6/0 ASA Application Processor   SVC-APP-PROC-1     SAL171631QN  1.0    Ok

Base PID:

Mod  Model         Serial No.

---- -----------   ----------

  6 WS-SVC-APP-HW-1    SAL17110U17

Mod  Online Diag Status

---- -------------------

  6  Pass

6/0 Pass

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Core-switch#ping 172.31.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Core-switch#ping 172.31.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Core-switch#sh arp | inc 172.31.2.

Internet  172.31.2.1             35   70ca.9b8f.392c  ARPA   Vlan208

Internet  172.31.2.2             40   70ca.9b8f.37cc  ARPA   Vlan208

Internet  172.31.2.254            -   7cad.7443.ae00  ARPA   Vlan208

Core-switch#

================================================================================================

347
Views
0
Helpful
0
Replies
CreatePlease to create content