Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

FAILOVER PROBLEM

Hi all. I have a failover problem on my 2 PIX525.

Conf of PIX1 - Active

failover

failover lan unit primary

failover lan interface failover Ethernet3

failover lan enable

failover polltime unit 10 holdtime 30

failover polltime interface 10

failover key *****

failover mac address Ethernet0 000c.859e.504d 0007.0e8d.b11c

failover mac address Ethernet1 000c.859e.504e 0007.0e8d.b11d

failover mac address Ethernet2 00e0.b606.c647 00e0.b606.c6c3

failover link failover Ethernet3

failover interface ip failover xxx.xxx.xxx.1 255.255.255.252 standby xxx.xxx.xxx.2

Conf of PIX2 - Standby

failover

failover lan unit secondary

failover lan interface failover Ethernet3

failover lan enable

failover polltime unit 10 holdtime 30

failover polltime interface 10

failover key *****

failover mac address Ethernet0 000c.859e.504d 0007.0e8d.b11c

failover mac address Ethernet1 000c.859e.504e 0007.0e8d.b11d

failover mac address Ethernet2 00e0.b606.c647 00e0.b606.c6c3

failover link failover Ethernet3

failover interface ip failover xxx.xxx.xxx.1 255.255.255.252 standby xxx.xxx.xxx.2

Reading documentation to avoid mac address change, i specified fixed mac-address.

The first mac-address indicated is the real mac-address of pix1 and the second mac-address is the real mac-address of pix2.

When i restart active pix, or failure was detected, secondary pix went on-line on about 10 seconds.

But it's not a stable situation.

I frequently lost connection with outside and dmz networks, and this 2 pix continue to go on active/standby state for about 2-3 minutes.

After this all works correctly, and standby pix went online.

I cannot understand why this. It's my fault about configuring mac address for the interfaces?

Can you give me some help?

Thx.

2 REPLIES
New Member

Re: FAILOVER PROBLEM

I make more test for this problem and i found that if i reboot the primary active pix, secondary goes active, but when primary goes up again it switch in active.

This is stange because pix is not preemptive in single context ...

Some help?

Re: FAILOVER PROBLEM

Hi,

The failover mac address command is unnecessary (and therefore cannot be used) on an interface configured for LAN-based failover (failover lan enable) because the failover lan interface lan_if_name command does not change the IP and MAC addresses when failover occurs.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1029143

*look under failover mac-address

Hope this helps!

Rgds,

AK

152
Views
0
Helpful
2
Replies
CreatePlease to create content