11-04-2008 02:19 AM
Hello !!!!,
We are running FWSM Firewall Version 3.2(1). In multi context mode with Interchassie (2 boxes of 6509 ) failover
I have FWSM Failover problem.
Primary Box sh failover output
****
This context: Active
Peer context: Failed
Secondary Box shows
*******
Failover Off (pseudo-Standby)
Failover unit Secondary
Failover LAN Interface: faillink Vlan x (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 4
Monitored Interfaces 46 of 250 maximum
failover replication http
Can some one please guide with the
1. reason behind Failover got off on secondary box
2. What can be done to recover from this state.
3 What are the impact of this if not recovered.
Thanks in Advance
Regards
Yogesh
India
Solved! Go to Solution.
11-05-2008 05:54 AM
Yes do a 'write mem'. It seems you are missing an IP on the nattest interface and also you are missing vlans Safeco and Bizco on the secondary core switch.
Do a show vlan on the secondary switch and see if these vlans exists and are ACTIVE!
Regards
Farrukh
11-04-2008 03:02 AM
Mostly you have a VLAN mismatch between thet two FWSMs, have a look at this:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080965dec.shtml#vlan
Regards
Farrukh
11-04-2008 03:09 AM
Thanks Farrukh for reply,
Have checked & gone through the config & firewall group on core switch.
Vlan config is not mismatch...
Have tried "write standby" on primary box but no use...
please advice
11-04-2008 04:00 AM
Please check the trunk between the two switches to make sure all these vlans are allowed.
Can you post 'show failover' from both ends?
Regards
Farrukh
11-04-2008 04:59 AM
11-04-2008 05:24 AM
Your failover is disabled on the secondary unit. It seems you have done some misconfiguration for these two vlans:
project Interface Safeco (10.33.56.15): No Link (Waiting)
project Interface Bizzapps (10.33.60.15): Unknown (Waiting)
They should be 'Normal' if you VLANS are ocnfigured properly.
Also put 'failover' command on secondar box if its not already there.
Regards
Farrukh
11-05-2008 02:25 AM
Thanks for your valuable inputs.
Now it is sure where the problem is , with above 2 interfaces...
I have gone through configuration of the above mention interfaces & Vlan. Vlan configuration is perfectly right....
Noticed one thing : On Primary FWSM (Admin context)interfaces of the above 2 interface are exist....but if i look in the admin context of Secondary FWSM i do not see those interfaces.....it may be because of why it has status of no link & Unknown...
but wondering how it has like this...vlan's assigned on to both box ,Vlan groups are identical...above interfaces host are accessing resources using FWSM...means interface in Primary providing service & it is working...
Appreciate if you will help me to dig out this issue...
Thanks
Yogesh
11-05-2008 03:39 AM
Is it possible to post the configuration for the secondary box? and also the
"show run | inc firewall" from both switches. Also make sure the VLANs are created on both switches and the relevant SVIs exist on the firewall.
Regards
Farrukh
11-05-2008 04:35 AM
11-05-2008 05:39 AM
Please go to the secondary unit and enter the following commands:
no failover
failover
Regards
Farrukh
11-05-2008 05:51 AM
Hi Farrukh,
This option looks fine.
Does these commands are service affecting?
Do i have run write standby command after executing above mention commands.
Thanks
Yogesh
11-05-2008 05:54 AM
Yes do a 'write mem'. It seems you are missing an IP on the nattest interface and also you are missing vlans Safeco and Bizco on the secondary core switch.
Do a show vlan on the secondary switch and see if these vlans exists and are ACTIVE!
Regards
Farrukh
11-21-2008 02:20 AM
Hello Farrukh ,
Soluation provided by you is worked & failover started sucessfully without any cause to network.......
Manay Many thanks for advice...
11-21-2008 03:36 AM
No problem at all. I'm glad its working now :)
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: