06-15-2012 02:26 PM
Hello, guys.
I have some problems with correct answer. One CF in one of ASA had died from active/standby failover cluster few days ago.
So all works perfectly.
But now I have:
asa-5520/act# sh fail
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
Version: Ours 8.4(4), Mate 8.4(2)
Last Failover at: 00:25:50 UTC Jun 14 2012
This host: Secondary - Active
Active time: 161347 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.4(4)) status (Up Sys)
Interface internet (x.x.x.1): Normal (Waiting)
Interface inside (10.137.250.1): Normal (Waiting)
Interface management (192.168.1.1): Link Down (Waiting)
slot 1: empty
Other host: Primary - Failed
Active time: 24695466 (sec)
slot 0: ASA5520 hw/sw rev (1.0/8.4(2)) status (Unknown/Unknown)
Interface internet (x.x.x.2): Unknown (Monitored)
Interface inside (10.137.250.2): Unknown (Monitored)
Interface management (0.0.0.0): Unknown (Waiting)
slot 1: empty
Он failover unit Primary has died internal flash card (disk0). So a card had replaced, I've booted up ASA via tftp, copied files (image file, asdm file and startup-config from live ASA).
So I have a quiestion. I have startup-config from unit secondary. As I understand, I can simply change in config the next:
failover lan unit secondary
to failover lan primary
It will be correct?
Or I can make on current secondary command:
failover lan primary
And boot up another ASA with config from secondary?
So, appriciate any help, and I can't experiment with commands, because it's very production
Solved! Go to Solution.
06-15-2012 07:12 PM
Cisco has a step-by-step guide posted here.
Follow it carefully and you will successfully re-introduce the repaired primary unit with zero downtime.
06-15-2012 07:12 PM
Cisco has a step-by-step guide posted here.
Follow it carefully and you will successfully re-introduce the repaired primary unit with zero downtime.
06-16-2012 02:13 AM
As I understand correctly, my steps will be next:
On new ASA without any configuration (almost clean) I'll enter:
ASA(config)#failover lan unit primary
ASA(config)#failover lan interface failover GigabitEthernet0/2
ASA(config)#failover link failover GigabitEthernet0/2
ASA(config)#failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
ASA(config)# interface GigabitEthernet0/2
ASA(config-if)#no shut
ASA(config-if)#exit
ASA(config)#failover
And after that configuration will be synced from active (secondary) to standby (primary) unit without any downtimes and traffic corraption. Yes?
06-16-2012 04:08 AM
Almost right, but don't forgot to check your license and activation-key, because it's saved on flash card.
I retrieved from cisco.com/go/licence/ activation-key and after that can complitely finish failover recover
Thanks for help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: