Re: What will happen when we shut an active interface in active

keshavnow · ‎03-29-2008

Hi,

My Question is:

What will happen a active interface is 'shut' adminitratively in the active HA Router - my set up is using HSRP for redundancy.

To my knowledge the expected behavior is when the interface is shut the standby router need to take the action of the active router.

But in my case, when the active interface is shut administratively in active router , the router is reloaded- is this is expected behavior?

But the switch over happens without any problem and even the IPsec tunnel are active in the standby when it comes up.

Please add your comments whether the reloading of the active is right?

Regards,

Kesavamurthy Palani

cisco24x7 · ‎03-29-2008

Yes, this is the "expected" behavior. Are

you using IPSec stateful failover, IPC and/or

SSO? This is one of many "weird" behaviors

that you will find.

You can open a TAC case with Cisco and they

will tell you.

If you're going to use stateful IPSec,

Pix/ASA is a better solution since they

do not have this weirdness associate with

them.

CCIE Security

keshavnow · ‎04-18-2008

Hi David,

I m using IPSec stateful failover,configuring IPC zone for SSO

Are you sure this is not seen in ASA/pix,

when the interface is shut in the active box(configured sso with ipc) -will not undergo reload?

Regards,

Kesavamurthy Palani

cisco24x7 · ‎04-18-2008

Hi there,

Yes, to my knowledge, you will NOT see this

behavior in Pix because:

1- Pix does not use HSRP. In Pix Active/Standby

configuration, there are only 2 ip addresses

whereas in HSRP you have 3 ip addresses.

2- This is confirmed by my lab test and by

Cisco TAC that Pix does not have this

behavior. Pix does not use HSRP and IPC/SSO.

keshavnow · ‎04-21-2008

Thanks!! fyi

What will happen when we shut an active interface in active HA Router?