https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303280#M563417 <HTML><HEAD></HEAD><BODY><P>If this is a failover-only PIX, then it will exhibit the following after a power up:</P><P></P><P>When the <B>failover lan interface</B> link status is up:</P><P></P><P>&nbsp;&nbsp;&nbsp;* The FO-only PIX will boot and automatically become active if it fails to detect the primary UR PIX.</P><P>&nbsp;&nbsp;&nbsp;* The unit will reload itself every following 24 hours, automatically becoming active each time.</P><P></P><P></P><P>When the <B>failover lan interface</B> link status is down:</P><P></P><P>&nbsp;&nbsp;&nbsp;* The FO-only PIX will boot and come online but not become active.</P><P>&nbsp;&nbsp;&nbsp;* The command failover active must be manually executed to make the unit active.</P><P>&nbsp;&nbsp;&nbsp;* The unit will reload itself every following 24 hours, requiring another manual failover active to make it active each time.</P><P></P><P></P><P>I think you hit the second condition, meaning the <B>failover lan interface</B> status was down. You would get this if you have a cross-over cable connected between the two PIX and the primary is still powered off or the cables were disconnected from it (which you said they were). This is exactly why we suggest plugging all cables into a switch and not using cross-over cables, even if the primary is down the link status on the secondary will still be up.</P></BODY></HTML> Tue, 03 Aug 2004 01:07:37 GMT gfullage 2004-08-03T01:07:37Z https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303279#M563416 <P>I have two PIX's configured for lan-based failover.</P><P></P><P>The other day there was a power failure, during which someone removed the lan cables from the primary.</P><P></P><P>When the power came back I expected the standby PIX to become active however I had to issue the failover active command before this happened.</P><P></P><P>Any ideas?</P> Fri, 21 Feb 2020 07:32:24 GMT https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303279#M563416 m.reay 2020-02-21T07:32:24Z https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303280#M563417 <HTML><HEAD></HEAD><BODY><P>If this is a failover-only PIX, then it will exhibit the following after a power up:</P><P></P><P>When the <B>failover lan interface</B> link status is up:</P><P></P><P>&nbsp;&nbsp;&nbsp;* The FO-only PIX will boot and automatically become active if it fails to detect the primary UR PIX.</P><P>&nbsp;&nbsp;&nbsp;* The unit will reload itself every following 24 hours, automatically becoming active each time.</P><P></P><P></P><P>When the <B>failover lan interface</B> link status is down:</P><P></P><P>&nbsp;&nbsp;&nbsp;* The FO-only PIX will boot and come online but not become active.</P><P>&nbsp;&nbsp;&nbsp;* The command failover active must be manually executed to make the unit active.</P><P>&nbsp;&nbsp;&nbsp;* The unit will reload itself every following 24 hours, requiring another manual failover active to make it active each time.</P><P></P><P></P><P>I think you hit the second condition, meaning the <B>failover lan interface</B> status was down. You would get this if you have a cross-over cable connected between the two PIX and the primary is still powered off or the cables were disconnected from it (which you said they were). This is exactly why we suggest plugging all cables into a switch and not using cross-over cables, even if the primary is down the link status on the secondary will still be up.</P></BODY></HTML> Tue, 03 Aug 2004 01:07:37 GMT https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303280#M563417 gfullage 2004-08-03T01:07:37Z https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303281#M563418 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply however all interfaces are connect to a Cisco 4507R configured for multiple vlans, icluding a dedicated failover vlan.</P><P></P><P>I don't know what the status of the interface was, but can only assume that it was up as it was connected to a switch port - though I certainly wouldn't swear to it.</P><P></P><P>Could it be due to the fact that spanning tree portfast wasnt configured on the port. </P></BODY></HTML> Tue, 03 Aug 2004 15:38:59 GMT https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303281#M563418 m.reay 2004-08-03T15:38:59Z https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303282#M563419 <HTML><HEAD></HEAD><BODY><P>Even with portfast disabled the link status should have been up if the port was up (even if it was in blocking state still). Could the switch have been powered off or still coming up from the power outage?</P><P></P><P>I would definately recommend enabling portfast on all the PIX-connected interfaces, this'll speed up failover enormously.</P></BODY></HTML> Tue, 03 Aug 2004 23:26:45 GMT https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303282#M563419 gfullage 2004-08-03T23:26:45Z https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303283#M563420 <HTML><HEAD></HEAD><BODY><P>No - the power came back on the sunday abd the problem was noticed on Monday.</P><P></P><P>The switch was fully up.</P></BODY></HTML> Wed, 04 Aug 2004 06:01:39 GMT https://community.cisco.com/t5/network-security/pix-failover-problem/m-p/303283#M563420 m.reay 2004-08-04T06:01:39Z