Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10532
Views
20
Helpful
7
Replies

Failover link communication failure

Esteban Talavera
Level 1
Level 1

‎11-15-2011 11:50 AM - edited ‎03-11-2019 02:51 PM

Hi

I have to connected the lan failover interface with a crossover cable.

When I enter "show failover statistics" on both ASA 5510 I get

Versions

Cisco Adaptive Security Appliance Software Version 8.4(2)

Device Manager Version 6.4(5)206

Primary

FW-DC01D/act# sh failover statistics

        tx:2949

        rx:11709

Secondary

FW-DC02D/sec# show failover statistics

        tx:11684

        rx:0

The primary is sending and receiving failover info, but he secondary, for any reason is not receiving failover info.

I do not know what might cause this?

Someone has experienced this problem?

Thanks

Esteban

Labels:
0 Helpful
7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

‎11-15-2011 06:59 PM

Hello Esteban,

So there are directly connected, can you try to change the cable, also can you post the following output of both devices:

-Show run interface xxxx(lan failover interface)

-Show failover

-Show failover history

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Esteban Talavera
Level 1
Level 1
In response to Julio Carvajal

‎11-16-2011 08:14 AM

PRIMARY

FW-DC01D/act# sh failover

Failover On

Failover unit Primary

Failover LAN Interface: LAN-FAILOVER Ethernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 110 maximum

Version: Ours 8.4(2), Mate Unknown

Last Failover at: 11:54:08 VET Nov 15 2011

This host: Primary - Active

Active time: 152770 (sec)

slot 0: ASA5510 hw/sw rev (2.0/8.4(2)) status (Up Sys)

  Interface IFA_WW (10.10.4.99): Normal (Waiting)

  Interface IFA_VE (10.10.90.65): Normal (Waiting)

  Interface IFA_ISA (10.10.133.1): No Link (Not-Monitored)

  Interface management (0.0.0.0): No Link (Not-Monitored)

slot 1: empty

Other host: Secondary - Not Detected

Active time: 0 (sec)

slot 0: empty

  Interface IFA_WW (10.10.4.100): Unknown (Waiting)

  Interface IFA_VE (10.10.90.66): Unknown (Waiting)

  Interface DMZ_ISA (10.10.133.2): Unknown (Not-Monitored)

  Interface management (0.0.0.0): Unknown (Not-Monitored)

slot 1: empty

Stateful Failover Logical Update Statistics

Link : LAN-FAILOVER Ethernet0/3 (up)

Stateful Obj xmit       xerr       rcv        rerr    

General0          0          0          0       

sys cmd  0          0          0          0       

up time  0          0          0          0       

RPC services  0          0          0          0       

TCP conn 0          0          0          0       

UDP conn 0          0          0          0       

ARP tbl  0          0          0          0       

Xlate_Timeout  0          0          0          0       

IPv6 ND tbl  0          0          0          0       

VPN IKEv1 SA 0          0          0          0       

VPN IKEv1 P2 0          0          0          0       

VPN IKEv2 SA 0          0          0          0       

VPN IKEv2 P2 0          0          0          0       

VPN CTCP upd 0          0          0          0       

VPN SDI upd 0          0          0          0       

VPN DHCP upd 0          0          0          0       

SIP Session 0          0          0          0       

Route Session 0          0          0          0       

User-Identity 0          0          0          0                   

Logical Update Queue Information

  Cur Max Total

Recv Q: 0 0 0

Xmit Q: 0 0 0

FW-DC01D/act# sh failover history

==========================================================================

From State                 To State                   Reason

==========================================================================

10:36:14 VET Nov 15 2011

Disabled                   Negotiation                Set by the config command

10:37:00 VET Nov 15 2011

Negotiation                Just Active                No Active unit found

10:37:00 VET Nov 15 2011

Just Active                Active Drain               No Active unit found

10:37:00 VET Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

10:37:00 VET Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

10:37:00 VET Nov 15 2011

Active Config Applied      Active                     No Active unit found

10:53:07 VET Nov 15 2011

Active                     Disabled                   Set by the config command

11:01:51 VET Nov 15 2011

Disabled                   Negotiation                Set by the config command

11:02:37 VET Nov 15 2011

Negotiation                Just Active                No Active unit found

11:02:37 VET Nov 15 2011

Just Active                Active Drain               No Active unit found

11:02:37 VET Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

11:02:37 VET Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

11:02:37 VET Nov 15 2011

Active Config Applied      Active                     No Active unit found

11:44:01 VET Nov 15 2011

Active                     Disabled                   Set by the config command

11:53:23 VET Nov 15 2011

Disabled                   Negotiation                Set by the config command

11:54:08 VET Nov 15 2011

Negotiation                Just Active                No Active unit found

11:54:08 VET Nov 15 2011

Just Active                Active Drain               No Active unit found

11:54:08 VET Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

11:54:08 VET Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

11:54:08 VET Nov 15 2011

Active Config Applied      Active                     No Active unit found

FW-DC01D/act# sh int 5 e0/3

Interface Ethernet0/3 "LAN-FAILOVER", is up, line protocol is up

  Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

Input flow control is unsupported, output flow control is off

Description: LAN/STATE Failover Interface

MAC address 0007.7d1a.7875, MTU 1500

IP address 10.10.91.1, subnet mask 255.255.255.0

126645 packets input, 8105280 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 pause input, 0 resume input

0 L2 decode drops

42216 packets output, 2701824 bytes, 0 underruns

0 pause output, 0 resume output

0 output errors, 0 collisions, 1 interface resets

0 late collisions, 0 deferred

0 input reset drops, 0 output reset drops, 0 tx hangs

input queue (blocks free curr/low): hardware (255/254)

output queue (blocks free curr/low): hardware (255/253)

  Traffic Statistics for "LAN-FAILOVER":

126643 packets input, 5150162 bytes

42218 packets output, 1182104 bytes

0 packets dropped

      1 minute input rate 1 pkts/sec,  61 bytes/sec

      1 minute output rate 0 pkts/sec,  14 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  61 bytes/sec

      5 minute output rate 0 pkts/sec,  14 bytes/sec

      5 minute drop rate, 0 pkts/sec

SECONDARY

FW-DC02D/sec# sh failover

Failover On

Failover unit Secondary

Failover LAN Interface: LAN-FAILOVER Ethernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 1 of 110 maximum

Version: Ours 8.4(2), Mate Unknown

Last Failover at: 09:18:32 UTC Nov 15 2011

This host: Secondary - Active

Active time: 86826 (sec)

slot 0: ASA5510 hw/sw rev (2.0/8.4(2)) status (Up Sys)

  Interface IFAVE (10.10.90.66): Normal (Waiting)

slot 1: empty

Other host: Primary - Not Detected

Active time: 0 (sec)

slot 0: empty

  Interface IFAVE (0.0.0.0): Unknown (Waiting)

slot 1: empty

Stateful Failover Logical Update Statistics

Link : Unconfigured.

FW-DC02D/sec# sh failover history

==========================================================================

From State                 To State                   Reason

==========================================================================

08:26:05 UTC Nov 15 2011

Disabled                   Negotiation                Set by the config command

08:27:00 UTC Nov 15 2011

Negotiation                Just Active                No Active unit found

08:27:00 UTC Nov 15 2011

Just Active                Active Drain               No Active unit found

08:27:00 UTC Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

08:27:00 UTC Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

08:27:00 UTC Nov 15 2011

Active Config Applied      Active                     No Active unit found

08:59:00 UTC Nov 15 2011

Active                     Disabled                   Set by the config command

08:59:18 UTC Nov 15 2011

Disabled                   Negotiation                Set by the config command

09:00:14 UTC Nov 15 2011

Negotiation                Just Active                No Active unit found

09:00:14 UTC Nov 15 2011

Just Active                Active Drain               No Active unit found

09:00:14 UTC Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

09:00:14 UTC Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

09:00:14 UTC Nov 15 2011

Active Config Applied      Active                     No Active unit found

09:07:36 UTC Nov 15 2011

Active                     Disabled                   Set by the config command

09:17:36 UTC Nov 15 2011

Disabled                   Negotiation                Set by the config command

09:18:32 UTC Nov 15 2011

Negotiation                Just Active                No Active unit found

09:18:32 UTC Nov 15 2011

Just Active                Active Drain               No Active unit found

09:18:32 UTC Nov 15 2011

Active Drain               Active Applying Config     No Active unit found

09:18:32 UTC Nov 15 2011

Active Applying Config     Active Config Applied      No Active unit found

09:18:32 UTC Nov 15 2011

Active Config Applied      Active                     No Active unit found

FW-DC02D/sec#       sg h int e0/3

Interface Ethernet0/3 "LAN-FAILOVER", is up, line protocol is up

  Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

Input flow control is unsupported, output flow control is off

Description: LAN Failover Interface

MAC address 0007.7dac.faf7, MTU 1500

IP address 10.10.91.2, subnet mask 255.255.255.0

41884 packets input, 2680576 bytes, 0 no buffer

Received 41884 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 pause input, 0 resume input

0 L2 decode drops

125650 packets output, 8041600 bytes, 0 underruns

0 pause output, 0 resume output

0 output errors, 0 collisions, 1 interface resets

0 late collisions, 0 deferred

0 input reset drops, 0 output reset drops, 0 tx hangs

input queue (blocks free curr/low): hardware (255/254)

output queue (blocks free curr/low): hardware (255/254)

  Traffic Statistics for "LAN-FAILOVER":

41884 packets input, 1926664 bytes

125650 packets output, 4355860 bytes

0 packets dropped

      1 minute input rate 0 pkts/sec,  23 bytes/sec

      1 minute output rate 1 pkts/sec,  52 bytes/sec

<--- More --->

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  23 bytes/sec

      5 minute output rate 1 pkts/sec,  52 bytes/sec

      5 minute drop rate, 0 pkts/sec


0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Esteban Talavera

‎11-16-2011 10:17 AM

Hello Esteban,

On the interfaces we could see that there are no errors, overruns,etc so I would recommend you to try with another cable and then let us know if that does not work.

Also please send us the show run failover

Have a great day,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Esteban Talavera
Level 1
Level 1
In response to Julio Carvajal

‎11-16-2011 11:14 AM

I change the crossover cable and connect the 2 ASA with a Crossover certificate cable

Here the RUNNs

FW-DC01D/act# sh run failover

failover

failover lan unit primary

failover lan interface LAN-FAILOVER Ethernet0/3

failover link LAN-FAILOVER Ethernet0/3

failover interface ip LAN-FAILOVER 10.10.91.1 255.255.255.0 standby 10.10.91.2

FW-DC02D/sec# sh run failover

failover

failover lan unit secondary

failover lan interface LAN-FAILOVER Ethernet0/3

failover link LAN-FAILOVER Ethernet0/3

failover interface ip LAN-FAILOVER 10.10.91.1 255.255.255.0 standby 10.10.91.2

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Esteban Talavera

‎11-16-2011 01:13 PM

Hello Esteban,

The configuration is the one required,

Can you do a write standby on the primary unit and let me know what happens.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Esteban Talavera
Level 1
Level 1
In response to Julio Carvajal

‎11-16-2011 05:56 PM

Hello Julio

Nothing Happens.

In the primary device the "OK Building configurations" appears, but in the secondary, the configurations remain the without any change.

Tomorrow I'll try with a straight cable.

Thanks,

Esteban

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Esteban Talavera

‎11-16-2011 07:02 PM

Hello Esteban,

Let me know how that goes, being straigth or cross-over should not make a difference just change the cable.

Have a good night.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card