cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2108
Views
0
Helpful
5
Replies

FTD failover peer failed

h.dam
Level 1
Level 1

Hello,

I configured a pair of FTD 2130 as active/passive but they didn't synchronise and gave "peer failed" error.

The "show failover state" showed there are monitored interfaces "no link" error.

These interfaces on FTD are configured using Ethernet channel with vlan sub-interface. They are connected through a HP 5510 switch.

So I would like to know if some of you have the same case.

If yes, please show me the HP Lacp config template.

Thank you.

 

Regards.

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame
hese interfaces on FTD are configured using Ethernet channel with vlan sub-interface

Failover SYNC should always Layer2

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello balaji,

Thank you for the document but my case is different.

The data interfaces are configured in Etherchannel sub-interface mode while the failover link is not.

I have interface "no link" error so I thought this is a LACP configuration issue between FTD and HPE switch.

The A/P pair went to sync state first, then I saw Active/Standy state but finally came out to "peer failed" because of the interfaces issue since they are monitored.

 

is this ever worked full sync? have you checked any Physical issues around?

 

what HPE switch ?  Do you have any config?

 

some troubleshoot to verify :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215351-configure-verify-and-troubleshoot-port.html

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

I have checked the cables two times.

The HPE switch is 5510 (stack of 4 switches), here is the config:

 

interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
link-aggregation mode dynamic

 

interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
port link-aggregation group 1

 

interface GigabitEthernet2/0/17
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20
port link-aggregation group 1

Hello,

 

post the EtherChannel LACP configs of both sides (the FTD and the HP). FTP supports 'mode on' only, make sure the HP sides matches that.

Review Cisco Networking for a $25 gift card