12-10-2014 12:43 PM - edited 03-11-2019 10:12 PM
Have a pair of 5525s in active/standby setup. Standby node shows as failed. If I "reset failover" from the ASDM, it briefly changes to Standby Ready then in a few seconds flips back to "failed". The failover interface shows as Up. No recent updates or changes as far as I know. My network engineer has left the company so I'm trying to work on this on my own, but I'm a newbie to this. Can someone provide some tips on what direction to go in troubleshooting this? thanks.
Solved! Go to Solution.
12-11-2014 06:58 AM
So the output shows "Visitor: No Link".
With that interface being down, the secondary unit is considered to be in failed state.
Fix that and it should come out of "Failed" state.
12-10-2014 04:37 PM
Can you give us the sanitized output of "show failover" and "show failover history" from the active unit?
12-11-2014 02:18 AM
Hi,
I think you might also get the "show failover state" output from both the units.
Thanks and Regards,
Vibhor Amrodia
12-11-2014 05:22 AM
Thanks for the replies. Below is the show failover, failover history, and failover state from both nodes.
******************************************************************************************
ACTIVE NODE# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 216 maximum
failover replication http
Version: Ours 9.1(4), Mate 9.1(4)
Last Failover at: 20:10:46 EDT Jun 18 2014
This host: Primary - Active
Active time: 15161915 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
Interface External (#.#.#.#): Unknown (Waiting)
Interface LAN (#.#.#.#): Normal (Monitored)
Interface Firepass (#.#.#.#): No Link (Not-Monitored)
Interface management (#.#.#.#): No Link (Not-Monitored)
Interface Visitor(#.#.#.#): Normal (Waiting)
slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
Interface External (0.0.0.0): Unknown (Waiting)
Interface LAN (#.#.#.#): Normal (Monitored)
Interface Firepass (0.0.0.0): Normal (Not-Monitored)
Interface management (0.0.0.0): Normal (Not-Monitored)
Interface Visitor (0.0.0.0): No Link (Waiting)
slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/7 (up)
Stateful Obj xmit xerr rcv rerr
General 996522050 0 2038508 940
sys cmd 2021458 0 2021455 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 538504296 0 12227 723
UDP conn 301290945 0 2638 89
ARP tbl 154469753 0 2122 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 128
User-Identity 235598 0 66 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 25 2041263
Xmit Q: 0 1545 1163705413
# show failover history
==========================================================================
From State To State Reason
==========================================================================
20:05:51 EDT Jun 18 2014
Not Detected Negotiation No Error
20:05:56 EDT Jun 18 2014
Negotiation Cold Standby Detected an Active mate
20:05:57 EDT Jun 18 2014
Cold Standby Sync Config Detected an Active mate
20:06:08 EDT Jun 18 2014
Sync Config Sync File System Detected an Active mate
20:06:08 EDT Jun 18 2014
Sync File System Bulk Sync Detected an Active mate
20:06:22 EDT Jun 18 2014
Bulk Sync Standby Ready Detected an Active mate
20:10:46 EDT Jun 18 2014
Standby Ready Just Active Set by the config command
20:10:46 EDT Jun 18 2014
Just Active Active Drain Set by the config command
20:10:46 EDT Jun 18 2014
Active Drain Active Applying Config Set by the config command
20:10:46 EDT Jun 18 2014
Active Applying Config Active Config Applied Set by the config command
20:10:46 EDT Jun 18 2014
Active Config Applied Active Set by the config command
==========================================================================
#
==========================================================================
# show failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Ifc Failure 15:24:38 EST Dec 10 2014
Visitor: No Link
====Configuration State===
Sync Done
Sync Done - STANDBY
====Communication State===
Mac set
**********************************************************************************************
STANDBY NODE# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 216 maximum
failover replication http
Version: Ours 9.1(4), Mate 9.1(4)
Last Failover at: 10:09:07 EST Dec 4 2014
This host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
Interface External (0.0.0.0): Unknown (Waiting)
Interface LAN (#.#.#.#): Normal (Monitored)
Interface Firepass (0.0.0.0): No Link (Not-Monitored)
Interface Visitor (0.0.0.0): No Link (Waiting)
Interface management (0.0.0.0): No Link (Not-Monitored)
slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Primary - Active
Active time: 15161386 (sec)
slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
Interface External (#.#.#.#): Unknown (Waiting)
Interface LAN (#.#.#.#): Normal (Monitored)
Interface Firepass (#.#.#.#): Normal (Not-Monitored)
Interface Visitor (#.#.#.#): Normal (Waiting)
Interface management (#.#.#.#): Normal (Not-Monitored)
slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/7 (up)
Stateful Obj xmit xerr rcv rerr
General 79012 0 44222221 4935
sys cmd 79012 0 79012 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 20937129 2862
UDP conn 0 0 15425800 2073
ARP tbl 0 0 7767139 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 0 0 13141 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 54 51347266
Xmit Q: 0 1 79012
#
# show failover history
==========================================================================
From State To State Reason
==========================================================================
10:09:13 EST Dec 4 2014
Not Detected Negotiation No Error
10:09:17 EST Dec 4 2014
Negotiation Cold Standby Detected an Active mate
10:09:18 EST Dec 4 2014
Cold Standby Sync Config Detected an Active mate
10:09:29 EST Dec 4 2014
Sync Config Sync File System Detected an Active mate
10:09:29 EST Dec 4 2014
Sync File System Bulk Sync Detected an Active mate
10:09:43 EST Dec 4 2014
Bulk Sync Standby Ready Detected an Active mate
10:09:51 EST Dec 4 2014
Standby Ready Failed Interface check
15:23:42 EST Dec 10 2014
Failed Standby Ready Failover state check
15:23:53 EST Dec 10 2014
Standby Ready Failed Interface check
15:24:26 EST Dec 10 2014
Failed Standby Ready Failover state check
15:24:38 EST Dec 10 2014
Standby Ready Failed Interface check
==========================================================================
==========================================================================
# show failover state
State Last Failure Reason Date/Time
This host - Secondary
Failed Ifc Failure 15:24:38 EST Dec 10 2014
Visitor: No Link
Other host - Primary
Active None
====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set
************************************************************************************************
12-11-2014 06:58 AM
So the output shows "Visitor: No Link".
With that interface being down, the secondary unit is considered to be in failed state.
Fix that and it should come out of "Failed" state.
04-12-2016 10:27 AM
So in this situation, if active fails, how will standby react? will it comes up as active with no Visitor link or it won't come up at all as an active?
Thanks
04-12-2016 02:48 PM
If the standby unit knows it is part of an HA pair and is in failed state, it will not assume the active role if the primary active unit fails.
If it were to be rebooted, it would come up as active (even with one or more failed interfaces) since the mate was also failed.
12-11-2014 01:50 PM
Thanks for your assistance! I'm not local to the equipment but when I had someone check, that interface was not connected to the switch. As soon as we took care of that, the node status updated to Standby Ready. Appreciate your help.
12-11-2014 01:56 PM
You're welcome.
Thanks for the rating.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide