Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
3
Replies

ASA 5545x 9-12-3-12 Failover conflict between Pri/Sec

Steve Coady
Level 1
Level 1

‎08-20-2020 07:58 AM

All

 

We are experiencing catastophic weirdness with failover between Pri/Sec.

 

While on Pri, the "no failover" command was run.

    I lost connectivity to Primary

    Internet connectivity was lost.

 

I think this was because Prim/Sec both thought they should be primary. The only way to resolve this was to power down the Secondary.

 

However, trying to restore HA failover pair, while consoled in and with all cabling except the Management interface and the HA pair cable disconnected on the Secondary, after issuing the failover command, the same issue happened again.

 

I checked for bugs but did not see anything related. 

 

Please provide any insight you may have.

 

 

Thank you

 

 

 

 

sMc
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎08-20-2020 08:22 AM - edited ‎08-20-2020 08:23 AM

Just trying to understand the scenario here  :

 

1, what is the reason for you to run "no failover" - are you doing any testing or upgrade or failover ? ( has this failover worked anytime before )

2. or is this new setup ?

 

Can you also share your configuriaton and logs were generate at the time of command issue (if you have any).

as long as you have interface configured and monitored, no failover - should stay as Active - active only and standby - as standby (but your case it become split brain and become active /active)

 

So i am in assumtion there is some config missing.

 

before issue "no failover" - have you checked failover status ?

 

show failover ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Steve Coady
Level 1
Level 1
In response to balaji.bandi

‎08-20-2020 08:42 AM

Balaji

 

Thank you for responding.

 

Not a new setup. Has been working.

 

We recently upgraded the ASA OS to 9.12.3.12 due to bug on 9.12.3.9.

 

This upgrade caused problems for our Firepower SFR modules.

 

The SFR mod on the Secondary was found to be bad. 

 

In order to re-configure the Primary, we thought to split the ASA HA pair.

 

Issuing the no failover command on the Primary at this point caused the issue.

 

The configs matched. However during troubleshooting last night, we removed the failover key. The issue still occurred when testing afterwards.we have the folloing config on both sides.

 

no monitor-interface service-module

no failover
failover lan unit primary (Secondary)
failover lan interface FAILOVER Port-channel1
failover replication http
failover link FAILOVER Port-channel1
failover interface ip FAILOVER 192.x.x.1 255.255.255.248 standby 192.x.x.6
no failover wait-disable

!

!

before issue "no failover" - have you checked failover status? Yes. Failover status was 

 

This host - Primary
Active
Other host - Secondary
Standby Ready

 

 

 

 

 

 

sMc
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Steve Coady

‎08-20-2020 01:19 PM

thanks for the input, can you post show failover  ( from both the unit)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card