Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
4
Replies

ASA5520 8.0(5) - write standby causes standby interface down/up

Jeroen Huysmans
Level 1
Level 1

‎09-22-2011 11:18 PM - edited ‎03-11-2019 02:29 PM

Hi,

last night I started upgrading our ASA5520 active/standby cluster.

Because of lack of memory, I stopped the upgrade process and will continue when the memory modules have arrived... Currently I'm running

8.0(5) on both nodes (Version: Ours 8.0(5), Mate 8.0(5))

Now it seems I have a "problem".

Whenever I use the "write standby" command on the active ASA, the passive ASA seems to drop it links for a short while:

08:04:55 %ASA-1-709006: (Secondary) End Configuration Replication (STB)

08:04:55 %ASA-4-411001: Line protocol on Interface GigabitEthernet0/0, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface GigabitEthernet0/0, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface GigabitEthernet0/1, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface Outside_1, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface Outside_2, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface GigabitEthernet0/1, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface Inside_1, changed state to up

08:04:55 %ASA-4-411001: Line protocol on Interface Inside_2, changed state to up

08:05:03 %ASA-1-105003: (Secondary) Monitoring on interface management waiting

08:05:03 %ASA-1-105006: (Secondary) Link status 'Up' on interface Outside_1

08:05:03 %ASA-1-105006: (Secondary) Link status 'Up' on interface Outside_2

08:05:03 %ASA-1-105006: (Secondary) Link status 'Up' on interface management

08:05:18 %ASA-1-105004: (Secondary) Monitoring on interface management normal

anyone a clue?

jeroen

Labels:
0 Helpful
4 Replies 4

varrao
Level 10
Level 10

‎09-22-2011 11:21 PM

Hi Jeroen,

Don't worry this is an expected behavior, since whenever you issue the command write standby, the active ASA would push the all the configuration on to the passive ASA, the passive ASA would clear all its config and then write teh config from active ASA, here's teh right documentation for it:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_standby.html#wp1079487

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Jeroen Huysmans
Level 1
Level 1
In response to varrao

‎09-22-2011 11:42 PM

Hi Varun,

thanks for your reply, but this never happened before so I wonder if this is normal behaviour...

However, I've never had an interface down/up msg when the config was synced before the upgrade...

jeroen

0 Helpful

varrao
Level 10
Level 10
In response to Jeroen Huysmans

‎09-23-2011 12:48 AM

Hi Jeroen,

In normal command replication only the command that is added is pushed to the standby device, but when you do write standby, it clears out all the config and then adds it again, so the ports would go doen momentarily. The only think we can do to minimize it would e to configure the ports connected to the ASA on switch as switchport portfast so as to minimize the delay in bringing the ports up.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Jeroen Huysmans
Level 1
Level 1
In response to varrao

‎09-23-2011 01:29 AM

Hi Varun,

thanks... Still it sounds strange to me, as I always did a "write standby" and never noticed interfaces going down.

No need to configure portfast (is already configured), I'll just have to remove the line "logging event link-status" from the interfaces.

But it's still strange to me, as it never happened before.

jeroen

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card