Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1634
Views
0
Helpful
3
Replies

Changing the primary/secondary designation on ASA pair

DannyHuston
Level 1
Level 1

‎10-29-2012 06:01 PM - edited ‎03-11-2019 05:15 PM

I have a pair of ASA 5520s running 8.2 configured for active/standby. However I want to change what is currently labelled as the primary to be the secondary and the vice versa other unit (not talking about flipping from active to standby etc).  Is there a way this can be done without any downtime? I'm assuming the following commands are all i will be touching

failover lan unit primary

and

failover lan unit secondary

but unsure of steps to ensure i don;t lsoe connectivity.

Thanks!

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-29-2012 06:12 PM

Hello Danny,

Exactly that is what needs to be done!

I have not seen this requirement before but I would say you could do the following:

On the primary

failover exec mate failover lan unity primary

failover lan unit secondary

And that should take care of that, Please post it and let us know the result!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

DannyHuston
Level 1
Level 1
In response to Julio Carvajal

‎11-02-2012 08:16 AM

Thanks for the reply. So digging into this:

With the first command:

failover exec mate failover lan unit primary

This adds the config to the standby unit to be failover lan unit primary but it still has an empty starting config, correct? All it will contain is the failover config itself.  Now if I add the lan unit secondary to my current active, that means upon failover the BLANK config from the other unit will overwrite this one. IE

Device A - full starting config - lan unit primary - ACTIVE

Device B - blank starting config with failover commands - lan unit secondary - STANDBY

after change

Device A - full starting config - lanm unit secondary - ACTIVE

Device B - blank starting config with failover commands - lan unit primary - STANDBY

I issue "no failover active" on Device A and everything breaks since Device B has no config and A won't synch over to B since A was designated as secondary.  Is this logic correct?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to DannyHuston

‎11-02-2012 10:13 AM

Hello Danny,

As soon as you apply the no failover active ASA b should become the active and he will use it's current configuration, so it will not be a blank configuration, Logic is good execpt the final part,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card