Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
3
Replies

Failed units replacement in active/standby ?

Go to solution
manish arora
Level 6
Level 6

‎06-17-2011 10:59 AM - edited ‎03-11-2019 01:46 PM

Hi,

I have a pair of ASA5520 in active/standby, both devices needs to be replaced as they do not have DIM slots for memory. Before I request an RMA from cisco , I wondering what would be the best way to replace these for zero downtime.

1> I will configure the new standby unit with Failover config & replace the failed unit ... sync the config.

2> Failover  from primary to the new standby after sync is complete.

3>  ????

how do I configure primary ( Just failover config ) and it would get synced by the active standdby for configuration ... or how does this works ?

Manish

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎06-17-2011 11:03 AM

Hi,

I would say:

-Step 3 configure the new Primary Unit (Failover commands only)

-Connect the new Primary Unit to the network ONLY with the failover cable, so they can sync.

-Once the Active (Secondary) sees the primary (Standby) as failed connect the rest of the cables

-Check until everything is up

-Force failvoer to the primary Unit

Mike

Mike

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎06-17-2011 11:03 AM

Hi,

I would say:

-Step 3 configure the new Primary Unit (Failover commands only)

-Connect the new Primary Unit to the network ONLY with the failover cable, so they can sync.

-Once the Active (Secondary) sees the primary (Standby) as failed connect the rest of the cables

-Check until everything is up

-Force failvoer to the primary Unit

Mike

Mike
0 Helpful

Go to solution
manish arora
Level 6
Level 6
In response to Maykol Rojas

‎06-17-2011 11:06 AM

"

-Connect the new Primary Unit to the network ONLY with the failover cable, so they can sync.

-Once the Active (Secondary) sees the primary (Standby) as failed connect the rest of the cables "

Good Idea --- Thank you very much Mr. Mike.

Manish

0 Helpful

Go to solution
JEFF SPRADLING
Level 1
Level 1

‎07-20-2012 11:05 AM

The key here is to issue the 'no failover active' commnad on the primary so it doesn't assume its the active firewall when connected to the secondary or it WILL force it's config.

Here's a sequence of steps:


configure the primary for failover -

failover lan unit primary

failover lan interface LANFail GigabitEthernet0/2

failover replication http

failover link stateful GigabitEthernet0/3

failover interface ip LANFail 172.16.100.1 255.255.255.0 standby 172.16.100.2

failover interface ip stateful 172.16.101.1 255.255.255.0 standby 172.16.101.2    

Configure all interfaces with the primary IP (no standby needed at this point)

'no shut' on all active interfaces

no failover active         <------- (critical! Forces the primary to standby)

connect lan failover cable (the only one needed at this point)

Secondary will start replicating to primary.

Once  the replication is complete (show failover, ensure primary is "standby  ready", you can connect the remaining cables and do a 'failover active'  on the primary.

Hope this helps others...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card