Solved: Re: Failover Ethernet1/11 (Failed - No Switchover) - Page 2

rikkm4n · ‎09-17-2025

Hi all!

I have a question about ASA cluster failover. Failover LAN interface shows the following error:

CGD600167DVPN1/sec/act# sh fail
Failover On 
Failover unit Secondary
Failover LAN Interface: Failover Ethernet1/11 (Failed - No Switchover)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 6 of 1293 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.12(4)67, Mate 9.12(4)67
Serial Number: Ours JAD2245003H, Mate JAD2245006Q
Last Failover at: 11:41:59 WET Dec 2 2024

But interface is up:

CGD600167DVPN1/sec/act# sh int eth1/11
Interface Ethernet1/11 "Failover", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Description: LAN Failover Interface

And the sync state is ok:

CGD600167DVPN1/sec/act# sh fail state

State Last Failure Reason Date/Time
This host - Secondary
Active None
Other host - Primary
Standby Ready Ifc Failure 12:18:44 WET Dec 2 2024
outside: No Link

====Configuration State===
Sync Done
====Communication State===

Can't ping the other peer over failover LAN interface:

CGD600167DVPN1/sec/act# ping 1.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.5, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

Should i be worried if cluster fails over?

rikkm4n · ‎09-20-2025

Reload of the standby unit did the trick.

Ping works across failover links and the error message is gone. Failover also worked as expected.