11-15-2011 11:50 AM - edited 03-11-2019 02:51 PM
Hi
I have to connected the lan failover interface with a crossover cable.
When I enter "show failover statistics" on both ASA 5510 I get
Versions
Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(5)206
Primary
FW-DC01D/act# sh failover statistics
tx:2949
rx:11709
Secondary
FW-DC02D/sec# show failover statistics
tx:11684
rx:0
The primary is sending and receiving failover info, but he secondary, for any reason is not receiving failover info.
I do not know what might cause this?
Someone has experienced this problem?
Thanks
Esteban
11-15-2011 06:59 PM
Hello Esteban,
So there are directly connected, can you try to change the cable, also can you post the following output of both devices:
-Show run interface xxxx(lan failover interface)
-Show failover
-Show failover history
Regards,
Julio
11-16-2011 08:14 AM
PRIMARY
FW-DC01D/act# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: LAN-FAILOVER Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 110 maximum
Version: Ours 8.4(2), Mate Unknown
Last Failover at: 11:54:08 VET Nov 15 2011
This host: Primary - Active
Active time: 152770 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.4(2)) status (Up Sys)
Interface IFA_WW (10.10.4.99): Normal (Waiting)
Interface IFA_VE (10.10.90.65): Normal (Waiting)
Interface IFA_ISA (10.10.133.1): No Link (Not-Monitored)
Interface management (0.0.0.0): No Link (Not-Monitored)
slot 1: empty
Other host: Secondary - Not Detected
Active time: 0 (sec)
slot 0: empty
Interface IFA_WW (10.10.4.100): Unknown (Waiting)
Interface IFA_VE (10.10.90.66): Unknown (Waiting)
Interface DMZ_ISA (10.10.133.2): Unknown (Not-Monitored)
Interface management (0.0.0.0): Unknown (Not-Monitored)
slot 1: empty
Stateful Failover Logical Update Statistics
Link : LAN-FAILOVER Ethernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General0 0 0 0
sys cmd 0 0 0 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 0 0
Xmit Q: 0 0 0
FW-DC01D/act# sh failover history
==========================================================================
From State To State Reason
==========================================================================
10:36:14 VET Nov 15 2011
Disabled Negotiation Set by the config command
10:37:00 VET Nov 15 2011
Negotiation Just Active No Active unit found
10:37:00 VET Nov 15 2011
Just Active Active Drain No Active unit found
10:37:00 VET Nov 15 2011
Active Drain Active Applying Config No Active unit found
10:37:00 VET Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
10:37:00 VET Nov 15 2011
Active Config Applied Active No Active unit found
10:53:07 VET Nov 15 2011
Active Disabled Set by the config command
11:01:51 VET Nov 15 2011
Disabled Negotiation Set by the config command
11:02:37 VET Nov 15 2011
Negotiation Just Active No Active unit found
11:02:37 VET Nov 15 2011
Just Active Active Drain No Active unit found
11:02:37 VET Nov 15 2011
Active Drain Active Applying Config No Active unit found
11:02:37 VET Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
11:02:37 VET Nov 15 2011
Active Config Applied Active No Active unit found
11:44:01 VET Nov 15 2011
Active Disabled Set by the config command
11:53:23 VET Nov 15 2011
Disabled Negotiation Set by the config command
11:54:08 VET Nov 15 2011
Negotiation Just Active No Active unit found
11:54:08 VET Nov 15 2011
Just Active Active Drain No Active unit found
11:54:08 VET Nov 15 2011
Active Drain Active Applying Config No Active unit found
11:54:08 VET Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
11:54:08 VET Nov 15 2011
Active Config Applied Active No Active unit found
FW-DC01D/act# sh int 5 e0/3
Interface Ethernet0/3 "LAN-FAILOVER", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Input flow control is unsupported, output flow control is off
Description: LAN/STATE Failover Interface
MAC address 0007.7d1a.7875, MTU 1500
IP address 10.10.91.1, subnet mask 255.255.255.0
126645 packets input, 8105280 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
42216 packets output, 2701824 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/254)
output queue (blocks free curr/low): hardware (255/253)
Traffic Statistics for "LAN-FAILOVER":
126643 packets input, 5150162 bytes
42218 packets output, 1182104 bytes
0 packets dropped
1 minute input rate 1 pkts/sec, 61 bytes/sec
1 minute output rate 0 pkts/sec, 14 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 61 bytes/sec
5 minute output rate 0 pkts/sec, 14 bytes/sec
5 minute drop rate, 0 pkts/sec
SECONDARY
FW-DC02D/sec# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: LAN-FAILOVER Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 1 of 110 maximum
Version: Ours 8.4(2), Mate Unknown
Last Failover at: 09:18:32 UTC Nov 15 2011
This host: Secondary - Active
Active time: 86826 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.4(2)) status (Up Sys)
Interface IFAVE (10.10.90.66): Normal (Waiting)
slot 1: empty
Other host: Primary - Not Detected
Active time: 0 (sec)
slot 0: empty
Interface IFAVE (0.0.0.0): Unknown (Waiting)
slot 1: empty
Stateful Failover Logical Update Statistics
Link : Unconfigured.
FW-DC02D/sec# sh failover history
==========================================================================
From State To State Reason
==========================================================================
08:26:05 UTC Nov 15 2011
Disabled Negotiation Set by the config command
08:27:00 UTC Nov 15 2011
Negotiation Just Active No Active unit found
08:27:00 UTC Nov 15 2011
Just Active Active Drain No Active unit found
08:27:00 UTC Nov 15 2011
Active Drain Active Applying Config No Active unit found
08:27:00 UTC Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
08:27:00 UTC Nov 15 2011
Active Config Applied Active No Active unit found
08:59:00 UTC Nov 15 2011
Active Disabled Set by the config command
08:59:18 UTC Nov 15 2011
Disabled Negotiation Set by the config command
09:00:14 UTC Nov 15 2011
Negotiation Just Active No Active unit found
09:00:14 UTC Nov 15 2011
Just Active Active Drain No Active unit found
09:00:14 UTC Nov 15 2011
Active Drain Active Applying Config No Active unit found
09:00:14 UTC Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
09:00:14 UTC Nov 15 2011
Active Config Applied Active No Active unit found
09:07:36 UTC Nov 15 2011
Active Disabled Set by the config command
09:17:36 UTC Nov 15 2011
Disabled Negotiation Set by the config command
09:18:32 UTC Nov 15 2011
Negotiation Just Active No Active unit found
09:18:32 UTC Nov 15 2011
Just Active Active Drain No Active unit found
09:18:32 UTC Nov 15 2011
Active Drain Active Applying Config No Active unit found
09:18:32 UTC Nov 15 2011
Active Applying Config Active Config Applied No Active unit found
09:18:32 UTC Nov 15 2011
Active Config Applied Active No Active unit found
FW-DC02D/sec# sg h int e0/3
Interface Ethernet0/3 "LAN-FAILOVER", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Input flow control is unsupported, output flow control is off
Description: LAN Failover Interface
MAC address 0007.7dac.faf7, MTU 1500
IP address 10.10.91.2, subnet mask 255.255.255.0
41884 packets input, 2680576 bytes, 0 no buffer
Received 41884 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
125650 packets output, 8041600 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/254)
output queue (blocks free curr/low): hardware (255/254)
Traffic Statistics for "LAN-FAILOVER":
41884 packets input, 1926664 bytes
125650 packets output, 4355860 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 23 bytes/sec
1 minute output rate 1 pkts/sec, 52 bytes/sec
<--- More --->
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 23 bytes/sec
5 minute output rate 1 pkts/sec, 52 bytes/sec
5 minute drop rate, 0 pkts/sec
11-16-2011 10:17 AM
Hello Esteban,
On the interfaces we could see that there are no errors, overruns,etc so I would recommend you to try with another cable and then let us know if that does not work.
Also please send us the show run failover
Have a great day,
Julio
11-16-2011 11:14 AM
I change the crossover cable and connect the 2 ASA with a Crossover certificate cable
Here the RUNNs
FW-DC01D/act# sh run failover
failover
failover lan unit primary
failover lan interface LAN-FAILOVER Ethernet0/3
failover link LAN-FAILOVER Ethernet0/3
failover interface ip LAN-FAILOVER 10.10.91.1 255.255.255.0 standby 10.10.91.2
FW-DC02D/sec# sh run failover
failover
failover lan unit secondary
failover lan interface LAN-FAILOVER Ethernet0/3
failover link LAN-FAILOVER Ethernet0/3
failover interface ip LAN-FAILOVER 10.10.91.1 255.255.255.0 standby 10.10.91.2
11-16-2011 01:13 PM
Hello Esteban,
The configuration is the one required,
Can you do a write standby on the primary unit and let me know what happens.
Regards,
Julio
11-16-2011 05:56 PM
Hello Julio
Nothing Happens.
In the primary device the "OK Building configurations" appears, but in the secondary, the configurations remain the without any change.
Tomorrow I'll try with a straight cable.
Thanks,
Esteban
11-16-2011 07:02 PM
Hello Esteban,
Let me know how that goes, being straigth or cross-over should not make a difference just change the cable.
Have a good night.
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide