10-24-2012 06:57 AM - edited 03-11-2019 05:13 PM
Hi Folks,
Firstly is this the right forum to post threads about FWSM's. We have 2 FWSM's in two seperate 6500 switches. There are a number of contexts on each FWSM.
I want to fail a context from one FWSM over to the other 6500 and FWSM. Can you tell me how I can do that? Do I need to do it in the admin context and do I need to do it on the admin context of each 6500?
Thanks,
Netter
10-24-2012 07:02 AM
Yes, you are at the right place
You can't fail only 1 context from one FWSM to another FWSM. You can move the context from 1 failover group to the other failover group if you wish.
To actually failover the context, you would need to failover the whole failover group, eg:
failover active group 1
or
failover active group 2
You can only configure 2 failover groups, and you would assign context to one of the failover group.
10-24-2012 07:13 AM
Hi Jennifer,
Great, yes we have a group 1 and a group 2 and some contexts live on each 6500. I cannot failover the whole group as its operational and I just want to failover the test context I am working on.
So I will have to move the context from one failover group to the next as you suggested. What is the best way to do this? Which admin context do I change it on first or does it matter? Should I change it on the context where it is currently live and then hop on the other 6500 and change it there?
do I need to do a no command first like this?
no join-failover-group 2
then
join-failover-group 1
on both admin contexts.
10-24-2012 07:18 AM
You actually have to do it in the system context, instead of the admin context.
From the system context, go to that particular context configuration mode, and change it from one failover group to the other depending on which is the active one.
Eg:
From system context:
context
no join-failover-group 2
join-failover-group 1
You would need to do it on the active FWSM, and the configuration will get replicated to the standby FWSM.
10-24-2012 07:29 AM
Ok sorry I am new to all this, I guess our admin context is actually the system context. Another stupid question but how do I tell which FWSM is active? Are they both active or is one in standby?
10-24-2012 07:35 AM
Hi,
I think a conf t has answered my question above.
However, when in the system/admin context I do:
context
no join-failover-group 2
I get the error below:
ERROR: Command requires failover-group 1 and 2 to be in the same state
or no nameif comand for all interfaces in this context
10-24-2012 07:53 AM
Hi Jennifer,
I think I got it. I did no failover in system context then did the commands you said above and when finished I did failover again on system context and its seems to have failed over.
Thanks for your help.
10-24-2012 03:59 PM
Excellent, good to hear that all is working great and thanks for the update.
Pls kindly mark the post answered so others can learn from your question. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide