Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1833
Views
0
Helpful
7
Replies

FWSM failover 6500

netternewbie
Level 1
Level 1

‎10-24-2012 06:57 AM - edited ‎03-11-2019 05:13 PM

Hi Folks,

Firstly is this the right forum to post threads about FWSM's. We have 2 FWSM's in two seperate 6500 switches. There are a number of contexts on each FWSM.

I want to fail a context from one FWSM over to the other 6500 and FWSM. Can you tell me how I can do that? Do I need to do it in the admin context and do I need to do it on the admin context of each 6500?

Thanks,

Netter

Labels:
0 Helpful
7 Replies 7

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-24-2012 07:02 AM

Yes, you are at the right place

You can't fail only 1 context from one FWSM to another FWSM. You can move the context from 1 failover group to the other failover group if you wish.

To actually failover the context, you would need to failover the whole failover group, eg:

failover active group 1

or

failover active group 2

You can only configure 2 failover groups, and you would assign context to one of the failover group.

0 Helpful

netternewbie
Level 1
Level 1
In response to Jennifer Halim

‎10-24-2012 07:13 AM

Hi Jennifer,

Great, yes we have a group 1 and a group 2 and some contexts live on each 6500. I cannot failover the whole group as its operational and I just want to failover the test context I am working on.

So I will have to move the context from one failover group to the next as you suggested. What is the best way to do this? Which admin context do I change it on first or does it matter? Should I change it on the context where it is currently live and then hop on the other 6500 and change it there?

do I need to do a no command first like this?

no join-failover-group 2

then

join-failover-group 1

on both admin contexts.

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to netternewbie

‎10-24-2012 07:18 AM

You actually have to do it in the system context, instead of the admin context.

From the system context, go to that particular context configuration mode, and change it from one failover group to the other depending on which is the active one.

Eg:

From system context:

context

  no join-failover-group 2

  join-failover-group 1

You would need to do it on the active FWSM, and the configuration will get replicated to the standby FWSM.

0 Helpful

netternewbie
Level 1
Level 1
In response to Jennifer Halim

‎10-24-2012 07:29 AM

Ok sorry I am new to all this, I guess our admin context is actually the system context. Another stupid question but how do I tell which FWSM is active? Are they both active or is one in standby?

0 Helpful

netternewbie
Level 1
Level 1
In response to netternewbie

‎10-24-2012 07:35 AM

Hi,

I think a conf t has answered my question above.

However, when in the system/admin context I do:

context

  no join-failover-group 2

I get the error below:

ERROR: Command requires failover-group 1 and 2 to be in the same state

or no nameif comand for all interfaces in this context

0 Helpful

netternewbie
Level 1
Level 1
In response to netternewbie

‎10-24-2012 07:53 AM

Hi Jennifer,

I think I got it. I did no failover in system context then did the commands you said above and when finished I did failover again on system context and its seems to have failed over.

Thanks for your help.

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to netternewbie

‎10-24-2012 03:59 PM

Excellent, good to hear that all is working great and thanks for the update.

Pls kindly mark the post answered so others can learn from your question. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card