cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3031
Views
0
Helpful
6
Replies

How to tell if Active/active or Active/Standby mode is configured?

Jason Jackal
Level 1
Level 1

Folks:

I am still learning the output of my running config, but how do I tell if my firewall is set to Actve/Active or Active/Standby mode?

In addition, how do I tell if it uses regular or stateful failover mode?

Thank you

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

If you don't have multiple context configured, it is definitely just Active/Standby failover. Active/Active failover basically means that if you have multiple context configured, you can have some context active on 1 unit, and some other context active on another unit.

If under the output of "show failover" on the "Stateful Failover Logical Update Statistics" section, you have an interface configured and it's UP, and the stats are showing some numbers, that means stateful failover is configured.

OR, you can also check the configuration, and if you have "failover link" command configured, that means stateful failover is configured.

nkarthikeyan
Level 7
Level 7

Hi Jason,

Active/Active failover is only available to security appliances in multiple context mode. In an Active/Active failover configuration, both security appliances can pass network traffic.

Also you can refer cisco document for better understanding

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#conf

In your configuration it will be configured like this.... this configuration shows that the unit is primary.... so this one is active and the other unit is standby...also it has two different failover configured.... lan and state which describes the LAN failover and stateful failover...

failover

failover lan unit primary

failover lan interface failover Ethernet0/2

failover key *****

failover replication http

failover link State Ethernet0/3

failover interface ip failover 10.0.0.1 255.255.255.0 standby 10.0.0.2

failover interface ip State 20.0.0.1 255.255.255.0 standby 20.20.20.2

Juraj Papic
Level 3
Level 3

Hello Jason,

This can help

sh failover | i This

Regards

Thank you for the suggestions

Jason Jackal
Level 1
Level 1

I wanted to provide this as well, since I found it and it also helped me answering my question.

This output shows Active/Active failover output.

**Note** it says PIX; however, I beleive it will be the same output for ASA.

PIX1(config-subif)#show failover

Failover On

Cable status: N/A - LAN-based failover enabled

Failover unit Primary

Failover LAN Interface: LANFailover Ethernet3 (up)

Unit Poll frequency 15 seconds, holdtime 45 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 250 maximum

Version: Ours 7.2(2), Mate 7.2(2)

Group 1 last failover at: 06:12:45 UTC Apr 16 2007

Group 2 last failover at: 06:12:43 UTC Apr 16 2007

  This host:    Primary

  Group 1       State:          Active

                Active time:    359610 (sec)

  Group 2       State:          Standby Ready

                Active time:    3165 (sec)

                  context1 Interface inside (192.168.1.1): Normal

                  context1 Interface outside (172.16.1.1): Normal

                  context2 Interface inside (192.168.2.2): Normal

                  context2 Interface outside (172.16.2.2): Normal

  Other host:   Secondary

  Group 1       State:          Standby Ready

                Active time:    0 (sec)

  Group 2       State:          Active

                Active time:    3900 (sec)

                  context1 Interface inside (192.168.1.2): Normal

                  context1 Interface outside (172.16.1.2): Normal

                  context2 Interface inside (192.168.2.1): Normal

                  context2 Interface outside (172.16.2.1): Normal

They are Active/Active failover since you have multiple context configured.

Review Cisco Networking for a $25 gift card