12-14-2016 11:12 AM - edited 03-10-2019 06:44 AM
I was wondering if someone can help me with the configuration of the cisco ips for failover we have 2 cisco asa 5515 IPS. I want to test the failover. When i look at this configuration. It appears that it is lan based failover. Correct me if i'm wrong my understanding for this failover operation is if gi0/2 went down the standby gi0/3 interface will be active. Now if i run show failover command it just shows primary standby ready which it doesnt have any ip address and secondary is active with external ip address and internal ip address. If anyone can help with this. I attached a screenshot of the show failover result command. Thank you in advance.
int gi0/2 is 10.0.1.10
int gi0/3 is 10.0.2.10
failover
failover lan unit primary
failover lan interface failover GigabitEthernet0/2
failover polltime unit msec 200 holdtime msec 800
failover polltime interface msec 500 holdtime 5
failover replication http
failover link statefulfailover GigabitEthernet0/3
failover interface ip failover 10.0.1.10 255.255.255.0 standby 10.0.1.11
failover interface ip statefulfailover 10.0.2.10 255.255.255.0 standby 10.0.2.11
Solved! Go to Solution.
12-16-2016 09:09 PM
From your first posting, the Secondary is Active and the Primary is Standby Ready state. Simply log into the Secondary-Active in enable mode and type "no failover active".
You will be disconnected from the unit and when you log back in you should be connected to Primary-Active.
12-14-2016 12:10 PM
A couple of questions:
1. Do you have standby IPs configured on those interfaces?
2. Have you read this ASA Configuration Guide for Failover:
Thank you for rating helpful posts!
12-15-2016 01:45 PM
Thank you for quick response. Im going to read the failover link document. Apparently I inherit this task. I was told it's working and i need to do a failover. Here's the full configuration
Primary Cisco IPS 5515x
int gi0/2 is 10.0.1.10
int gi0/3 is 10.0.2.10
failover
failover lan unit primary
failover lan interface failover GigabitEthernet0/2
failover polltime unit msec 200 holdtime msec 800
failover polltime interface msec 500 holdtime 5
failover replication http
failover link statefulfailover GigabitEthernet0/3
failover interface ip failover 10.0.1.10 255.255.255.0 standby 10.0.1.11
failover interface ip statefulfailover 10.0.2.10 255.255.255.0 standby 10.0.2.1
Secondary Cisco IPS 5515x
int gi0/2 is 10.0.1.11
int gi0/3 is 10.0.2.11
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/2
failover polltime unit msec 200 holdtime msec 800
failover polltime interface msec 500 holdtime 5
failover replication http
failover link statefulfailover GigabitEthernet0/3
failover interface ip failover 10.0.1.10 255.255.255.0 standby 10.0.1.11
failover interface ip statefulfailover 10.0.2.10 255.255.255.0 standby 10.0.2.11
12-16-2016 09:09 PM
From your first posting, the Secondary is Active and the Primary is Standby Ready state. Simply log into the Secondary-Active in enable mode and type "no failover active".
You will be disconnected from the unit and when you log back in you should be connected to Primary-Active.
01-11-2017 10:21 AM
Thank you, for all your response. I'm going to try the failover next week and will let you know if it 's successful or not. cross finger.
01-10-2017 09:18 PM
you can use the following command to configure standby IPs to the device
int Gi0/x
ip address <active ip> <subnet> standby <standby ip>
"standby" is the keyword and the IP mentioned after this keyword would be assigned to standby device(doesn't matter which is standby, primary or secondary)
HTH
12-15-2016 12:30 AM
In addition to what Neno correctly pointed out, I would add that standby IP addresses for the production traffic interfaces are optional. It appears they are not setup on your pair, thus the report of "0.0.0.0" addresses on the Standby unit.
We often see this in situations where there are a very limited number of public IP addresses where the customer is unable or unwilling to dedicate an IP address for the sole purpose of monitoring the IP reachability of that particular interface on the standby unit. Fir private subnets I always use a standby IP address.
It works perfectly fine, it just gives the failover cluster one fewer data point in assessing the health of the mate.
Gi0/2 and Gi0/3 in your setup are used strictly for failover cluster monitoring and state replication respectively. They do not backup each other per se but rather handle different aspects of the failover cluster operations. Using a dedicated interface (like your Gi0/3) for stateful failover support is optional. If you do not have stateful failover setup, tcp session state will not be preserved across a failover event and any open sessions must be re-established.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide