Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
4
Replies

Pix Failover Problem

m.reay
Level 1
Level 1

‎08-02-2004 05:28 AM - edited ‎02-20-2020 11:32 PM

I have two PIX's configured for lan-based failover.

The other day there was a power failure, during which someone removed the lan cables from the primary.

When the power came back I expected the standby PIX to become active however I had to issue the failover active command before this happened.

Any ideas?

0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎08-02-2004 06:07 PM

If this is a failover-only PIX, then it will exhibit the following after a power up:

When the failover lan interface link status is up:

   * The FO-only PIX will boot and automatically become active if it fails to detect the primary UR PIX.

   * The unit will reload itself every following 24 hours, automatically becoming active each time.

When the failover lan interface link status is down:

   * The FO-only PIX will boot and come online but not become active.

   * The command failover active must be manually executed to make the unit active.

   * The unit will reload itself every following 24 hours, requiring another manual failover active to make it active each time.

I think you hit the second condition, meaning the failover lan interface status was down. You would get this if you have a cross-over cable connected between the two PIX and the primary is still powered off or the cables were disconnected from it (which you said they were). This is exactly why we suggest plugging all cables into a switch and not using cross-over cables, even if the primary is down the link status on the secondary will still be up.

0 Helpful

m.reay
Level 1
Level 1
In response to gfullage

‎08-03-2004 08:38 AM

Thanks for the reply however all interfaces are connect to a Cisco 4507R configured for multiple vlans, icluding a dedicated failover vlan.

I don't know what the status of the interface was, but can only assume that it was up as it was connected to a switch port - though I certainly wouldn't swear to it.

Could it be due to the fact that spanning tree portfast wasnt configured on the port.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to m.reay

‎08-03-2004 04:26 PM

Even with portfast disabled the link status should have been up if the port was up (even if it was in blocking state still). Could the switch have been powered off or still coming up from the power outage?

I would definately recommend enabling portfast on all the PIX-connected interfaces, this'll speed up failover enormously.

0 Helpful

m.reay
Level 1
Level 1
In response to gfullage

‎08-03-2004 11:01 PM

No - the power came back on the sunday abd the problem was noticed on Monday.

The switch was fully up.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card