Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
1
Replies

PIX Failover Vlan issue

p.danielsen
Level 1
Level 1

‎10-20-2004 01:25 AM - edited ‎02-20-2020 11:41 PM

Hi ...

I'am having a problem on getting vlan failover to work on two Cisco PIX ....

Anyone know a solution to this problem ..

---------------pix primary----------------

interface ethernet0 100full

interface ethernet1 auto

interface ethernet2 100full

interface ethernet3 100full

interface ethernet3 vlan701 logical

interface ethernet3 vlan703 logical

interface ethernet3 vlan704 logical

interface ethernet4 100full

interface ethernet5 10full

ip address outside 172.26.35.194 255.255.255.192

ip address inside 172.31.204.150 255.255.255.0

ip address FAILOVER 172.30.255.1 255.255.255.252

no ip address TRUNK

ip address BACKEND 172.30.2.254 255.255.255.0

ip address TSM 131.165.184.8 255.255.255.0

ip address FRONTEND 172.30.1.254 255.255.255.0

ip address MQ 172.30.3.30 255.255.255.224

ip address MANAGEMENT 172.30.3.62 255.255.255.224

ip audit info action alarm

ip audit attack action alarm

failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 172.26.35.254

failover ip address inside 172.31.204.151

failover ip address FAILOVER 172.30.255.2

no failover ip address TRUNK

failover ip address BACKEND 172.30.2.253

failover ip address TSM 131.165.184.9

failover ip address FRONTEND 172.30.1.253

failover ip address MQ 172.30.3.29

failover ip address MANAGEMENT 172.30.3.61

failover link FAILOVER

failover lan unit primary

failover lan interface FAILOVER

failover lan key ********

failover lan enable

---------------pix secondary----------------

failover link FAILOVER

failover lan unit secondary

failover lan interface FAILOVER

failover lan key ********

failover lan enable

A show failover on the primary

sh failover

Failover On

Serial Failover Cable status: My side not connected

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 13:02:15 UTC Tue Oct 19 2004

This host: Primary - Active

Active time: 44520 (sec)

Interface outside (172.26.35.194): Normal

Interface inside (172.31.204.150): Normal

Interface TRUNK (0.0.0.0): Normal (Waiting)

Interface BACKEND (172.30.2.254): Normal

Interface TSM (131.165.184.8): Normal

Interface FRONTEND (172.30.1.254): Normal (Waiting)

Interface MQ (172.30.3.30): Normal (Waiting)

Interface MANAGEMENT (172.30.3.62): Normal (Waiting)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface outside (172.26.35.254): Normal

Interface inside (172.31.204.151): Normal

Interface TRUNK (0.0.0.0): Normal (Waiting)

Interface BACKEND (172.30.2.253): Normal

Interface TSM (131.165.184.9): Normal

Interface FRONTEND (172.30.1.253): Normal (Waiting)

Interface MQ (172.30.3.29): Normal (Waiting)

Interface MANAGEMENT (172.30.3.61): Normal (Waiting)

I get the following error in the log

WARNING, missing ip or failover address on TRUNK interface

thanks in advance

/Peter

0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎10-20-2004 10:57 AM

The Warning message you pointed out pretty much tells you what the issue is. Each interface on the PIX in a failover config needs to be addressed or shutdown. The confusion in your case I believe, is that you are thinking of the physical interface as simply a trunk. You can apply a VLAN to a physical interface as well as a logical interface. One suggestion would be to create another VLAN on the trunk just for communication on this TRUNK interface. Make sure the new VLAN is trunked to both PIX's, assign the VLAN to the physical interface (just like you did to the logical interfaces) and address them. This should make the warning message go away.

Does this clarify matters any? Let me know.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card