cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1083
Views
1
Helpful
0
Replies

Reregister FTDs in an HA Configuration

msanclimenti
Level 1
Level 1

Two FTDs in an HA pair lost communications to the FMC due to a configuration mishap. A person reconfigured the management by mistake and now the FMC cannot communicate with the FTDs. I have a lab and recreated this situation. The lab FTDs were reconfigured with the wrong IP address for the FMC and then configured to the correct IP address for the lab FMC. The FTDs are in a pending state when looking at the managers. In addition to the HA configuration, the FTDs are configured for EIGRP with authentication.

During the process, the secondary HA configuration is deleted and the secondary FTD will establish EIGRP neighbor relations with the lab outside router and lab inside switch. This is temporary until the procedure is fully carried out. The potential is asymmetrical for any new flows that occur during the process.

Below is the procedures I developed for getting the FTDs back on the FMC. I would like to know if anyone experienced this situation and if there is a better way of re-registering the FTDs. Thank you.

Reregister Procedures

  1. On the FMC, delete the HA group
    1. This will un-register the FTDs and the FTD group will be empty
  2. Log into the standby FTD and suspend the HA
    1. Type configure high-availability suspend
    2. The secondary FTD goes into a pseudo-Secondary state
    3. The primary FTD sees the secondary FTD as disabled
  3. On the FMC, register the secondary FTD
    1. After registration, the HA configuration is deleted
    2. The secondary will establish EIGRP neighbors to the devices
  4. On the FMC, register the primary FTD
    1. After registration, the HA configuration is deleted
    2. The primary will establish EIGRP neighbors to the devices
  5. On the FMC, configure and deploy the HA configuration
  6. After the HA configuration is deployed, verify the following:
    1. EIGRP neighbors are established on the primary only
    2. Verify the failover states of the FTDs
      1. Primary is active
      2. Secondary is Standby Ready
0 Replies 0
Review Cisco Networking for a $25 gift card