12-14-2006 05:47 PM - edited 03-11-2019 02:09 AM
okay, heres the situation. I have two PIX-515E's in a failover scenario. Primary PIX has a UR license and the Secondary PIX has a FO license.
The Primary PIX has failed, it decided to hang and when manually rebooted it came up with the no config, just the default factory config.
Now the Secondary is now active and passing traffic everything is fine, the Primary is failed and is actually powered off.
The output from the show fail command on the active Secondary is
Failover On
Cable status: Other side powered off
Failover unit Secondary
Failover LAN Interface: N/A - Serial-based failover enabled
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 15 seconds
Interface Policy 1
Monitored Interfaces 5 of 250 maximum
failover replication http
Last Failover at: 12:01:11 NZST Jan 1 1993
This host: Secondary - Active
Active time: 2700 (sec)
Interface inside (10.a.b.c): Normal (Waiting)
Interface outside (203.w.x.y): Normal (Waiting)
Interface dmz (10.g.h.i): Normal (Waiting)
Interface intf4 (0.0.0.0): Link Down (Waiting)
Interface intf5 (0.0.0.0): Link Down (Waiting)
Other host: Primary - Failed
Active time: 0 (sec)
Interface inside (10.a.b.d): Unknown (Waiting)
Interface outside (203.w.x.z): Unknown (Waiting)
Interface dmz (10.g.h.j): Unknown (Waiting)
Interface intf4 (0.0.0.0): Unknown (Waiting)
Interface intf5 (0.0.0.0): Unknown (Waiting)
The issue I have is threefold
1. If I power on the Primary PIX with no config, will the Secondary stay active without traffic interuption
2. If I do power on the Primary and all is well, can I send the config from the active Secondary to the failed Primary
3. If I do not power on the Primary, will the active Secondary, that is running the FO license, reboot after 24 hours, even if it recognises the Primary's state as powered off.
Thanks in advance
Paul
12-14-2006 06:28 PM
Hello paul,
please find the answers below:
1. If I power on the Primary PIX with no config, will the Secondary stay active without traffic interuption
Ans - Yes.. THe failover pix will remain primary and send traffic without traffic interruption. If you need to force the failover pix (which is primary now) to standby, u need to manually reboot it.. till that time, the failover pix acts as active and will continue forwarding traffic..
2. If I do power on the Primary and all is well, can I send the config from the active Secondary to the failed Primary
Ans - Use the command write standby to copy the configs to the failover unit...
3. If I do not power on the Primary, will the active Secondary, that is running the FO license, reboot after 24 hours, even if it recognises the Primary's state as powered off.
Ans - i dont think it will boot after 24 hours.. if you have a failover cable plugged and since it has already recognised a primary unit, it will remain stable. no issues in that
hope this helps.. all the best.. rate replies if found useful.
Raj
12-14-2006 07:50 PM
Paul,
Do you know why your Primary lost its config? Also, you can restore the Primary to the Active role by issuing the failover active command, no need to reboot the secondary. You can find more information on the failover command here: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1029143
Bryan
12-14-2006 08:05 PM
I have no idea why it lost its config, unfortunately I am 3 timezones away from it.
Will the failed, currently powered off, Primary PIX with no config take the config from the active Secondary PIX when I power on the Primary PIX or will I need to issue any commands? Actually failing back to the Primary PIX is not a big issue, making sure that both PIX's have the same current config is the issue.
Thanks for your help and advice,
Paul
12-14-2006 08:49 PM
The config should be transferred to the Primary unit on bootup. To be safe, copy the running config from the Secondary into a text editor before powering on the Primary.
If, by chance, the empty config from the Primary is sent to your secondary, paste the config from the text document into your Primary, then issue a write standby.
The Cisco doc on this states: The active unit sends the configuration in running memory to the standby unit. As the configuration synchronizes, the messages "Sync Started" and "Sync Completed" appear on the primary console.
So, from this, I gather that the failover roles are not of importance in this case, only the failover states (active/standby). Since your Secondary unit is the Active, its config should be copied to your Primary (standby) unit.
I hope this goes well for you.
Bryan
12-19-2006 10:05 PM
yes, you were right.
I powered on the failed Primary with no config on it, issued the command failover on it and the Secondary active just sent across its config!
Thanks Bryan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide