Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
2
Replies

FWSM move from Active/Standby to Active/active

Maria Schiaffino
Level 1
Level 1

‎11-18-2014 11:18 AM - edited ‎03-01-2019 07:43 AM

Hi there,

we have some FWSM installed in 6500 with many contexts in them.  They are at the moment configured as Active/Standby and in production.  But we have noticed that whenever a backup is run which goes through some of the contexts, the FWSM start counting errors which was already determined to be an oversubscription issue.  So, while we wait for the new ASA 5585X to arrive and finally replace them, we want to mitigate the issue by configuring the FWSM as Active/Active and move the contexts for backup traffic to the other box (keeping the production contexts in the other one).

My question is, can this be done without impacting the production traffic?  Or as soon as we enable the active/active by the configuration of the groups and assignments of the contexts, the traffic will be impacted and we will produce an outage to the network?

Thanks in advance for your help.

Regards,

Paula

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Chris Ingram
Level 1
Level 1

‎05-08-2015 12:23 PM

I have the same question but my hardware and my reasons are different.  I have a pair of 5585-x in active/standby mode and 12 contexts.  The two are in different geographical locations and I'm finding it would be beneficial to have some contexts active at one site and some active at the other site.  So I need to convert to active/active and I'm not finding any documentation about doing that.  It logically makes sense to me that it is possible to do this without too much disruption in traffic but I would just like to have some documented proof to provide to some other people.  Those of us who don't have a nice lab to practice with need to be able to find answers to questions like this.

Has anyone tried this, and would they care to share their experience?

 

thanks,

Chris

0 Helpful

Chris Ingram
Level 1
Level 1

‎05-08-2015 01:18 PM

I just tried this on a non-production ASA.  You can make the failover groups without disrupting traffic but you have to disable failover.  Then when you enter the context config to join a failover group and try to actually join a group you will see this message (if your running 8.4(x)).

 

(config-ctx)# join-failover-group 2
ERROR: Command requires failover-group 2 and 1 to be in the same state
or no nameif comand for all interfaces in this context

An interface cannot pass traffic without a name so if you remove the name you're disrupting traffic.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card