06-15-2012 02:26 PM
Hello, guys.
I have some problems with correct answer. One CF in one of ASA had died from active/standby failover cluster few days ago.
So all works perfectly.
But now I have:
asa-5520/act# sh fail
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum
Version: Ours 8.4(4), Mate 8.4(2)
Last Failover at: 00:25:50 UTC Jun 14 2012
This host: Secondary - Active
Active time: 161347 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.4(4)) status (Up Sys)
Interface internet (x.x.x.1): Normal (Waiting)
Interface inside (10.137.250.1): Normal (Waiting)
Interface management (192.168.1.1): Link Down (Waiting)
slot 1: empty
Other host: Primary - Failed
Active time: 24695466 (sec)
slot 0: ASA5520 hw/sw rev (1.0/8.4(2)) status (Unknown/Unknown)
Interface internet (x.x.x.2): Unknown (Monitored)
Interface inside (10.137.250.2): Unknown (Monitored)
Interface management (0.0.0.0): Unknown (Waiting)
slot 1: empty
Он failover unit Primary has died internal flash card (disk0). So a card had replaced, I've booted up ASA via tftp, copied files (image file, asdm file and startup-config from live ASA).
So I have a quiestion. I have startup-config from unit secondary. As I understand, I can simply change in config the next:
failover lan unit secondary
to failover lan primary
It will be correct?
Or I can make on current secondary command:
failover lan primary
And boot up another ASA with config from secondary?
So, appriciate any help, and I can't experiment with commands, because it's very production
Solved! Go to Solution.
06-15-2012 07:12 PM
Cisco has a step-by-step guide posted here.
Follow it carefully and you will successfully re-introduce the repaired primary unit with zero downtime.
06-15-2012 07:12 PM
Cisco has a step-by-step guide posted here.
Follow it carefully and you will successfully re-introduce the repaired primary unit with zero downtime.
06-16-2012 02:13 AM
As I understand correctly, my steps will be next:
On new ASA without any configuration (almost clean) I'll enter:
ASA(config)#failover lan unit primary
ASA(config)#failover lan interface failover GigabitEthernet0/2
ASA(config)#failover link failover GigabitEthernet0/2
ASA(config)#failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
ASA(config)# interface GigabitEthernet0/2
ASA(config-if)#no shut
ASA(config-if)#exit
ASA(config)#failover
And after that configuration will be synced from active (secondary) to standby (primary) unit without any downtimes and traffic corraption. Yes?
06-16-2012 04:08 AM
Almost right, but don't forgot to check your license and activation-key, because it's saved on flash card.
I retrieved from cisco.com/go/licence/ activation-key and after that can complitely finish failover recover
Thanks for help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide