ASA failover link over the etherchannel connected switches
Hello,
We have two ASA firewalls located in different locations.
Firewalls are in Active/Standby modes.
Failover links of firewalls are connected to two different switches.
These switches are connected to each other with two dark fibers aggregated to Etherchannel (source-mac address mode)
When one of fiber links fails and then immediately is connected again, secondary ASA is going to Active state and then to Standy state again.
Please see the output bellow.
The holddown timer is set to 15 seconds.
What could be the cause of this state change?
ciscoasa# sh failover history
==========================================================================
From State To State Reason
==========================================================================
22:54:20 GET Apr 4 2014
Standby Ready Just Active HELLO not heard from mate
22:54:20 GET Apr 4 2014
Just Active Active Drain HELLO not heard from mate
22:54:20 GET Apr 4 2014
Active Drain Active Applying Config HELLO not heard from mate
22:54:20 GET Apr 4 2014
Active Applying Config Active Config Applied HELLO not heard from mate
22:54:20 GET Apr 4 2014
Active Config Applied Active HELLO not heard from mate
22:54:42 GET Apr 4 2014
Active Cold Standby Failover state check
22:54:43 GET Apr 4 2014
Cold Standby Sync Config Failover state check
22:55:36 GET Apr 4 2014
Sync Config Sync File System Failover state check
22:55:36 GET Apr 4 2014
Sync File System Bulk Sync Failover state check
22:55:51 GET Apr 4 2014
Bulk Sync Standby Ready Failover state check
Maybe spanning tree recalculation. I know you said there was an etherchannel but I would make sure it is built properly. Also run "Show spanning-tree detail" on the switches after you unplug/replug and check when the last topology change was.
Similar Messages
-
Can you put multiple links over the same button and have it still change states?
I have a photoshop button that changes from an active state ('TRAVEL' in a box) to a rollover state ('JAPAN, PHILIPINNES, KOREA, INDIA' in a gridded box). The 4 location names should be linked to seperate galleries. I want to find a way to do that. I tried placing clear rectangles over the areas, and then linking the rectangles, but it prevents the rollover state from being activated. Is there a way to do this?
You should be able to do what you want with the Tooltip Composition Widget.
-
ASA 5580 with EtherChannel 20Gbs, Does the Failover link must match the same Speed?
Hello,
I have an ASA 5580, I am plannning on setting two EtherChannels (inside and outside), each channel will include two TenGigabit interfaces.
My questions is that if the links that I am gonig to use for the failover and link, should also be 20Gbs each, or it is ok to use 10Gbs for each link?
According to the Configuration guide 8.4
Use the following failover interface speed guidelines for the ASAs:
• Cisco ASA 5510
– Stateful link speed can be 100 Mbps, even though the data interface can operate at 1 Gigabit due
to the CPU speed limitation.
• Cisco ASA 5520/5540/5550
– Stateful link speed should match the fastest data link.
• Cisco ASA 5580/5585
– Use only non-management 1 Gigabit ports for the stateful link because management ports have
lower performance and cannot meet the performance requirement for Stateful Failover.
Thanks in advanceHi,
I have 2x ASA5580-20 with 8x1GE interfaces and additional 2x 10GE interfaces each. Software version running is v8.4.4.1.
I am planning to use them in multiple context (active/active) transparent mode. Taking into account the FW performance of 5Gbps real-world traffic per ASA5580-20, which on the following interface configurations would make the most sense?
Option 1:
2x10GE = 20GE Etherchannel for Data
1x1GE LAN Failover
1x1GE STATE Failover
Option 2:
1x 10GE Data
1x 10GE LAN & STATE Failover
Option 3:
2x10GE = 20GE Etherchannel for Data
4x1GE = 4GE Etherchannel for LAN/STATE Failover (possibly up to 8x1GE)
(etherchannel for LAN/STATE Failover actually does not make much sense, since only one interface wll be used anyway)
Option 4:
1x10GE LAN & STATE Failover
8x1GE = 8 GE Etherchannel for Data
I have read several guides (e.g. link1, link2, link3). Some state that 1GE Failover interfaces would suffice for the ASA5580, others recommend a link as fast as the data link. Almost none of them account for higher bandwidth etherchannels.
What is recommended in this case? Both Firewalls will be connected to one VSS Switch Pair, so it would make sense to cross-connect with at least 2 links on each VSS member.
The ASA does not support connecting an EtherChannel to a switch stack. If the ASA EtherChannel is connected cross stack, and if the Master switch is powered down, then the EtherChannel connected to the remaining switch will not come up. (http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html)
Thanks in advance for your feedback! -
Cdp neighbour shows the same switch as neighbour and the connected switch
Hi
I have a problem here , cdp neighbor shows the same switch as the neighbor and the real connected switchh . I know it will show only the real connected switch if i shut and no sh . What i just want know is it a symptom for something else
Dist#sh cdp neighbors Gig 10/10
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Sw1
Gig 10/10 130 S I WS-C3560- Gig 0/3
Dist
Gig 10/10 156 R S I WS-C6513 Gig 10/10
Thank youHI,
Did you did shut and no shut in the interface. ?
Is it working fine.?
is it fiber connected cable connected with these devices ?
Regards,
Gurudath K S -
Redundant Failover link on ASA5500 Series?
Cisco recommends connecting failover link over L2 switch in thier document.
But if L2 switch fails, both ASA's failover I/F will down.
I wonder if there is any way to get redundancy for failover link, like etherchannel.
Or should I prepare two L2 switches to avoid both ASA's I/F down?
Any hints appriciated.Even if both of the failover interfaces go down it wont affect the traffic flow. Also if the switch is being monitored this will get detected and can be solved easily. If you still want redundant failover links, using seperate switches will be good idea.
-
Help with positioning text links over image
I'm creating a five page site with a different background
color for each horizontal nav bar. I created a solid color graphic
(780 x 30) and inserted it into my div. I now want to place my text
links over the graphic but I can't seem to do it. It keeps
appearing underneath. Someone recommended using a table and I'm
wondering if this would be easier.
Thanks!You have to use the image as a background image in your
'navcontainer' <div>
#navcontainer {
background-image: url(images/nav_services.gif);
background-repeat: no-repeat;
If you actually insert the image into the page, as you have
done, it
WILL push the text links down because its ABOVE them on the
page.
Ruby7829 wrote:
> I'm creating a five page site with a different
background color for each
> horizontal nav bar. I created a solid color graphic (780
x 30) and inserted it
> into my div. I now want to place my text links over the
graphic but I can't
> seem to do it. It keeps appearing underneath. Someone
recommended using a
> table and I'm wondering if this would be easier.
>
> Thanks!
>
> <div id="navcontainer"><img
src="images/nav_services.gif" />
> <ul id="navlist">
> <li id="active"><a href="test_index.html"
id="current">Home</a></li>
> <li><a
href="test_services.html">Services</a></li>
> <li><a
href="test_faq.html">FAQ</a></li>
> <li><a
href="test_testimonials.html">Testimonials</a></li>
> <li><a
href="javascript">Contact</a></li>
> </ul>
> </div>
>
>
> #navcontainer ul
> {
> text-align: center;
> padding: 0px 0px;
> margin: 0;
> color: white;
> width: 100%;
> line-height: 18px;
> }
>
> #navcontainer ul li
> {
> display: inline;
> padding-left: 0;
> padding-right: 0;
> padding-bottom: 5px;
> /* matches link padding except for left and right */
> padding-top: 5px;
> }
>
> #navcontainer ul li a
> {
> padding-left: 10px;
> padding-right: 10px;
> padding-bottom: 5px;
> padding-top: 5px;
> color: white;
> text-decoration: none;
> }
>
> #navcontainer ul li a:hover
> {
> color: #CCCC99;
> }
> -
I can't get the leapfrog connect to open. It says something about the Testgen fonts. Please help.
I need help with the leapfrog connect application. It won't open and it keeps saying something about the font Testgen. Please help me if you can.
Considering that the "Most recent updates" link on the Leapfrog Connect homepage is dated November 2009, I wouldn't hold out too much hope that your software is compatible with Lion, released in July 2011.
-
I'm having trouble finding definitions for
"show failover history" responses. Phrases like the following:
Just Active
and
Active Drain
Any ideas?/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hi Jim,
Thanks for your post trying to find the documentation that shows definitions of ASA failover messages.
The responses can be found in Table 26-4 of the Cisco Security Appliance Command Reference, Version 7.2.
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1285887
Thanks,
Janel Kratky -
Can i use it as a sharing storage over the internet ?
plz, help me to know if time capsule supported to be sharing storage with the internet likns that i can share my file on it to any frind over the internet connection .
You cannot do it from a PC. There is no applications that will make a PC access AFP files. You cannot connect to the TC with SMB due to blocking of SMB by ISP as it is insecure.
The only way to do this is replace the current router with vpn one.. and use vpn from the remote computer to the router. The TC will be connected by bridge to the router and can be accessed by SMB ie windows networking. -
My iPhone 4 has lost SIM connection several times over the past week when the phone is left on continually. I have had the SIM checked and it was not the source of the problem. I have found that I can reactivate the SIM by switching the phone off and on again. Has anyone else experienced this problem and if so, is there an easy fix. I have been advised by Apple that the latest IOS update may overcome this situation but I'm only on slow download speeds and 690 Mb would take forever. I would appreciate any advice.
Best regards,
Rob.PinguXeF wrote:
, while I have taken a backup of the iTunes Library,
this means nothing if it was not done correctly...
To have EVERYTHING on a New Computer...
From your OLD computer...
Copy your ENTIRE iTunes FOLDER to an External Drive... and then from the External Drive to your New Computer..
Full Details Here > http://support.apple.com/kb/HT1751 -
Icon to connect to AV unit has disappeared - now won't connect itunes to my home theatre system.
Please keep the latest drivers for the network adapter, you can browser the manufacture website for the latest driver.
If you've already have the latest drivers, I suggest you remove all existing network profile including the issued one, then recreate the network connection, check this issue again.
Regards
Yolanda
TechNet Community Support -
ASAs failover pair which design is the best
Guys
I am designing the firewall solution. I have 2 ASA with 2 Switches. Please see the diagram design1 and design2. Let me know your thoughts. Design 1 uses a stacking cable with 2 switches but in a diagram it is represented as one due to lack of diagram availability. Design 2 uses 2 switches connected seperately. What are advantages of one over the another.?
Thanks in advance.By all means you can use a switch to interconnect both ASAs and it is not achieving anything different from using a cross-over cable for the purpose of deploying a state-full failover.
I have deployed at least 15 state-full failover ASAs over the course of 14 years of network career just by using a cross-over cable. If you weight pros and cons using a switch vs the cross-over cable. I would say cross-over cable have more pros than con and this is my take.
Nothing against Cisco but sometime Cisco recommendation also comes with sales and marketing strategy.
"Each interface should connect to a switch port so that the link status is always up"
So does the cross-over cable and there is an additional point of failure by a switch coming in between ASA and a switch that sending statefull sync data to standby ASA.
Thanks -
Link outage in Etherchannel causes interface down and failover Secondary Faild
Hi,
I have configured port-channel Firewall ASA5515-X and stacking switch WS-3750X. Also firewall configured as failover mode. Problem is that my active firewall connected switch port show green and working but standby firewall connected switch port shows orange color. When i inpute show failover command on firewall, secondary is faild. Please assist. Here is the below show command.
mdbl-int-fw-01# sho port-channel 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho interface port-channel 10
Interface Port-channel10 "inside", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Description: *** Connected to CORE-SW ***
MAC address 4c00.821d.511f, MTU 1500
IP address 10.98.8.97, subnet mask 255.255.255.248
Traffic Statistics for "inside":
56859 packets input, 3419130 bytes
148709 packets output, 16063580 bytes
56858 packets dropped
1 minute input rate 0 pkts/sec, 46 bytes/sec
1 minute output rate 2 pkts/sec, 216 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 46 bytes/sec
5 minute output rate 2 pkts/sec, 216 bytes/sec
5 minute drop rate, 0 pkts/sec
Members in this channel:
Active: Gi0/1 Gi0/2
mdbl-int-fw-01# sho port
mdbl-int-fw-01# sho port-channel sum
mdbl-int-fw-01# sho port-channel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
U - in use N - not in use, no aggregation/nameif
M - not in use, no aggregation due to minimum links not met
w - waiting to be aggregated
Number of channel-groups in use: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(U) LACP Gi0/1(P) Gi0/2(P)
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel bri
mdbl-int-fw-01# sho port-channel brief
Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel pro
mdbl-int-fw-01# sho port-channel protocol
Channel-group listing:
Group: 10
Protocol: LACP
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel det
mdbl-int-fw-01# sho port-channel detail
Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
Ports in the group:
Port: Gi0/1
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/1 SA bndl 32768 0xa 0xa 0x2 0x3d
Partner's information:
Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/1 SA bndl 32768 0x0 0xa 0x118 0x3d
Port: Gi0/2
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/2 SA bndl 32768 0xa 0xa 0x3 0x3d
Partner's information:
Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/2 SA bndl 32768 0x0 0xa 0x119 0x3d
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho fail
mdbl-int-fw-01# sho failover st
mdbl-int-fw-01# sho failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Ifc Failure 22:03:03 UTC Jan 8 2014
outside: No Link
dmz: No Link
mgt: No Link
inside: No Link
====Configuration State===
Sync Done
====Communication State===
Mac set
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
This host: Primary - Active
Active time: 74479 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.4): No Link (Waiting)
Interface dmz (10.98.56.3): No Link (Waiting)
Interface mgt (10.10.11.1): Unknown (Waiting)
Interface inside (10.98.8.97): Normal (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.6): No Link (Waiting)
Interface dmz (10.98.56.2): No Link (Waiting)
Interface mgt (0.0.0.0): No Link (Waiting)
Interface inside (10.98.8.98): No Link (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 12665 0 9929 0
sys cmd 9929 0 9929 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2735 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 7 9930
Xmit Q: 0 30 99581
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Ifc Failure 22:03:03 UTC Jan 8 2014
outside: No Link
dmz: No Link
mgt: No Link
inside: No Link
====Configuration State===
Sync Done
====Communication State===
Mac set
mdbl-int-fw-01# sho failover ?
descriptor Show failover interface descriptors. Two numbers are shown for
each interface. When exchanging information regarding a
particular interface, this unit uses the first number in messages
it sends to its peer. And it expects the second number in
messages it receives from its peer. For trouble shooting, collect
the show output from both units and verify that the numbers
match.
exec Show failover command execution information
history Show failover switching history
interface Show failover command interface information
state Show failover internal state information
statistics Show failover command interface statistics information
| Output modifiers
<cr>
mdbl-int-fw-01# sho failover inter
mdbl-int-fw-01# sho failover interface
interface failover GigabitEthernet0/3
System IP Address: 10.98.8.89 255.255.255.248
My IP Address : 10.98.8.89
Other IP Address : 10.98.8.90
mdbl-int-fw-01# sho failover stati
mdbl-int-fw-01# sho failover statistics
tx:995725
rx:980617
mdbl-int-fw-01# sho failover hi
mdbl-int-fw-01# sho failover history
==========================================================================
From State To State Reason
==========================================================================
02:16:40 UTC Jan 8 2014
Not Detected Negotiation No Error
02:16:48 UTC Jan 8 2014
Negotiation Just Active No Active unit found
02:16:48 UTC Jan 8 2014
Just Active Active Drain No Active unit found
02:16:48 UTC Jan 8 2014
Active Drain Active Applying Config No Active unit found
02:16:48 UTC Jan 8 2014
Active Applying Config Active Config Applied No Active unit found
02:16:48 UTC Jan 8 2014
Active Config Applied Active No Active unit found
==========================================================================
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
This host: Primary - Active
Active time: 74554 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.4): No Link (Waiting)
Interface dmz (10.98.56.3): No Link (Waiting)
Interface mgt (10.10.11.1): Unknown (Waiting)
Interface inside (10.98.8.97): Normal (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.6): No Link (Waiting)
Interface dmz (10.98.56.2): No Link (Waiting)
Interface mgt (0.0.0.0): No Link (Waiting)
Interface inside (10.98.8.98): No Link (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 12676 0 9938 0
sys cmd 9938 0 9938 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2737 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 7 9940
Xmit Q: 0 30 99677Hi Ganesan,
I am proposing a design like this. You can have the STP in pvst mode and have a different priority set for the core switch to make it core a as root bridge. There is nothing wrong with your design you have made you core switch which will be physically down to your firewall... but in real it comes on the top of your firewall as well... But spanning tree conf should be done properly to achieve this... I have proposed my design which is pretty simple but easy for troubleshoot....
You can have your firewalls connected to core switch on the down and can directly connected to router on outside... always core a -->py fw--rtra will be the primary path... if anything goes wrong then secondary line will come in to picture....
make sure that your hsrp will have high priority to ur core a vlan conf for the access switches.....
Please do rate for the helpful posts.
By
Karthik -
Hi,
We are setting up a new ASA which is in multi context mode. I was wondering if it is possible to setup redundant failover and state links? I know that it is possible to run failover on one link and state on another, or both over the same link, but is it possible to have both failover and state running on 2 links? For example, failover and state on ten1/0 as well as failover and state on ten1/1.
Hope I have explained my question well enough. If not I will try to explain better.
thanksI would suggest to make a redundant logical link and attach two physical links to it. Than during failover link configuration specify your redundant link as a failover link. Not sure if it works but dont see any obstacles for this solution to fail..
-
When I right click on a link "Open link in new tab" since a few days, it "jumps over" the tab to the right and opens in the tab next to that. How can I change this back to opening in the tab next to the page from which I opened as it used to be?
Start Firefox in [[Safe Mode]] to check if one of the add-ons is causing the problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
* Don't make any changes on the Safe mode start window.
See:
* [[Troubleshooting extensions and themes]]
* [[Troubleshooting plugins]]
If it does work in Safe-mode then disable all extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
* Use "Disable all add-ons" on the [[Safe mode]] start window to disable all extensions.
* Close and restart Firefox after each change via "File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit")
Maybe you are looking for
-
Hard Drive Failure on HP DV 6000 Pavilion laptop (dv6108nr) with Windows-XPsp3 OS - Need Data Recov
Hard Drive Failure on HP DV 6000 Pavilion laptop - Need Data Recovery Help HP Pavilion DV 6108 NR, RG365UA, purchased in late 2006 at Best Buy, with Windows XP, upgraded to Service Pack 3. It has a Fujitsu hard disk, 60 gigabyte, partitioned into C:
-
Tax codes not flowing into the PO
Hi We are using EBP 4.0. We are using the classic scenario. In the EBP system we have defined the tax codes and done the mapping to the tax codes in the backend system. We are creating a shopping cart and entering a tax code.The tax value gets calcul
-
Not able to pass values to variables in extended Tree class
Hi, I have a as class that extends from Tree, additionally this custom class defines new class level variables as follows: public class MyTree extends Tree { public var arrayColl:ArrayCollection; and i call this tree from mxml as follows: <customTree
-
Problem in Asset reversal using AB08
Hi We have a process where by all assets purchased are first put in CWIP account and later when put to use we capitalise. At that time i settle the cwip asset to normal asset. In one case I need to reverse the settlement T code AB08. When I try to d
-
Printing from Acrobat Adobe 8 Pro
I have a pdf document that has grey shaded boxes on most of the pages. It is a pdf that uses highlight fields so end users cann enter information and save it to the pdf without having to print the document out and fill it out by hand. The problem I