Synchronizing a failover group
I recentl;y upgraded my primary server to version 4. I then upgraded a backup server and tried to synchronize it to the primary but for some reason it keeps telling me that I need to upgrade the secondary. I have removed the sunray software and re-installed it several times now but always with the same result.
When I execute the "utdssync" command I see the following...
# ./utdssync
... server sunray-primary.domain.edu is already using the new SRDS default port.
Error: SunRay software on server sunray-secondary.domain.edu has not been upgraded.
You must upgrade all the servers within the failover group to
2.0 or later and have the secondary servers configured properly before
you can transition to the new SRDS port.
I have checked each log and see nothing with the appropriate time stamps so I don't have a clue...
Any advice would be appreciated...I have googled and see nothing so far.
Jon
Message was edited by:
Jon_Oliver
The message is caused by a bug in utdssync. It's looking for a very specific string in a response from the remote server, and that string has been changed (by accident, I bet) in SRSS 4.0. So utdssync does not interpret the response correctly.
However, it's unlikely that you need to run utdssync anyway. All it does is to make sure
that the Sun Ray DS instance on each of the servers in the group is listening on port 7012 rather than on the default LDAP port (389) that the Sun Ray DS used to use in releases prior to 2.0. You can check that the DS is using 7012 by grep'ing for 'admin.server.port' in /etc/opt/SUNWut/utadmin.conf on each server. The result should be:
% grep admin.server.port /etc/opt/SUNWut/utadmin.conf
admin.server.port = 7012
Similar Messages
-
Do i need to configure failover group for load balancing? srs3.1
hello
we are installing ssrs3.1 on two sunfire v210 for 20 sunrays
do i have to configure a failover group in order to have load balancing?
thxthx a lot..
finally yes it needs the failover to work with load balancing -
Synchronous Writethrough Cache Group in 11.2.1.6.1
Hello,
I have created the following SWT cachegroup -
Cache Group CACHEADM.ENT_GRP_SWT_CG:
Cache Group Type: Synchronous Writethrough
Autorefresh: No
Aging: No aging defined
Root Table: TRAQDBA.ENT_GRP
Table Type: Propagatebased on this DDL
create synchronous writethrough cache group CACHEADM.ENT_GRP_SWT_CG
from
TRAQDBA.ENT_GRP (
GRP_REPRESENTATIVE NUMBER(12) NOT NULL DEFAULT 0,
GRP_PARENT_KEY NUMBER(12) NOT NULL,
GRP_MEMBER_KEY NUMBER(12) NOT NULL,
EVIDENCE_KEY NUMBER,
NAME_SCORE NUMBER(3) NOT NULL,
ADDRESS_SCORE NUMBER(3),
DATE_TIME TIMESTAMP(6),
ALERT_ID NUMBER,
OLD_GRP_REPRESENTATIVE NUMBER(12),
primary key (GRP_MEMBER_KEY));When I attempt to insert a row into the cachegroup via ttisql I get the following error -
Command> insert into ent_grp values (1,1,1,null,100,null,sysdate,null,null);
5213: Bad Oracle login error in OCISessionBegin(): ORA-01017: invalid username/password; logon denied rc = -1
5131: Cannot connect to backend database: OracleNetServiceName = "TRAQQA.world", uid = "TRAQDBA", pwd is hidden, TNS_ADMIN = "/app1/oracle/network", ORACLE_HOME= "/opt/oracle-local/home/oracle"
The command failed.When connecting to ttisql I supplied the timesten table owner userid and password. I know that if I supply the oracle password at connect time that the insert will work.
I have AWT cachegroups defined, for example -
Cache Group CACHEADM.EXCLUDED_GRP_ENTITY_AWT_CG:
Cache Group Type: Asynchronous Writethrough
Autorefresh: No
Aging: No aging defined
Root Table: TRAQDBA.EXCLUDED_GRP_ENTITY
Table Type: Propagateand I can insert into these cachegroups without the need to supply the oracle password. For example -
Command> autocommit 0
Command> insert into EXCLUDED_GRP_ENTITY values (1,'1',1,1,1,sysdate,1);
1 row inserted.If this behaviour correct? Do I need to supply the oracle password for SWT cachegroups and not AWT cachegroups?
Thanks in advance.
MarkHi Chris,
Thanks very much for the information. One other thing we have noticed with the SWT cachegroups that you may be able to comment on - we are using stored procedures in the cache as API's on each of our tables. The stored procedures are owned by the same schema that owns the tables underneath the cache groups. We have an application user that has execute permission on the stored procedures and our java application connects to the application user to execute the stored procedures. We have found when, for example, we insert into the SWT cachegroup via the stored procedures a connection is made to the Oracle server using the userid that owns the stored procedure, not the userid that we have connected to TimesTen with. In our case the connection fails as we are supplying the application users oracle password in OraclePWD and not the schema owners password. Is this the expected behaviour when using stored procedures?
Regards
Mark
Edited by: user557876 on Apr 7, 2011 10:21 PM -
Handling two independent failover groups in a remote shared subnet env.
I have have two Sun Ray(server) failover groups, both on the same subnet.
The first group offers a Solaris desktop and the other SLES 10.
Some of my end users prefer Linux and some prefer Solaris.
How can I direct a Linux user to my SLES Sun Ray server and how can I direct a Solaris user to my Solaris installation?
All of the Sun Ray clients are on the same client subnet, and the client subnet are separated form the Sun Ray server subnet by a firewall. I have a DHCP server on the primary Solaris Sun Ray server and a DHCP server on the primary SLES Sun Ray server.
Further I have two DHCP helpers on the client subnet, each pointing to one of the DHCP servers.
We are using smartcards, are there any way I can "add" a preferece to the token?
My initial idea was to mix all four (2 x Solaris and 2 x Linux) in the same failover group, but some place I have read that it is not smart to mix Solaris and Linux in the same failover group.
Can I use the "pop up GUI" feature on the clients to configure any prefered server?
Kindest,
TorHi,
You are able to redirect users to a FOG based on the token information of unit and/or smartcard.
check here to get you going:
http://blogs.sun.com/bobd/resource/Getting%20Started%20with%20AMGH.html
patrick -
Hi there,
Does anyone have any experience / documentation on setting up failover groups in VDS?
Penka Tatarova / Fedya Toslev / Alexander Zubev / Gerlinde Zibulski / Kristian Lehment ?
Thanks,
MattSolved this one. Wrote it up in Setting up Failover in SAP VDS
-
Failover group STATIC/DHCP
I setting up a couple of sun ray server in a failover group, but I have to setup static IP to the sunrays thin clients. There is any incovenient instead of using DHCP?
I must manually set the auth and server list ?? please let me know..NAT allows network connectivity to the outside world, but the host cannot be actively reached from the outside. Host Networking (aka bridging) allows other hosts to connect the machine from the outside. NAT is the better choice if you want to prevent external access to the desktop, Host Networking is the choice if you want to allow access to that desktop from the outside, for example if the desktop offers services to other machines. xVM RDP allows you to see the machine booting or even to look at a BSOD as it "watches from the outside". MS RDP is only available when to desktop is up and (correctly) running but offers faster multimedia support.
-
Users getting disconnected when the sap cluster group failover happens.
Hello all,
We have done the HA installation on mysaperp2005(ecc6.0).
The failover groups are sapcluster group(ascs+scs instance) and the Database(DB group).The central and the dialog instances are installed locally and do not form the part of the cluster.
When ever the sapcluster group failover to the second node.The users gets disconnected and need to login again.
How can we configure the nodes so that the users do not get disconnected during the failover of the sap groups and the users are not disturbed.
thanks
satyajitHi Satyajit,
This is exactly the reason why it is called High Availability and not Full Availability.
When the node where Database runs fails, the memory structure (Instance) associated with the Database is lost and needs to be restarted on the other node. This means that all the transactions which have not been commited to the database needs to be rolled back. Hence the users doing insert/updates into the database will be disconnected from the System.
While the database is unavailable the Work processes go into a restart mode wherein they wait for the DB to come up again and keep pining it.
Database becomes available again after the Instance is started on the other node with Instance recovery and the users can connect back. Work processes recognize that the database is available and everything is back to normal.
In case of Central Instance (enqueue) failover, the lock information is lost and hence again the transactions need to be rolled back hence the users will be disconnected if they are doing an Insert/Update into the System. System becomes available once the Enqueue service is made available again after the failover.
So in either case there will be user disconnects as HA doesnot cover the memory structure failovers.
Hope this clears it up for you.
Thanks and Best Regards,
Sunil. -
Cisco asa security context active/active failover
Hi,
I have two Cisco ASA 5515-X appliance running OS version 8.6. I want to configure these two appliance in multiple context mode mode.
Each ASA appliance will have two security context named "ctx1" & "ctx2".
I have to configure failover on these two ASA appliance such that "ctx1" will be active in one ASA box and "ctx2" will be active and process the traffic on second box to achieve this i will configure two failover group 1 & 2. And assign "ctx1" interfaces in failover group 1 and "ctx2" interface to group 2.
I am a reading a book on failover configuration in active/active in that below note is mentioned.
If an interface is used as the shared interface between multiple contexts, then all of those contexts need to be in the same failover redundancy group.
What this means? can someone please explain because i also want to use a shared interface which will be used by "ctx1" & "ctx2". In this case shared interface can be used in failover group 1 & 2 ?
Regards,
NickYout will have to contact [email protected] or open a TAC case in order to have a new activation key generated. They can do that once they confirm your eligibility.
-
Active/Standby And failover link configuration mode
Hi everyone,
When config failover link of ASA in Active Standby mode.
When we config failover int say gi0/1
config t
int gi0/1
failover lan int gi0/1
Need to confirm we do this from interface config mode only or we can do this from global config also ????????
Whe we assign IP to this int we do that from global config mode ????
Regards
Mahesh
Message was edited by: mahesh parmar
Message was edited by: mahesh parmarHi,
Actually the ASA lets you insert a lot of command what ever mode you are under.
In the output you posted is a very important thing to notice
configure mode commands/options:
WORD Specify the interface name
As you can see, the output lists only one option and before that it mentions that this is a "configure mode" command
So even if you entered the command under the interface configuration mode, it would still be entered as a global/configure command mode.
Take the following thing for example
I want to check what configuration options I have with the command "failover"
So I enter the following to my ASA
ASA(config)# failover ?
configure mode commands/options:
interface Configure the IP address to be used for failover and/or
stateful update information
interface-policy Set the policy for failover due to interface failures
key Configure the failover shared secret or key
lan Specify the unit as primary or secondary or configure the
interface and vlan to be used for failover communication
mac Specify the virtual mac address for a dynamic interface
polltime Configure failover poll interval
timeout Specify the failover reconnect timeout value for
asymmetrically routed sessions
exec mode commands/options:
active Make this system to be the active unit of the failover pair
exec Execute command on the designated unit
reload-standby Force standby unit to reboot
reset Force a unit or failover group to an unfailed state
As you can see, the ASA tells us that there are different additional command parameters after the "failover" command that can be used. Some of them can be used either in Exec or Configuration mode.
- Jouni -
FWSM Failover configuration - One Context
Hi,
Is it possible to configure only one context in H.A. in FWSM? , yesterday I tried to configure this but I can´t .
Please check my configuration and tell me your opinon, or not is possible , maybe I have to configure all context in H.A.
This message appears in the console when I active the FAILOVER
Nov 23 2011 19:20:04: %FWSM-1-105002: (Secondary) Enabling failover.
Nov 23 2011 19:20:08: %FWSM-1-105038: (Secondary) Interface count mismatch
Nov 23 2011 19:20:08: %FWSM-1-104002: (Secondary) Switching to STNDBY - Other unit has different set of vlans configured
Nov 23 2011 19:20:11: %FWSM-1-105001: (Secondary) Disabling failover.
Nov 23 2011 19:23:58: %FWSM-6-302010: 0 in use, 46069 most used
FWSM-Primario# show failover
Failover On
Failover unit PrimaryFailover LAN Interface: FAILLINK Vlan 1100 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 1 of 250 maximum
failover replication http
Config sync: active
Version: Ours 4.1(5), Mate 4.1(5)
Last Failover at: 19:18:35 UTC Nov 23 2011
This host: Primary - Active
Active time: 1125 (sec)
admin Interface inside (10.1.1.1): Normal (Not-Monitored)
admin Interface outside (20.1.1.1): No Link (Not-Monitored)
FW-GoB-Fija Interface WASOB2N-SISOB2N-Fija (10.115.30.36): Normal (Waiting)
GESTION-WAS Interface OUTSIDE (10.116.20.22): Normal (Not-Monitored)
GESTION-WAS Interface U2000 (10.123.20.1): Normal (Not-Monitored)
Other host: Secondary - Cold Standby
Active time: 0 (sec)
admin Interface inside (0.0.0.0): Unknown (Not-Monitored)
admin Interface outside (0.0.0.0): Unknown (Not-Monitored)
FW-GoB-Fija Interface WASOB2N-SISOB2N-Fija (10.115.30.37): Unknown (Waiting)
GESTION-WAS Interface OUTSIDE (0.0.0.0): Unknown (Not-Monitored)
GESTION-WAS Interface U2000 (0.0.0.0): Unknown (Not-Monitored)
Stateful Failover Logical Update Statistics
Link : STATELINK Vlan 1101 (up)
Stateful Obj xmit xerr rcv rerr
General 0 0 0 0
sys cmd 0 0 0 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
AAA tbl 0 0 0 0
DACL 0 0 0 0
Acl optimization 0 0 0 0
OSPF Area SeqNo 0 0 0 0
Mamba stats msg 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 0 0
Xmit Q: 0 0 0
FWSM-Primario#
FWSM-Primario#
The configuration in the SW-6500
SW-PRIMARY#sh run | in fire
firewall multiple-vlan-interfaces
firewall module 3 vlan-group 1,2
firewall vlan-group 1 10,20,25,400,1709
firewall vlan-group 2 1100,1101,1111,1112
SW-SECUNDARY#sh run | in fire
firewall multiple-vlan-interfaces
firewall module 3 vlan-group 1,2
firewall vlan-group 1 900,1709
firewall vlan-group 2 1100,1101,1111,1112
ip subnet-zero
FWSM-Primario(config)# sh run
: Saved
FWSM Version 4.1(5) <system>
resource acl-partition 12
hostname FWSM-Primario
hostname secondary FWSM-Secundario
domain-name cisco.com
enable password 8Ry2YjIyt7RRXU24 encrypted
interface Vlan10
interface Vlan29
shutdown
interface Vlan400
interface Vlan1100
description LAN Failover Interface
interface Vlan1101
description STATE Failover Interface
interface Vlan1111
description FWSW_7200_GoB_Fija
interface Vlan1112
description FWSW_7200_GoB_BA
interface Vlan1709
passwd 2KFQnbNIdI.2KYOU encrypted
class default
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
limit-resource All 0
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface FAILLINK Vlan1100
failover replication http
failover link STATELINK Vlan1101
failover interface ip FAILLINK 10.115.30.17 255.255.255.252 standby 10.115.30.18
failover interface ip STATELINK 10.115.30.21 255.255.255.252 standby 10.115.30.22
failover group 1
preempt
replication http
no asdm history enable
arp timeout 14400
console timeout 0
admin-context admin
context admin
allocate-interface Vlan10
allocate-interface Vlan29
config-url disk:/admin.cfg
context GESTION-WAS
allocate-interface Vlan1709
allocate-interface Vlan400
config-url disk:/GESTION-WAS
context FW-GoB-Fija
allocate-interface Vlan1111
allocate-interface Vlan1112
config-url disk:/FW-GoB-Fija.cfg
join-failover-group 1
prompt hostname context
Cryptochecksum:8b5fabc676745cfbafd6569c623a98b1
: end
SECUNDARY FIREWALL.
FWSM# sh run
: Saved
FWSM Version 4.1(5) <system>
resource acl-partition 12
hostname FWSM
domain-name cisco.com
enable password S13FcA2URRiGrTIN encrypted
interface Vlan100
shutdown
interface Vlan900
interface Vlan1100
description LAN Failover Interface
interface Vlan1101
description STATE Failover Interface
interface Vlan1111
interface Vlan1112
interface Vlan1709
passwd 2KFQnbNIdI.2KYOU encrypted
class default
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
limit-resource All 0
ftp mode passive
pager lines 24
no failover
failover lan unit secondary
failover lan interface FAILLINK Vlan1100
failover replication http
failover link STATELINK Vlan1101
failover interface ip FAILLINK 10.115.30.17 255.255.255.252 standby 10.115.30.18
failover interface ip STATELINK 10.115.30.21 255.255.255.252 standby 10.115.30.22
failover group 1
preempt
replication http
no asdm history enable
arp timeout 14400
console timeout 0
admin-context PCBA-NAT
context PCBA-NAT
allocate-interface Vlan1709
allocate-interface Vlan900
config-url disk:/PCBA-NAT
context FW-GoB-Fija
allocate-interface Vlan1111
allocate-interface Vlan1112
config-url disk:/FW-GoB-Fija
join-failover-group 1
prompt hostname context
Cryptochecksum:c7529707b6d10d02c296a57253a925b2
: end
FWSM#
I WILL APRECIATE YOUR COMMENTS, BECAUSE IT´S IMPORTANT , THE FWSM SUPPORT FOR DEFAULT 3 CONTEXT.
Regards,
Robert Soto.Hi Robert,
Unfortunately no, this is not possible.
Since you enable failover at the system level, all contexts will particpate in failover and there is no way to change this.
Additionally, both firewalls in the failover pair must have identical licenses, VLANs, and software versions in order for failover to work properly.
-Mike -
ASA 5585-X multiple bridge-groups expected behaviour
Hi all,
suppose a deploy of an asa5585-x in transparent mode made by two bridge-groups (2 interfaces each).
Now suppose that a new traffic flow in direction north-south traverses the bvi1. What's the expected behavior if the traffic going back (south-north) will traverse the bvi2? Will be that traffic correctly recognized as part of the flow previously detected?
Regards.
A.M.Discovered today that the 'fix' I mention above is more of a workaround, because when I initiated a manual failover for one of the failover groups, the alerts returned. And the failover status was again on Normal (Waiting) for a couple of monitored logical interfaces.
I was able to workaround the problem as described above. -
Sap not starting during manual failover testing
Dera friends,
We are performing manual failover testing between CI(sap central instance) and DB(oracle database)
the environment is ECC6.0 on AIX server
CI is running on one server and DB is running on another, during manual testing we have failed the DB, so now DB file systems has got mounted on CI server.
So when i log into CI with user as shown below (sid-irp)
su - irpadm
and the execute the command as shown below
irpadm 6> startsap
i get the following message
PRDCIXI:irpadm 6> startsap
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
Checking IRP Database
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
ABAP Database is not available via R3trans
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
Starting SAP-Collector Daemon
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
15:03:05 26.09.2008 LOG: Effective User Id is root
This is Saposcol Version COLL 20.94 700 - AIX v10.35 5L-64 bit 070123
Usage: saposcol -l: Start OS Collector
saposcol -k: Stop OS Collector
saposcol -d: OS Collector Dialog Mode
saposcol -s: OS Collector Status
The OS Collector (PID 1101932) is already running .....
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
saposcol already running
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
ABAP Database IRP must be started on remote server
===============================================
why am i getting this "ABAP Database IRP must be started on remote server" message.
What could be the cause for my database not comming up & why is it looking for remote server, when all the DB filesystems have got mounted on CI server (the server that has CI installed)
We are in a bad shape and the issue is quite crticial.
Your reply would be highly appreciated.
Regards
Ayush> how can i check wether the directories are missing or not...
mount?
> Also how can i check it wether they are assigned to failover group or not.
Ayush, no offense, but I suggest you contact your AIX guy and check with him together. It's very cumbersome to write down command by command, get the outpu t back and you have no clue what you are doing. Again, no offense.
Markus -
"has no ifIndex" Errors while failing a IPMP group
Hi,
I have a solaris 10 on x86 server, with a IPMP failover group configured,the Ips are dummys:
[root@vm2:/]# cat /etc/hostname.e1000g2
vm2 netmask + broadcast + group sc_ipmp0 up \
addif 11.0.0.110 deprecated -failover netmask + broadcast + up
[root@vm2:/]# cat /etc/hostname.e1000g3
11.0.0.111 deprecated group sc_ipmp0 -failover standby up
[root@vm2:/]# uname -a
SunOS vm2 5.10 Generic_142910-17 i86pc i386 i86pc
[root@vm2:/]#
e1000g2: flags=9000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER> mtu 1500 index 2
inet 11.0.0.102 netmask ffffff00 broadcast 11.0.0.255
groupname sc_ipmp0
ether 8:0:27:1d:69:a9
e1000g2:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4> mtu 1500 index 2
inet 11.0.0.105 netmask ffffff00 broadcast 11.0.0.255
e1000g2:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4> mtu 1500 index 2
inet 11.0.0.104 netmask ffffff00 broadcast 11.0.0.255
e1000g2:3: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2
inet 11.0.0.110 netmask ffffff00 broadcast 11.0.0.255
e1000g3: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 6
inet 11.0.0.111 netmask ffffff00 broadcast 11.0.0.255
groupname sc_ipmp0
ether 8:0:27:9e:57:93
To test it out I unplug the e1000g2 card, and the IP failover works ok for the logical interfaces, but not for the main ip(11.0.0.102) I get the following messages in dmesg:
Sep 29 15:51:37 vm2 e1000g: [ID 801725 kern.info] NOTICE: pci8086,100e - e1000g[2] : link down
Sep 29 15:51:37 vm2 in.mpathd[269]: [ID 215189 daemon.error] The link has gone down on e1000g2
Sep 29 15:51:37 vm2 in.routed[390]: [ID 238047 daemon.warning] interface e1000g2 to 11.0.0.102 turned off
Sep 29 15:51:37 vm2 in.mpathd[269]: [ID 594170 daemon.error] NIC failure detected on e1000g2 of group sc_ipmp0
Sep 29 15:51:37 vm2 in.mpathd[269]: [ID 832587 daemon.error] Successfully failed over from NIC e1000g2 to NIC e1000g3
Sep 29 15:51:37 vm2 in.routed[390]: [ID 970160 daemon.notice] unable to get interface flags for e1000g2:1: No such device or address
Sep 29 15:51:37 vm2 in.routed[390]: [ID 472501 daemon.notice] e1000g2:1 has no ifIndex: No such device or address
Sep 29 15:51:37 vm2 in.routed[390]: [ID 970160 daemon.notice] unable to get interface flags for e1000g2:2: No such device or address
Sep 29 15:51:37 vm2 in.routed[390]: [ID 472501 daemon.notice] e1000g2:2 has no ifIndex: No such device or address
ifconfig -a output of the failed device:
e1000g2: flags=19000803<UP,BROADCAST,MULTICAST,IPv4,NOFAILOVER,FAILED> mtu 1500 index 2
inet 11.0.0.102 netmask ffffff00 broadcast 11.0.0.255
groupname sc_ipmp0
ether 8:0:27:1d:69:a9
e1000g2:3: flags=19040803<UP,BROADCAST,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,FAILED> mtu 1500 index 2
inet 11.0.0.110 netmask ffffff00 broadcast 11.0.0.255
e1000g3: flags=29040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY> mtu 1500 index 6
inet 11.0.0.111 netmask ffffff00 broadcast 11.0.0.255
groupname sc_ipmp0
ether 8:0:27:9e:57:93
e1000g3:1: flags=21040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,STANDBY> mtu 1500 index 6
inet 11.0.0.105 netmask ffffff00 broadcast 11.0.0.255
e1000g3:2: flags=21040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,STANDBY> mtu 1500 index 6
inet 11.0.0.104 netmask ffffff00 broadcast 11.0.0.255
What i'm doing wrong ?, I thought the 11.0.0.102 IP should failover to the e1000g3 interface alsoOk, sorry I found out it was the -failover parameter in e1000g2, if only I read a bit..
thnx -
Hi Folks,
Firstly is this the right forum to post threads about FWSM's. We have 2 FWSM's in two seperate 6500 switches. There are a number of contexts on each FWSM.
I want to fail a context from one FWSM over to the other 6500 and FWSM. Can you tell me how I can do that? Do I need to do it in the admin context and do I need to do it on the admin context of each 6500?
Thanks,
NetterHi Jennifer,
Great, yes we have a group 1 and a group 2 and some contexts live on each 6500. I cannot failover the whole group as its operational and I just want to failover the test context I am working on.
So I will have to move the context from one failover group to the next as you suggested. What is the best way to do this? Which admin context do I change it on first or does it matter? Should I change it on the context where it is currently live and then hop on the other 6500 and change it there?
do I need to do a no command first like this?
no join-failover-group 2
then
join-failover-group 1
on both admin contexts. -
Hey guys,
Just doing some studying and running into something that I am not quiete understanding...
If i have 2 firewall's in Active/Active Stateful failover mode and 2 contexts (E1 and E2). Let's say ASA1 has E1 as the active context and ASA2 has E2 as the active context. E2 is the only context used to connect Router_X. If I need to permit traffic to Router_X, would I make the ACL in the ASA1 E2 context (secondary) or in the ASA2 E2 context (primary)?
I completed an Active\Active Statuful failover configuration between 2 firewalls, but once I was finished I remembered that i didn't configure the failover group 2 as secondary (problem). So i went ahead and make the configuration change, once I did so I entered the commands NO FAILOVER/FAILOVER to "resynch" the configurations between the 2 firewalls. Is this necessary or couldn't I just perform a WRITE on the primary ASA?
Is there any command that will verify that each of the configurations on both firewalls are syncrhonized?
Thanks ahead of time guys!Hi Kenneth,
Here are your answers:
1. If you need to make changes, always do that on the active context, replication is always done from active to standby, so you need to make changes on E2 active context on ASA2.
2. You need not do this everytime, just do a write mem or write standby, that would save teh configuration on the standby context as well.
3. There is no command to verify the command replication, you can check the status of the contexts through "show failover" in the system context, if they show active and standby, then everything is fine. You can study different failovers status's from here:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1285409
Hope that helps
Thanks,
Varun Rao
Security Team,
Cisco TAC
Maybe you are looking for
-
Can you remove the camera white balance setting in Aperture
I have a Canon 7D and use Aperture for processing and storing my images. With the Canon I shoot both video and still and frequently adjust the white balance in the camera. I make a frequent mistake in leaving the wrong white balance setting on - eg
-
Revision: 11530 Author: [email protected] Date: 2009-11-06 13:23:05 -0800 (Fri, 06 Nov 2009) Log Message: Fix ASC-3790 (conditional expression in for loop causes verifier error) r=jodyer Ticket Links: http://bugs.adobe.com/jira/browse/ASC-3
-
Cannot import or see iphoto slide exported movie in imovie
I made a movie from slides in iphoto. I then decided that a caption might be nice, and went to imovie to add it. iMovie '08 is not able to read the file. It is a .mov, and other movies it reads are .mov, so I cannot fathom why it cannot be read. If I
-
Acquire/manipulate audio data from internet stream
I want to acquire the audio data from an audio stream (i.e. pandora, youtube, etc.) from the internet. If I can get this data and be able to play it/graph it/etc in Labview, I will be pleased. However, I'm not sure if this is even possible not know
-
I am currently building a site in Muse for a dentist. They would like to have new patients use the website to fill out registration forms. They are planning to use Open Dental internally and if the patients can fill the forms out online, it will impo