Connect the eth0/2 ports using a VLAN
vlan 100 ! int range f 0/XX , f 0/XX no shut switchport host switchport access vlan 100 Any error when forcing failover? Trunking not necessary. I am also new at this. I am not sure if default configs on your switch will break the failover. Maybe somebody else can comment. From: imran mohammed [mailto:[email protected]] Sent: 17 October 2009 06:57 To: Johan Bornman Cc: Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam Subject: Re: [OSL | CCIE_Security] Active/standby failover on Qemu issues There is nothing in switch configs.They are just defaults.I didnt configure trunk on the port connected to firewall. Do i need to do that? Imran On Sat, Oct 17, 2009 at 10:24 AM, Johan Bornman <[email protected]> wrote: Can you sent the switch config's? From: imran mohammed [mailto:[email protected]] Sent: 17 October 2009 06:52 To: Johan Bornman Cc: Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam Subject: Re: [OSL | CCIE_Security] Active/standby failover on Qemu issues I did a no shut. Do I need to configure a trunk on the switch?? Imran On Sat, Oct 17, 2009 at 10:18 AM, Johan Bornman <[email protected]> wrote: Imran, Nothing obvious in your config that is I can see is wrong. 1. Did you "no shut" the eth0/2 int on the secondary asa? 2. Did you configure trunking, vlan's on the switches? Johan From: imran mohammed [mailto:[email protected]] Sent: 17 October 2009 06:40 To: Johan Bornman Cc: Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam Subject: Re: [OSL | CCIE_Security] Active/standby failover on Qemu issues Hi, Here is my config interface Ethernet0/0 nameif outside security-level 0 ip address 10.1.1.2 255.255.255.0 standby 10.1.1.3 ! interface Ethernet0/1 nameif inside security-level 100 ip address 20.1.1.2 255.255.255.0 standby 20.1.1.3 ! interface Ethernet0/2 description LAN/STATE Failover Interface ! interface Ethernet3 shutdown no nameif no security-level no ip address ! interface Ethernet4 shutdown no nameif no security-level no ip address ! ftp mode passive pager lines 24 mtu outside 1500 mtu inside 1500 failover failover lan unit primary failover lan interface FAIL Ethernet0/2 failover link FAIL Ethernet0/2 failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 **************************************************************************** ** failover failover lan unit secondary failover lan interface FAIL Ethernet0/2 failover link FAIL Ethernet0/2 failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 Please help me with. Is ur active/standby working Qemu ?? Regards Imran On Sat, Oct 17, 2009 at 9:59 AM, Johan Bornman <[email protected]> wrote: Send your configs please. From: [email protected] [mailto:[email protected]] On Behalf Of imran mohammed Sent: 17 October 2009 06:27 To: Dave Craddock Cc: Cisco certification; OSL CCIE Security Lab Exam Subject: Re: [OSL | CCIE_Security] Active/standby failover on Qemu issues Yes I can ping the interfaces and I have failover link configured.If I do the failover active that works. Regards Imran On Sat, Oct 17, 2009 at 1:22 AM, Dave Craddock <[email protected]> wrote: Can you ping the active and standby addresses on both sides of the firewalls And how have you got your failover link configured and connected? Dave From: [email protected] [mailto:[email protected]] On Behalf Of OSL CCIE Security Lab Exam Sent: 16 October 2009 20:03 To: Cisco certification; [email protected] Subject: [OSL | CCIE_Security] Active/standby failover on Qemu issues Hi All, The issue is iam doing active standby.I have got sw1 connected on outside and sw2 inside.To the switch are connected the routers. Iam able to ping the routers ie the traffic is going through the firewall primary.But iam not able to replicate the failover. Suppose if i enable monitor interface on inside and shut down the link on the sw2 where it is connected to inside interface i cannot see the failover happening. when i do show monitor interface everything shows normal.even if i remove the link.So how should i create the failover scenario. I Regards Imran
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
