I also tried what Chris Schweigert has said the telnet break after shuting down the port on switch but in firewall it still shows normal.
Regards imran On Sat, Oct 17, 2009 at 3:45 PM, imran mohammed <[email protected]>wrote: > Hi , > > When I do the shutdown on the switch ASA is not able to recognise in the sh > monitor-interfce it shows normal.Even plugging of the link shows Normal, I > guess its not sensing the carrier , I tried with trunk I thought that would > work coz if the port shutdowns the DTP packets will stop and it will > failover but that didnt work. > > In the packet capture I see the SCPS packets with both source and > destination of ASA's inside interfaces.I guess these are something like > keepalive iam not sure. > > Let me know if you require more information. > > Regards > Imran > > > On Sat, Oct 17, 2009 at 11:17 AM, Tyson Scott <[email protected]> wrote: > >> Imran, >> >> >> >> When you shutdown the port on the switch what is the status on the ASA. >> Does it recognize that the switchport has been shutdown? >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Technical Instructor - IPexpert, Inc. >> >> >> Telephone: +1.810.326.1444 >> Cell: +1.248.504.7309 >> Fax: +1.810.454.0130 >> Mailto: [email protected] >> >> >> >> Join our free online support and peer group communities: >> http://www.IPexpert.com/communities <http://www.ipexpert.com/communities> >> >> >> >> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On >> Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, >> CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE >> Storage Lab Certifications. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *imran mohammed >> *Sent:* Saturday, October 17, 2009 1:02 AM >> *To:* Johan Bornman >> >> *Cc:* Cisco certification; OSL CCIE Security Lab Exam >> *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu >> issues >> >> >> >> One more thing during the qemu installation I use this command to make it >> >> ifconfig eth0 promisc up >> >> I have seen people using "ifconfig eth0 up" As i know for promisc it will >> process all the packet wether or not it is destined to it. >> >> Imran >> >> On Sat, Oct 17, 2009 at 10:27 AM, imran mohammed <[email protected]> >> wrote: >> >> There is nothing in switch configs.They are just defaults.I didnt >> configure trunk on the port connected to firewall. >> Do i need to do that? >> >> Imran >> >> >> >> On Sat, Oct 17, 2009 at 10:24 AM, Johan Bornman <[email protected]> wrote: >> >> Can you sent the switch config’s? >> >> >> >> *From:* imran mohammed [mailto:[email protected]] >> *Sent:* 17 October 2009 06:52 >> >> >> *To:* Johan Bornman >> *Cc:* Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam >> *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu >> issues >> >> >> >> I did a no shut. >> >> Do I need to configure a trunk on the switch?? >> >> Imran >> >> On Sat, Oct 17, 2009 at 10:18 AM, Johan Bornman <[email protected]> wrote: >> >> Imran, >> >> >> >> Nothing obvious in your config that is I can see is wrong. >> >> 1. Did you “no shut” the eth0/2 int on the secondary asa? >> >> 2. Did you configure trunking, vlan’s on the switches? >> >> >> >> Johan >> >> >> >> *From:* imran mohammed [mailto:[email protected]] >> *Sent:* 17 October 2009 06:40 >> *To:* Johan Bornman >> *Cc:* Dave Craddock; Cisco certification; OSL CCIE Security Lab Exam >> >> >> *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu >> issues >> >> >> >> Hi, >> >> Here is my config >> >> interface Ethernet0/0 >> nameif outside >> security-level 0 >> ip address 10.1.1.2 255.255.255.0 standby 10.1.1.3 >> ! >> interface Ethernet0/1 >> nameif inside >> security-level 100 >> ip address 20.1.1.2 255.255.255.0 standby 20.1.1.3 >> ! >> interface Ethernet0/2 >> description LAN/STATE Failover Interface >> ! >> interface Ethernet3 >> shutdown >> no nameif >> no security-level >> no ip address >> ! >> interface Ethernet4 >> shutdown >> no nameif >> no security-level >> no ip address >> ! >> ftp mode passive >> pager lines 24 >> mtu outside 1500 >> mtu inside 1500 >> failover >> failover lan unit primary >> failover lan interface FAIL Ethernet0/2 >> failover link FAIL Ethernet0/2 >> failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 >> icmp unreachable rate-limit 1 burst-size 1 >> no asdm history enable >> arp timeout 14400 >> >> >> ****************************************************************************** >> >> failover >> failover lan unit secondary >> failover lan interface FAIL Ethernet0/2 >> failover link FAIL Ethernet0/2 >> failover interface ip FAIL 40.1.1.2 255.255.255.0 standby 40.1.1.3 >> >> Please help me with. >> >> Is ur active/standby working Qemu ?? >> >> Regards >> Imran >> >> On Sat, Oct 17, 2009 at 9:59 AM, Johan Bornman <[email protected]> wrote: >> >> Send your configs please. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *imran mohammed >> *Sent:* 17 October 2009 06:27 >> *To:* Dave Craddock >> *Cc:* Cisco certification; OSL CCIE Security Lab Exam >> *Subject:* Re: [OSL | CCIE_Security] Active/standby failover on Qemu >> issues >> >> >> >> Yes I can ping the interfaces and I have failover link configured.If I do >> the failover active that works. >> >> Regards >> Imran >> >> On Sat, Oct 17, 2009 at 1:22 AM, Dave Craddock <[email protected]> wrote: >> >> Can you ping the active and standby addresses on both sides of the >> firewalls >> >> And how have you got your failover link configured and connected? >> >> >> >> Dave >> >> >> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of OSL CCIE >> Security Lab Exam >> Sent: 16 October 2009 20:03 >> To: Cisco certification; [email protected] >> Subject: [OSL | CCIE_Security] Active/standby failover on Qemu issues >> >> >> >> >> Hi All, >> >> >> The issue is iam doing active standby.I have got sw1 connected on >> outside and sw2 inside.To the switch are connected the routers. >> >> Iam able to ping the routers ie the traffic is going through the >> firewall primary.But iam not able to replicate the failover. >> >> Suppose if i enable monitor interface on inside and shut down the link >> on the sw2 where it is connected to inside interface i cannot see the >> failover happening. >> when i do show monitor interface everything shows normal.even if i >> remove the link.So how should i create the failover scenario. >> >> I >> Regards >> Imran >> >> >> >> >> >> >> >> >> >> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
