I think you're overdoing the solution when you have an almost zero downtime solution ni front of you. Just fail the first unit & let the 2nd take over. Then with the first one offline, upgrade it & let the failover..well...failover ;) When done just make sure the config is correct on the first one and do whatever it takes to get the first one back online. I've never tried just shutting the failover box off to see if it would trigger back to the first box with a different OS but even if that fails just reboot the first one and it should come back up happy. Now your network is back the way it was with only 2 very small windows of downtime. Upgrade 2nd PIX and hook up failover. If you're concerned about the primary taking over again when you're trying to upgrade, don't. Just boot it up hitting ESC so it doesn't load the config so you can manually give it an IP, subnet, gateway, and tftp server address. Without the config loaded it won't be part of the failover. Allen ----- Original Message ----- From: "Mark Smith" To: Sent: Friday, June 29, 2001 1:53 AM Subject: Recommendations on PIX upgrade [7:10380] > This may be a stupid question but that's never stopped me from asking before. > > At one site I have 2 UR 515's running in failover config. They are at 5.2(1) > software. I'd like to upgrade them but can only afford an absolute minimum > of down time (measured in seconds, maybe). From what I've read about the PIX > units, for failover to work, I believe each unit must be configured > identically - same hardware, OS version, configuration - or failover doesn't > work. > What my plan currently is to start by taking the standby PIX (PIX2) down and > do a 6.0.1 upgrade. I guess the question that I have is, and here comes the > stupid part, if I reconnect the two with PIX2 at 6.0.1 and PIX1 still at > 5.2(1) will anything bad happen (my hair fall out, I contract an incurable > STD, smoke come from either/both of the boxes)? Assuming that nothing > horrible happens, when I take the PIX1 box down to upgrade it will PIX2 (now > on a different OS version) detect that the hot PIX has dropped offline and > come up as in failover? If it won't on it's own can I do a "failover active" > or a similar command to force PIX2 to become active? Will the children play > well together again after I do a 6.0.1 upgrade on PIX1? Or will I have to > bring PIX2 down, upgrade it (while PIX1 is still up) and then bring PIX1 > down (leaving PIX2 down), upgrade it and then bring both back up together > once they are on the same OS version level? I realize that with a laptop > that has TFTP server software connected to PIX1 and has the pix601.bin image > on it the upgrade process doesn't take long. But if I choose the last method > of taking both boxes down that, by the time that cables are switched around > as required, box(es) are rebooted, bring the 2nd box up in monitor mode, > copy the image, reboot, reconnect failover cabling (as needed), the process > would probably measured in minutes of total down time before both would be > back online. That might as well be days as far as my bosses are concerned. > Just looking for alternatives. > Thanks for any advice/experience/thoughts. Sorry if this doesn't belong in > studygroup.com. I just know that there's a lot of experience and common > sense here. > > (END stupid questions) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10399&t=10380 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
