Configuration failover standbyFermé

Question

Bonsoir,

J'ai un soucis concernant une interface et sa standby :

Sur le FW1 : Je ping bien l'@IP déclarée, tout semble correct mais je ne peux atteindre l'@IP Standby du FW2
ping NOK, idem en inversant

La seule différence entre les deux configurations est dans "Control Point Interface States - interface number"

Comment faire pour modifier ce nombre ? 


fw1(config)# show Interface DMZ_LDAP detail
Interface Ethernet7.152 "DMZ_LDAP", is up, line protocol is up
        VLAN identifier 152
        MAC address 0000.0000.0000, MTU 1500
        IP address 1.1.1.1, subnet mask 255.255.255.248
  Traffic Statistics for "DMZ_LDAP":
        76768457 packets input, 3293455516 bytes
        95815493 packets output, 4468890625 bytes
        1966160 packets dropped
  Control Point Interface States:
        Interface number is 16                          ===> Nombre des interfaces actives
        Interface config status is active
        Interface state is active
  Control Point Vlan152 States:
        Interface vlan config status is active
        Interface vlan state is UP



fw2(config)# show Interface DMZ_LDAP detail
Interface Ethernet7.152 "DMZ_LDAP", is up, line protocol is up
        VLAN identifier 152
        MAC address 0000.0000.0000, MTU 1500
        IP address 2.2.2.2, subnet mask 255.255.255.248
  Traffic Statistics for "DMZ_LDAP":
        1 packets input, 40 bytes
        1297 packets output, 83332 bytes
        1 packets dropped
  Control Point Interface States:
        Interface number is 22                        ===> non 16, 22 étant le nombre total des interfaces
        Interface config status is active
        Interface state is active
  Control Point Vlan152 States:
        Interface vlan config status is active
        Interface vlan state is UP



D'avance merci pour votre aide

trunks.tr · Answer

Bonjour,

t'as fait un failover active/standby? quelle version de PIX? IOS?
puis sur la config que je vois la, l'adresse IP (2.2.2.2/29) de l'interface DMZ du FW se trouve pas dans le meme segement que l'@IP du FW 1 (1.1.1.1/29) ou tu l'as fait juste pour exemple?

fait un show failover stp

lmenez · Answer

Bonjour,

Voici le show failover demandé - 



fw1# sh failover
Failover On
Cable status: Normal
Failover unit Primary
Failover LAN Interface: N/A - Serial-based failover enabled
Unit Poll frequency 1 seconds, holdtime 10 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 14 of 250 maximum
Version: Ours 7.2(3), Mate 7.2(3)
Last Failover at: 13:23:30 CEDT Apr 11 2008
        This host: Primary - Active
                Active time: 16019280 (sec)
                  Interface FW_TO_RPVJ (10.25.31.125): Normal
                  Interface LBSSL_TO_ZE (10.25.16.102): Normal
                  Interface ZONE_PRESENTATION_WEB (10.25.18.254): Normal
                  Interface ZONE_PRESENTATION_CITRIX (10.25.15.254): Normal
                  Interface SERVICE_ZONE_APPLICATIVE (10.25.12.254): Normal
                  Interface SERVICE_ZONE_ECHANGE (10.25.16.158): Normal
                  Interface SERVICE_ZONE_PRESENTATION_WEB (10.25.24.126): Normal                                                                             
                  Interface SERVICE_ZONE_PRESENTATION_CITRIX (10.25.22.238): Nor                                                                             mal
                  Interface SERVICE_DMZ_REPLICATION (10.25.16.190): Normal
                  Interface SERVICE_DMZ_LDAP (10.25.16.134): Normal
                  Interface SERVICE_DMZ_C (0.0.0.0): Link Down (Not-Monitored)
                  Interface SERVICE_DMZ_D (0.0.0.0): Link Down (Not-Monitored)
                  Interface SERVICE_DMZ_E (0.0.0.0): Link Down (Not-Monitored)
                  Interface SERVICE_ZONE_INTRANET (10.25.14.222): Normal
                  Interface ZONE_ECHANGE (10.25.10.90): Normal
                  Interface DMZ_LDAP (10.25.10.198): Normal (Not-Monitored)
                  Interface DMZ_C (0.0.0.0): Link Down (Not-Monitored)
                  Interface DMZ_D (0.0.0.0): Link Down (Not-Monitored)
                  Interface DMZ_E (0.0.0.0): Link Down (Not-Monitored)
                  Interface ZONE_APPLICATIVE (10.25.14.3): Normal
                  Interface UNAFFECTED (0.0.0.0): Link Down (Not-Monitored)
                  Interface DMZ_REPLICATION (10.25.10.126): Normal
        Other host: Secondary - Standby Ready
                Active time: 0 (sec)
                  Interface FW_TO_RPVJ (10.25.31.124): Normal
                  Interface LBSSL_TO_ZE (10.25.16.101): Normal
                  Interface ZONE_PRESENTATION_WEB (10.25.18.253): Normal
                  Interface ZONE_PRESENTATION_CITRIX (10.25.15.253): Normal
                  Interface SERVICE_ZONE_APPLICATIVE (10.25.12.248): Normal
                  Interface SERVICE_ZONE_ECHANGE (10.25.16.157): Normal
                  Interface SERVICE_ZONE_PRESENTATION_WEB (10.25.24.125): Normal                                                                             
                  Interface SERVICE_ZONE_PRESENTATION_CITRIX (10.25.22.237): Nor                                                                             mal
                  Interface SERVICE_DMZ_REPLICATION (10.25.16.189): Normal
                  Interface SERVICE_DMZ_LDAP (10.25.16.133): Normal
                  Interface SERVICE_DMZ_C (0.0.0.0): Normal (Not-Monitored)
                  Interface SERVICE_DMZ_D (0.0.0.0): Normal (Not-Monitored)
                  Interface SERVICE_DMZ_E (0.0.0.0): Normal (Not-Monitored)
                  Interface SERVICE_ZONE_INTRANET (10.25.14.221): Normal
                  Interface ZONE_ECHANGE (10.25.10.88): Normal
                  Interface DMZ_LDAP (10.25.10.197): Normal (Not-Monitored)
                  Interface DMZ_C (0.0.0.0): Normal (Not-Monitored)
                  Interface DMZ_D (0.0.0.0): Normal (Not-Monitored)
                  Interface DMZ_E (0.0.0.0): Normal (Not-Monitored)
                  Interface ZONE_APPLICATIVE (10.25.14.5): Normal
                  Interface UNAFFECTED (0.0.0.0): Normal (Not-Monitored)
                  Interface DMZ_REPLICATION (10.25.10.125): Normal

Stateful Failover Logical Update Statistics
        Link : state Ethernet4 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         431138970  579        38399735   4075
        sys cmd         2352870    0          2352870    0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        386056141  571        33408521   3938
        UDP conn        32184517   8          1307224    130
        ARP tbl         10545442   0          1331120    7
        Xlate_Timeout   0          0          0          0
        VPN IKE upd     0          0          0          0
        VPN IPSEC upd   0          0          0          0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       36      41259242
        Xmit Q:         0       2       447156472
fw1#

L'interface posant problème a été provisoirement retiré du monitor-interface

merci

lmenez · Answer

Le dysfonctionnement a été résolu.Le problème provenait du fait que l’interface du Switch, sur lequel était brasser les PIX, se trouvait dans un mode vlan « ACCES » plutôt que TRUNK.

Configuration failover standby

3 réponses

Discussions similaires

Newsletters