All Cisco-Network Study Notes: Initialization, Configuration Synchronization/Command Replicati

Initialization, Configuration Synchronization/Command Replication

When a unit boots up, the system failover group will contact the active peer to obtain the running configuration. If both units boot up at the same time, the System failover group of the Primary unit will become active and synchronize its configuration to the Secondary unit. After configuration syncing has finished, the state machine of the user failover group will start running to elect the active unit for each group and start the Active/Active failover.

Even though both units could be actively processing user traffic, the command replication is uni-directional. The command will be replicated to the peer only if failover group 1 is in active state. Users will be warned if they try to enter a configuration command from the standby unit. This means that a user context can be in the active state, but the user will need to enter commands from the user context of the standby unit if it is bound to failover group 2.

Configuration Examples

Work through the steps that follow to configure Active/Active Failover:

Step 1.

Verify that both units have exactly the same hardware configuration and proper license.

Step 2.

If a unit is in single context mode, use the command: mode multiple to bring it to multiple security contexts mode.

Step 3.

Configure the basic failover parameters in the system context of the primary unit. Example 3-26 shows the configuration needed for active/active failover.

Example 3-26. Active/Active Failover Setup

PIX(config)# failover lan unit primary
PIX(config)# failover lan interface folink ethernet2
PIX(config)# failover link stfo Ethernet3
PIX(config)# failover interface ip folink 1.1.1.1 255.255.255.0 standby 1.1.1.2
PIX(config)# failover interface ip stfo 2.2.2.1 255.255.255.0 standby 2.2.2.2
! This command is optional but recommended
PIX(config)# failover key cisco123
PIX(config)# failover lan enable
PIX(config)#

Step 4.

Use the failover group command to configure a failover group. Example 3-27 shows how to configure two failover groups with the preemption option.

Example 3-27. Failover Group Configuration

! Execute failover group command that will take you to the subcommand mode
PIX(config)# failover group 1
! Primary unit has higher priority
PIX(config-failover)# primary
! Preempt peer if bootup as Standby
PIX(config-failover)# preempt
PIX(config-failover)# exit
PIX(config)# failover group 2
! Secondary unit has higher priority
PIX(config-failover)# secondary
PIX(config-failover)# preempt
PIX(config-failover)# exit
PIX(config)#

Step 5.

Bind the user contexts to the failover group. Assume there are two contexts, ctx1 and ctx2, in addition to admin.

PIX(config)# context ctx1
PIX(config-context)# join-failover-group 1
PIX(config-context)# exit
PIX(config)# context ctx2
PIX(config-context)# join-failover-group 2
PIX(config-context)# exit
PIX(config)#

Step 6.

Type the failover command to enable active/active failover.

Step 7.

Configure the bootstrap failover configuration on the secondary unit as shown in Example 3-28.

Example 3-28. The Initial Configuration on the Standby PIX

PIX(config)# failover lan unit secondary
PIX(config)# failover lan interface folink ethernet2
PIX(config)# failover link stfo Ethernet3
PIX(config)# failover interface ip folink 1.1.1.1 255.255.255.0 standby 1.1.1.2
PIX(config)# failover interface ip stfo 2.2.2.1 255.255.255.0 standby 2.2.2.2
! This command is optional but recommended
PIX(config)# failover key cisco123
PIX(config)# failover lan enable
PIX(config)# failover

Step 8.

After failover is up, on the Primary unit (i.e., Active for failover group 1), issue the write memory command to save the configuration to flash.