All Cisco-Network Study Notes: Monitoring Failover

Monitoring Failover

The primary adjustment of ecology failover action is to use the appearance failover

command, which can be run on either firewall.This command tells you virtually

everything you appetite to apperceive about failover. One of the best important pieces

of advice this command reveals is the cachet of the failover cable, which is

provided in the additional band of the output. It can accept four accessible values:

Normal This agency that the cable is operating commonly and that the

primary and accessory firewall are affiliated properly.

My ancillary not affiliated This agency that the consecutive cable is not connected

to the firewall (primary or secondary) on which you entered the

command.

Added ancillary is not affiliated This agency that the consecutive cable is not

connected to the added firewall (the one added than the one on which

you are accounting this command).

Added ancillary powered off This agency that the consecutive cable is connected

to the added assemblage properly, but the added firewall is powered off.

In the command output, you will additionally see flags abutting to anniversary interface.The

meaning of anniversary banderole is listed here:

Normal The interface is activity properly.

Link Bottomward The band agreement on the interface is down.

Bootless The interface has failed.

Shut Bottomward The interface has been administratively shut down.

Unknown This interface has not yet been configured with an IP

address.The cachet of this interface has not yet been determined.

Waiting Ecology of this interface on the added firewall has not yet

started.

With stateful failover enabled, the appearance failover command additionally displays the

logical amend statistics.The agreement that updates accompaniment advice from the

active firewall to the standby firewall over the committed stateful failover LAN link

is accepted as the Logical Amend (LU) protocol.The LU agreement is a real-time,

UDP-like agreement that works asynchronously in the accomplishments over IP 105.

www.syngress.com

Configuring Failover • Chapter 8 431

When you use stateful failover, you will see the afterward stateful altar listed in

the Logical Amend statistics section:

General The sum of all objects.

sys cmd Logical arrangement amend commands, such as login.

up time Uptime advice that is anesthetized from the alive to the

standby unit.

xlate The adaptation table.

tcp conn TCP affiliation information.

udp conn Dynamic UDP affiliation information.

ARP tbl Dynamic ARP table information.

RIP Tbl Dynamic acquisition table information.

For anniversary of these stateful objects, the afterward statistics are available:

xmit The cardinal of packets transmitted to the added firewall.

xerr The cardinal of errors that occurred while transmitting to the

other firewall.

rcv The cardinal of accustomed packets.

rerr The cardinal of errors that occurred while accepting packets from

the added firewall.

The command additionally displays the cardinal of current, maximum, and absolute number

of packets in the Logical Amend address (Xmit) and accept (Recv) queues.

As always, for those who are absorbed in ecology failover operation at a

very abstruse and abundant level, the PIX firewall provides alter commands for

monitoring failover operation.The command is as follows:

debug fover

Here, advantage can be any of the keywords listed in Table 8.1.

Table 8.1 Failover Alter Options

Keyword Description

cable Failover cable status.

fail Failover centralized exception.

www.syngress.com

Continued

432 Chapter 8 • Configuring Failover

Keyword Description

fmsg Failover message.

get IP arrangement packet received.

ifc Arrangement interface cachet trace.

open Failover accessory open.

put IP arrangement packet transmitted.

rx Failover cable receive.

rxdmp Cable recv bulletin dump (serial animate only).

rxip IP arrangement failover packet received.

tx Failover cable transmit.

txdmp Cable xmit bulletin dump (serial animate only).

txip IP arrangement failover packet transmit.

verify Failover bulletin verify.

switch Failover switching status.