Cisco ASA Series Cli Configuration Manual page 380

Software version 9.0 for the services module
Hide thumbs Also See for ASA Series:
Table of Contents

Advertisement

Information About Active/Active Failover
Failure to enter the commands on the appropriate unit for command replication to occur causes the
configurations to be out of synchronization. Those changes may be lost the next time the initial
configuration synchronization occurs.
Table 1-1
Table 1-1
Commands Replicated to the Standby Unit
All configuration commands except for mode,
firewall, and failover lan unit
copy running-config startup-config
delete
mkdir
rename
rmdir
write memory
You can use the write standby command to resynchronize configurations that have become out of sync.
For Active/Active failover, the write standby command behaves as follows:
Replicated commands are not saved to the flash memory when replicated to the peer unit. They are added
to the running configuration. To save replicated commands to flash memory on both units, use the write
memory or copy running-config startup-config command on the unit that you made the changes on.
The command is replicated to the peer unit and cause the configuration to be saved to flash memory on
the peer unit.
Failover Triggers
In Active/Active failover, failover can be triggered at the unit level if one of the following events occurs:
Cisco ASA Series CLI Configuration Guide
1-4
Commands entered in the admin context are replicated from the unit on which failover group 1 is in
the active state to the unit on which failover group 1 is in the standby state.
lists the commands that are and are not replicated to the standby unit.
Command Replication
If you enter the write standby command in the system execution space, the system configuration
and the configurations for all security contexts on the ASA are written to the peer unit. This includes
configuration information for security contexts that are in the standby state. You must enter the
command in the system execution space on the unit that has failover group 1 in the active state.
Note
If there are security contexts in the active state on the peer unit, the write standby command
causes active connections through those contexts to be terminated. Use the failover active
command on the unit providing the configuration to make sure all contexts are active on that
unit before entering the write standby command.
If you enter the write standby command in a security context, only the configuration for the security
context is written to the peer unit. You must enter the command in the security context on the unit
where the security context appears in the active state.
The unit has a hardware failure.
Chapter 1
Configuring Active/Active Failover
Commands Not Replicated to the Standby Unit
All forms of the copy command except for copy
running-config startup-config
All forms of the write command except for write
memory
debug
failover lan unit
firewall
mode
show

Advertisement

Table of Contents
loading

Table of Contents