Failover triggers – Cisco ASA 5505 User Manual

63-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 63 Configuring Active/Active Failover

Information About Active/Active Failover

•

Commands entered in the admin context are replicated from the unit on which failover group 1 is in
the active state to the unit on which failover group 1 is in the standby state.

Failure to enter the commands on the appropriate unit for command replication to occur causes the
configurations to be out of synchronization. Those changes may be lost the next time the initial
configuration synchronization occurs.

Table 63-1

lists the commands that are and are not replicated to the standby unit.

You can use the write standby command to resynchronize configurations that have become out of sync.
For Active/Active failover, the write standby command behaves as follows:

•

If you enter the write standby command in the system execution space, the system configuration
and the configurations for all security contexts on the ASA are written to the peer unit. This includes
configuration information for security contexts that are in the standby state. You must enter the
command in the system execution space on the unit that has failover group 1 in the active state.

Note

If there are security contexts in the active state on the peer unit, the write standby command
causes active connections through those contexts to be terminated. Use the failover active
command on the unit providing the configuration to make sure all contexts are active on that
unit before entering the write standby command.

•

If you enter the write standby command in a security context, only the configuration for the security
context is written to the peer unit. You must enter the command in the security context on the unit
where the security context appears in the active state.

Replicated commands are not saved to the flash memory when replicated to the peer unit. They are added
to the running configuration. To save replicated commands to flash memory on both units, use the write
memory or copy running-config startup-config command on the unit that you made the changes on.
The command is replicated to the peer unit and cause the configuration to be saved to flash memory on
the peer unit.

Failover Triggers

In Active/Active failover, failover can be triggered at the unit level if one of the following events occurs:

•

The unit has a hardware failure.

Table 63-1

Command Replication

Commands Replicated to the Standby Unit

Commands Not Replicated to the Standby Unit

All configuration commands except for mode,
firewall, and failover lan unit

All forms of the copy command except for copy
running-config startup-config

copy running-config startup-config

All forms of the write command except for write
memory

delete

debug

mkdir

failover lan unit

rename

firewall

rmdir

mode

write memory

show