日日都要纠结 纠结的日子 要坚持。为理想 而拼搏 为生活 而漂泊。。鼓励一下自己把 问题是因为自己不够冷静 太急功近利了 。。
多模下 个模可以正常通行
但是做A A 通信 全部掉PING 全部通
只能ASA 自己PINg通
AA 主 备 的配置都是可以交换的状态配置
感觉状态 和 LOG 都有问题
是我AA 配错了么 刚才查了 CISCO 文档 他们都是公用直接 VLAN
PS 用 PIX 8.04 做了下 奇迹 不交换 主备 数据 主设备只好自己 全部ACTIVE
明天打算复习WIN 然后要抽1-2天学习VPN 然后LINUX 随便把这问题在搞搞 我想我会更纠结 折磨死他们。。。
配置如下
asa2
!
interface Ethernet0/0
!
interface Ethernet0/1
!
interface Ethernet0/2
description LAN/STATE Failover Interface
!
interface Ethernet0/3
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
!
failover
failover lan unit primary
failover lan interface lanfo Ethernet0/2
failover key bufan
failover link lanfo Ethernet0/2
failover interface ip lanfo 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover group 1
preempt
failover group 2
secondary
preempt
!
admin-context admin
context admin
allocate-interface Ethernet0/0
allocate-interface Ethernet0/1
config-url disk0:/admin.cfg
join-failover-group 1
!
context A
allocate-interface Ethernet0/1
allocate-interface Ethernet0/3
config-url disk0:/AA.cfg
join-failover-group 2
ciscoasa/admin
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
!
interface Ethernet0/1
nameif outside
security-level 0
ip address 10.0.0.1 255.255.255.0 standby 10.0.0.2
contxt A
interface Ethernet0/1
nameif outside
security-level 0
ip address 10.0.0.22 255.255.255.0 standby 10.0.0.33
!
interface Ethernet0/3
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2
!
备份设备
failover lan unit sec
failover lan interface lanfo Ethernet0/2
failover key bufan
failover link lanfo Ethernet0/2
failover interface ip lanfo 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover group 1
preempt
failover group 2
secondary
preempt
!
LOG 和状态都不对头
主设备 抢占
Group 1 preempt mate
Group 1 preempt mate
备设备也抢占 自己2
Group 2 preempt mate
Group 2 preempt mate
主设备状态
sh failover
Failover On
Failover unit Primary
Failover LAN Interface: lanfo Ethernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 3 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 8.0(2), Mate 8.0(2)
Group 1 last failover at: 01:36:05 UTC Nov 30 1999
Group 2 last failover at: 01:35:02 UTC Nov 30 1999
This host: Primary
Group 1 State: Active
Active time: 2025 (sec)
Group 2 State: Failed
Active time: 168 (sec)
slot 0: empty
admin Interface outside (10.0.0.1): Normal (Waiting)
admin Interface inside (192.168.1.1): Normal (Waiting)
A Interface outside (10.0.0.33): Normal (Waiting)
A Interface inside (172.16.1.2): Failed (Waiting)
slot 1: empty
Other host: Secondary
Group 1 State: Standby Ready
Active time: 459 (sec)
Group 2 State: Active
Active time: 2407 (sec)
slot 0: empty
admin Interface outside (10.0.0.2): Normal (Waiting)
admin Interface inside (192.168.1.2): Normal (Waiting)
A Interface outside (10.0.0.22): Normal (Waiting)
A Interface inside (172.16.1.1): Normal (Waiting)
slot 1: empty
Stateful Failover Logical ** Statistics
Link : lanfo Ethernet0/2 (up)
Stateful Obj xmit xerr rcv rerr
General 377 0 362 1
sys cmd 339 0 337 1
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 38 0 25 0
Xlate_Timeout 0 0 0 0
SIP Session 0 0 0 0
Logical ** Queue Information
Cur Max Total
Recv Q: 0 2 363
Xmit Q: 0 1 377
状态是 WATI 很不对 CISCO 解释
In summary, check these steps to narrow down the failover problems:
- Check the network cables connected to the interface in the waiting/failed state and, if it is possible, replace them.
- If there is a switch connected between the two units, verify that the networks connected to the interface in the waiting/failed state function correctly.
- Check the switch port connected to the interface in the waiting/failed state and, if it is possible, use the another FE port on the switch..
- Check that you have enabled port fast and disabled both trunking and channeling on the switch ports that are connected to the interface
小弟刚学习 不太明白 谢谢了
|
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
发表于 2011-4-12 00:23:19
提升卡
置顶卡
变色卡
显身卡
发表于 2011-4-12 17:06:18