Cisco Cisco ASA 5510 Adaptive Security Appliance 문제 해결 가이드
ASA FAQ: Why does the "show failover history"
command indicate a configuration mismatch?
command indicate a configuration mismatch?
Document ID: 117906
Contributed by Haitham Jaradat and Magnus Mortensen, Cisco TAC
Engineers.
Jul 28, 2014
Engineers.
Jul 28, 2014
Contents
Introduction
Why does the "show failover history" command indicate a configuration mismatch?
Related Information
Why does the "show failover history" command indicate a configuration mismatch?
Related Information
Introduction
This document describes why a show failover history command ouput sometimes shows that the Adaptive
Security Appliance (ASA) standby firewall transitioned from a "Standby Ready" state into a "Cold Standby"
state due to a "Configuration Mismatch".
Security Appliance (ASA) standby firewall transitioned from a "Standby Ready" state into a "Cold Standby"
state due to a "Configuration Mismatch".
Why does the "show failover history" command indicate a
configuration mismatch?
configuration mismatch?
An ASA active/standby failover configuration allows a standby ASA to take over the functionality of an
active failed ASA. Failover functionality requires that the active and standby appliance configurations remain
synchronized. A show failover history command ouput sometimes shows that the standby firewall
transitioned from a "Standby Ready" state into a "Cold Standby" state due to a "Configuration Mismatch".
active failed ASA. Failover functionality requires that the active and standby appliance configurations remain
synchronized. A show failover history command ouput sometimes shows that the standby firewall
transitioned from a "Standby Ready" state into a "Cold Standby" state due to a "Configuration Mismatch".
ASA/stb# show failover history
==========================================================================
From State To State Reason
==========================================================================
16:01:05 CET Sep 23 2013
Standby Ready Cold Standby Configuration mismatch
16:01:07 CET Sep 23 2013
Cold Standby Sync Config Configuration mismatch
16:01:31 CET Sep 23 2013
Sync Config Sync File System Configuration mismatch
16:01:31 CET Sep 23 2013
Sync File System Bulk Sync Configuration mismatch
16:01:47 CET Sep 23 2013
Bulk Sync Standby Ready Configuration mismatch
The transition from "Standby Ready" to "Cold Standby" on the standby ASA is caused when a user enters a
write standby command from the active firewall. This command is sometimes mistakenly used in order to
save the configuration on the standby unit. However, the write standby command forces a complete
resynchronization of the configuration from the active firewall to the standby firewall and should not be used
during normal ASA operation.
write standby command from the active firewall. This command is sometimes mistakenly used in order to
save the configuration on the standby unit. However, the write standby command forces a complete
resynchronization of the configuration from the active firewall to the standby firewall and should not be used
during normal ASA operation.
If you want to save the standby ASA in−service configuration to flash, enter the write mem command on the
active unit. This command is synchronized between both units and writes the configuration to flash on both
the active and standby firewalls.
active unit. This command is synchronized between both units and writes the configuration to flash on both
the active and standby firewalls.