Simon Fitzgerald
asked on
Poor failover performance of WS-SVC-ASA-SM1 in WS6506-E
Hello, I am trying to deploy an active/active multi-context solution using the hardware noted above.
I believe I have done all required to get this working however I am still seeing fail over times of
around 50 seconds.
The ASAs blades and the supervisors have identical images:-
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>
Device Manager Version 6.5(1)
Compiled on Thu 09-May-13 16:20 PDT by builders
Hendon up 17 days 21 hours
failover cluster up 26 days 21 hours
Hardware: WS-SVC-ASA-SM1
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9
I have this config on both the 6506 supers:-
firewall autostate
firewall multiple-vlan-interfaces
firewall module 6 vlan-group 56
firewall vlan-group 56 12,41-44,51-54,56-60,68,69
firewall vlan-group 56 2051,2053,2054,2057,2060,2
firewall vlan-group 56 2188,2197,2199
I can paste in further content on request. Any help would be much appreciated.
Many thanks
I believe I have done all required to get this working however I am still seeing fail over times of
around 50 seconds.
The ASAs blades and the supervisors have identical images:-
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>
Device Manager Version 6.5(1)
Compiled on Thu 09-May-13 16:20 PDT by builders
Hendon up 17 days 21 hours
failover cluster up 26 days 21 hours
Hardware: WS-SVC-ASA-SM1
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9
I have this config on both the 6506 supers:-
firewall autostate
firewall multiple-vlan-interfaces
firewall module 6 vlan-group 56
firewall vlan-group 56 12,41-44,51-54,56-60,68,69
firewall vlan-group 56 2051,2053,2054,2057,2060,2
firewall vlan-group 56 2188,2197,2199
I can paste in further content on request. Any help would be much appreciated.
Many thanks
ASKER
Thanks for your quick response Predrag. Yes we are using spanning tree. I have a 4500
used for connecting 'users' to vlan 2060 and that 4500 has two links, one to each of the 6506 switches on vlan 2060.
Having said that now it is of course the 4500 that is taking the time to fail over..but i can't turn if off due the loop....thinking we should enable rapid spanning tree....will give that a go and let you know. Thanks
Thanks again
used for connecting 'users' to vlan 2060 and that 4500 has two links, one to each of the 6506 switches on vlan 2060.
Having said that now it is of course the 4500 that is taking the time to fail over..but i can't turn if off due the loop....thinking we should enable rapid spanning tree....will give that a go and let you know. Thanks
Thanks again
ASKER
Hello Predrag, I enabled rpst and 'failover autostate' and all is much quicker now, thanks for that.
Would you advise disabling spanning tree altogether on the access switches and leave it running on the two 6506s which contain the ASA SMs ?
Thanks
Would you advise disabling spanning tree altogether on the access switches and leave it running on the two 6506s which contain the ASA SMs ?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Predrag, sorry for the delay...thanks for your answer.
No problem...
You're welcome.
You're welcome.
30 seconds - Listening + Learning
20 seconds - Max Age