Chapter 14
Configuring Failover
Command Replication
As commands are entered on the active unit, they are sent across the failover link to the standby unit.
Command replication always flows from the active unit to the standby unit. Replicated commands are
stored in the running configuration of the standby unit. Saving the running configuration to the startup
configuration on the active unit causes the running configuration to be saved to the startup configuration
on the standby unit; however, you do not have to save the active configuration to Flash memory to
replicate the commands.
Note
The RSA keys are not synchronized from the primary to the secondary unit in FWSM.
The following commands are replicated to the standby unit:
•
•
•
•
•
•
•
The following commands are not replicated to the standby unit:
•
•
•
•
•
•
•
•
•
Changes made on the standby unit are not replicated to the active unit. If you enter a command on the
standby unit, FWSM displays the message
performed from Standby unit to Active unit. Configurations are no longer synchronized.
This message displays even when you enter many commands that do not affect the configuration.
Failover Triggers
The unit can fail if one of the following events occurs:
•
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
all configuration commands except for the mode and failover lan unit commands
copy running-config startup-config
delete
mkdir
rename
rmdir
write memory
all forms of the copy command except for copy running-config startup config
all forms of the write command except for write memory
asdm disconnect
debug
failover lan unit
failover suspend-config-sync
mode
show
ssh disconnect
The unit has a hardware failure or a power failure.
The unit has a software failure.
Too many monitored interfaces fail.
The no failover active command is entered on the active unit or the failover active command is
entered on the standby unit.
**** WARNING **** Configuration Replication is NOT
Understanding Failover
14-11