autostart = False
[localhost:7200]
workingdir = C:\Documents and Settings\j017903\Dynamips\PIX_Context\wrk
[[3745]]
image = C:\Documents and Settings\j017903\Dynamips\images\C3745-AD.BIN
ram = 128
ghostios = True
[[router R1]]
model = 3745
f0/0 = SW1 1
[[Router R2]]
model = 3745
f0/0 = SW1 2
[[Router R3]]
model = 3745
f0/0 = SW1 3
[[ETHSW SW1]]
1 = access 121 # R1
2 = access 122 # R2
3 = access 123 # R3
4 = access 123 # outside PIX1
5 = access 123 # outside PIX2
6 = access 999 # failover PIX1
7 = access 999 # failover PIX2
8 = access 121 # PIX1 inside
9 = access 121 # PIX2 inside
[pemu localhost]
[[525]]
image = C:\Documents and Settings\j017903\Dynamips\images\pix804.bin
[[FW PIX1_context]]
e0 = SW1 4 # outside PIX1
e1 = SW1 8 # PIX1 inside
e2 = SW1 6 # failover PIX1
[[FW PIX2_context]]
e0 = SW1 5 # outside PIX2
e1 = SW1 9 # PIX2 inside
e2 = SW1 7 # failover PIX2
Configuration of PIX1
pix1# sh run
: Saved
:
PIX Version 8.0(4)
!
hostname pix1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0
!
interface Ethernet1
!
interface Ethernet1.121
vlan 121
!
interface Ethernet1.122
vlan 122
!
interface Ethernet2
description LAN/STATE Failover Interface
pix1# sh mode
Security context mode: multiple
pix1# sh context
Context Name Class Interfaces URL
*admin default flash:/admin.cfg
CustomerA default Ethernet0,Ethernet1.121 flash:/CustomerA.cfg
CustomerB default Ethernet0,Ethernet1.122 flash:/CustomerB
Total active Security Contexts: 3
pix1# sh run failover
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
failover link failover Ethernet2
failover interface ip failover 100.100.100.12 255.255.255.0 standby 100.100.100.13
failover group 1
preempt
failover group 2
secondary
preempt
failover group 1
preempt
failover group 2
secondary
preempt
admin-context admin
context admin
config-url flash:/admin.cfg
!
context CustomerA
description CustomerA
allocate-interface Ethernet0
allocate-interface Ethernet1.121
config-url flash:/CustomerA.cfg
join-failover-group 1
!
context CustomerB
description CustomerB
allocate-interface Ethernet0
allocate-interface Ethernet1.122
config-url flash:/CustomerB
join-failover-group 2
The other unit is not yet configured :
No Response from Mate
Group 1 No Response from Mate, Switch to Active
Group 2 No Response from Mate, Switch to Active
pix1# sh failover state
State Last Failure Reason Date/Time
This host - Primary
Group 1 Active None
Group 2 Active None
Other host - Secondary
Group 1 Failed Comm Failure 17:27:31 UTC Jul 28 2009
Group 2 Failed Comm Failure 17:27:31 UTC Jul 28 2009
====Configuration State===
====Communication State===
After configuring and starting PIX2:
pix2# sh run failover
failover
failover lan unit secondary
failover lan interface failover Ethernet2
failover lan enable
failover link failover Ethernet2
failover interface ip failover 100.100.100.12 255.255.255.0 standby 100.100.100.13
The following messages appear on secondary unit:
pix2#
State check detected an Active mate
Beginning configuration replication from mate.
Removing context 'admin' (1)... Done
INFO: Admin context is required to get the interfaces
Creating context 'admin'... Done. (2)
WARNING: Skip fetching the URL flash:/admin.cfg
INFO: Creating context with default config
INFO: Admin context will take some time to come up .... please wait.
Creating context 'CustomerA'... Done. (3)
WARNING: Skip fetching the URL flash:/CustomerA.cfg
INFO: Creating context with default config
Creating context 'CustomerB'... Done. (4)
WARNING: Skip fetching the URL flash:/CustomerB
INFO: Creating context with default config
Group 1 Detected Active mate
Group 2 Detected Active mate
End configuration replication from mate.
Group 2 preempt mate
And finally
pix1# sh failover
Failover On
Cable status: N/A - LAN-based failover enabled
Failover unit Primary
Failover LAN Interface: failover Ethernet2 (up)
Unit Poll frequency 15 seconds, holdtime 45 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 250 maximum
Version: Ours 8.0(4), Mate 8.0(4)
Group 1 last failover at: 17:30:56 UTC Jul 28 2009
Group 2 last failover at: 17:35:07 UTC Jul 28 2009
This host: Primary
Group 1 State: Active
Active time: 450 (sec)
Group 2 State: Standby Ready
Active time: 405 (sec)
CustomerA Interface outside (136.1.130.253): Normal (Waiting)
CustomerA Interface inside (10.0.0.254): Normal (Not-Monitored )
CustomerB Interface outside (0.0.0.0): Normal (Waiting)
CustomerB Interface inside (0.0.0.0): Normal (Not-Monitored)
Other host: Secondary
Group 1 State: Standby Ready
Active time: 0 (sec)
Group 2 State: Active
Active time: 45 (sec)
CustomerA Interface outside (0.0.0.0): Normal (Waiting)
CustomerA Interface inside (0.0.0.0): Normal (Not-Monitored)
CustomerB Interface outside (136.1.130.254): Normal (Waiting)
CustomerB Interface inside (10.0.0.254): Normal (Not-Monitored)
Stateful Failover Logical Update Statistics
Link : failover Ethernet2 (up)
Stateful Obj xmit xerr rcv rerr
General 7 0 7 0
sys cmd 7 0 7 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
SIP Session 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 1 7
Xmit Q: 0 1 9
Group 1 is active on primary unit and Group 2 on Secondary Unit
Full config of PIX1:
PIX Version 8.0(4)
!
hostname pix1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0
!
interface Ethernet1
!
interface Ethernet1.121
vlan 121
!
interface Ethernet1.122
vlan 122
!
interface Ethernet2
description LAN/STATE Failover Interface
!
interface Ethernet3
shutdown
!
interface Ethernet4
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface failover Ethernet2
failover lan enable
failover link failover Ethernet2
failover interface ip failover 100.100.100.12 255.255.255.0 standby 100.100.100.13
failover group 1
preempt
failover group 2
secondary
preempt
no asdm history enable
arp timeout 14400
admin-context admin
context admin
config-url flash:/admin.cfg
!
context CustomerA
description CustomerA
allocate-interface Ethernet0
allocate-interface Ethernet1.121
config-url flash:/CustomerA.cfg
join-failover-group 1
!
context CustomerB
description CustomerB
allocate-interface Ethernet0
allocate-interface Ethernet1.122
config-url flash:/CustomerB
join-failover-group 2
!
prompt hostname context
No comments:
Post a Comment