Guest

Preview Tool

Cisco Bug: CSCsz02849 - Long delay before standby becomes active if unit holdtime misconfigured

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4.28)

Description (partial)

Symptom:
If the active unit in a failover pair of firewalls crashes or is powered off, the standby unit might not take the active role for up to 5 minutes. This might cause a traffic outage through the network during this time.

Conditions:
The following conditions must be true to hit this bug:
1) The firewalls must be configured for failover. Issue the command 'show failover' to determine if the firewall is configured for failover
2) The unit holdtime on the firewall is greater than the configured interface holdtime. To determine if this is the case, issue the command 'show run all fail'. In the example below, the unit holdtime is 15 seconds, while the interface holdtime is 5 seconds:

-----------------------------------------------------------------------------------
ASA(config)# sh run all fail
failover
failover lan unit primary
failover lan interface failoverinterface GigabitEthernet0/2
failover polltime unit 1 holdtime 15
failover polltime interface msec 500 holdtime 5
-----------------------------------------------------------------------------------
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.