Configure HA1/HA2 command line

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configure HA1/HA2 command line

L2 Linker

Need to configure the following in CLI:

Control Link (HA1)

Port ha1-a

 

Control Link (HA1 Backup)
Port ha1-b
 
Data Link (HA2)
Port ethernet1/1
 
Data Link (HA2 Backup)
Port ethernet1/2
 
Any insight would be appreciated.
21 REPLIES 21

L2 Linker

configure
set network interface ethernet ethernet1/1 ha
set network interface ethernet ethernet1/2 ha

set deviceconfig high-availability enabled yes

set deviceconfig high-availability interface ha1 port ha1-a
set deviceconfig high-availability interface ha1 ip-address 192.168.6.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha1 port ha1-b
set deviceconfig high-availability interface ha1 ip-address 192.168.16.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/1
set deviceconfig high-availability interface ha2 ip-address 192.168.26.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/2
set deviceconfig high-availability interface ha2 ip-address 192.168.36.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability group group-id 1 peer-ip 192.168.6.45
set deviceconfig high-availability group group-id 1 peer-ip-backup 192.168.16.45
set deviceconfig high-availability group group-id 1 mode active-passive passive-link-state auto
set deviceconfig high-availability group group-id 1 election-option device-priority 100
set deviceconfig high-availability group group-id 1 election-option timers aggressive
set deviceconfig high-availability group group-id 1 state-synchronization enabled yes
set deviceconfig high-availability group group-id 1 state-synchronization transport ip

commit description "Configuring high availability"

L4 Transporter

The HA commands are all under:

set deviceconfig high-availability

 

To set the ethernet interfaces as HA, you need to use the:

set network interface ethernet 1/1 ha

@rmfalconer 

Thank you, for the most part i think I got it:

configure
set network interface ethernet ethernet1/1 ha
set network interface ethernet ethernet1/2 ha

set deviceconfig high-availability enabled yes

set deviceconfig high-availability interface ha1 port ha1-a
set deviceconfig high-availability interface ha1 ip-address 192.168.6.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha1 port ha1-b
set deviceconfig high-availability interface ha1 ip-address 192.168.16.44
set deviceconfig high-availability interface ha1 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/1
set deviceconfig high-availability interface ha2 ip-address 192.168.26.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability interface ha2 port ethernet1/2
set deviceconfig high-availability interface ha2 ip-address 192.168.36.44
set deviceconfig high-availability interface ha2 netmask 255.255.255.0

set deviceconfig high-availability group group-id 1 peer-ip 192.168.6.45
set deviceconfig high-availability group group-id 1 peer-ip-backup 192.168.16.45
set deviceconfig high-availability group group-id 1 mode active-passive passive-link-state auto
set deviceconfig high-availability group group-id 1 election-option device-priority 100
set deviceconfig high-availability group group-id 1 election-option timers aggressive
set deviceconfig high-availability group group-id 1 state-synchronization enabled yes
set deviceconfig high-availability group group-id 1 state-synchronization transport ip

commit description "Configuring high availability"

 

My issue now is that when i try to commit I get the following:

Validation Error:
network -> virtual-wire -> default-vwire -> interface1 'ethernet1/1' is not a valid reference
network -> virtual-wire -> default-vwire -> interface1 is invalid
[edit]

 

And I'm stuck again........

 

There is a default-vwire that comes with new PAs that includes e1/1 and e1/2. Delete that vwire first then apply the config.

I can't figure out how to do that via the CLI.  Do you happen to know?

I can't find how to do that via the CLI, do you happen to know?

# delete network virtual-wire
<name> <name>

# delete network virtual-wire default-vwire

No object to delete in delete handler

 

I thought that was it, bit it isn't working.

You need quotes since there's a space in the name.

delete network virtual-wire "Default VWire"

 

@MrWonderful 

Normally you should see this from CLI

delete network virtual-wire
default default
<name> <name>

)# delete network virtual-wire default

[edit]

Where default is name of virtual wire.

 

In your case you need command  below

PA# delete network virtual-wire  "default-vwire"

Check the output of below command 

 

PA>show virtual-wire all

total virtual-wire shown : 0
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------

 

You should see none here if you have no virtual wire config in your PA.

 

Regards

 

MP

Help the community: Like helpful comments and mark solutions.

Sorry, that didn't work.

admin# delete network virtual-wire "Default VWire"

No object to delete in delete handler

@MP18 @rmfalconer 

I do appreciate all that help.

admin> show virtual-wire all

total virtual-wire shown : 1
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------
default-vwire ethernet1/1 ethernet1/2 p

 

I did that before, so I know I have the name correct, but nothing will seem to let me delete this thing:

admin# delete network virtual-wire

Invalid syntax.
[edit]
admin# delete network virtual-wire
<name> <name>

admin# delete network virtual-wire default-vwire

No object to delete in delete handler

[edit]
admin# delete network virtual-wire "default-vwire"

No object to delete in delete handler

[edit]

whats the output of this command 

# delete network virtual-wire ?
<name> <name>

 

Just to confirm seems it is empty right?

Also you have super user right on the PA need to confirm that?

 

MP

Help the community: Like helpful comments and mark solutions.

@MP18 

I'm logged on a super.

admin# delete network virtual-wire

Invalid syntax.
[edit]

 

That's what I get with that.  It should be, as i walk my way through the commands with a ? to see the options:

admin# delete network virtual-wire default-vwire

But this is the result of that:

No object to delete in delete handler

 

I know there is one because of this though:

admin> show virtual-wire all

total virtual-wire shown : 1
flags : m - multicast firewalling
p - link state pass-through
s - vlan sub-interface
i - ip+vlan sub-interface
t - tenant sub-interface

name interface1 interface2 flags allowed-tags
--------------------------------------------------------------------------------
default-vwire ethernet1/1 ethernet1/2 p

 

So, I don't get it.  I'm clearly missing something here.

The guide said to do this:

Step 3 (Optional) The firewall comes preconfigured with a default virtual wire interface between ports Ethernet 1/1
and Ethernet 1/2 (and a corresponding default security policy and zones). If you do not plan to use this virtual wire configuration, you must manually delete the configuration to prevent it from interfering with other interface settings you define.


You must delete the configuration in the following order:
1. To delete the default security policy, select Policies >
Security, select the rule, and click Delete.
2. To delete the default virtual wire, select Network > Virtual
Wires, select the virtual wire and click Delete.
3. To delete the default trust and untrust zones, select Network
> Zones, select each zone and click Delete.

 

Although I had to do step three before step two - and then it worked.

  • 8069 Views
  • 21 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!