02-25-2019 11:53 AM
I am having trouble trying to get a PA-5220 to commit, when attempting to configure HA1, not on the
ha1-a default interface, but rather on aux-1. The same applies when configuring HA1-Backup to use aux-2.
I can commit with this config, under high-availabilty:
set deviceconfig high-availability group 1 peer-ip 192.168.0.2
set deviceconfig high-availability group 1 peer-ip-backup 192.168.2.2
set deviceconfig high-availability group 1 mode active-passive passive-link-state auto
set deviceconfig high-availability group 1 election-option device-priority 90
set deviceconfig high-availability group 1 election-option timers recommended
set deviceconfig high-availability group 1 state-synchronization enabled yes
set deviceconfig high-availability group 1 state-synchronization transport ip
set deviceconfig high-availability interface ha1 port aux-1
set deviceconfig high-availability interface ha1 ip-address 192.168.0.1
set deviceconfig high-availability interface ha1 netmask 255.255.255.0
set deviceconfig high-availability interface ha1-backup port aux-2
set deviceconfig high-availability interface ha1-backup ip-address 192.168.2.1
set deviceconfig high-availability interface ha1-backup netmask 255.255.255.0
set deviceconfig high-availability interface ha2 ip-address 192.168.1.1
set deviceconfig high-availability interface ha2 netmask 255.255.255.0
set deviceconfig high-availability interface ha2 port ethernet1/19
set deviceconfig high-availability interface ha2-backup port ethernet1/2
set deviceconfig high-availability interface ha2-backup ip-address 192.168.3.1
set deviceconfig high-availability interface ha2-backup netmask 255.255.255.0
set deviceconfig high-availability interface ha3
set deviceconfig high-availability enabled no
But if I change the last line:
set deviceconfig high-availability enabled yes
I get the follow error when I try to commit:
Commit job 19 is in progress. Use Ctrl+C to return to command prompt ... High-availability ha1 IP information will use interface IP information if port is 'aux-1'. Please remove IP information from ha1(Module: ha_agent) Error: HA1 Port is not configured Error: ha configuration error (Module: device) Commit failed
If I drop back and use ha1-a for ha1, and ha1-b for ha1-backup, it commits just fine.
Any ideas as to why this is not working?
Thanks.
Clarke
02-25-2019 12:07 PM
So when you utilize the aux1 or aux2 ports for HA you'll actually want to leave out the following commands:
set deviceconfig high-availability interface ha1 ip-address 192.168.0.1 set deviceconfig high-availability interface ha1 netmask 255.255.255.0 set deviceconfig high-availability interface ha1-backup ip-address 192.168.2.1 set deviceconfig high-availability interface ha1-backup netmask 255.255.255.0
You don't want to configure this information in the actual HA settings. You'll want to configure it on the actual AUX interfaces itself.
set deviceconfig system aux-1 ip-address 192.168.0.1 set deviceconfig system aux-1 netmask 255.255.255.0 set deviceconfig system aux-2 ip-address 192.168.2.1 set deviceconfig system aux-2 ip-address 255.255.255.0
02-25-2019 12:07 PM
So when you utilize the aux1 or aux2 ports for HA you'll actually want to leave out the following commands:
set deviceconfig high-availability interface ha1 ip-address 192.168.0.1 set deviceconfig high-availability interface ha1 netmask 255.255.255.0 set deviceconfig high-availability interface ha1-backup ip-address 192.168.2.1 set deviceconfig high-availability interface ha1-backup netmask 255.255.255.0
You don't want to configure this information in the actual HA settings. You'll want to configure it on the actual AUX interfaces itself.
set deviceconfig system aux-1 ip-address 192.168.0.1 set deviceconfig system aux-1 netmask 255.255.255.0 set deviceconfig system aux-2 ip-address 192.168.2.1 set deviceconfig system aux-2 ip-address 255.255.255.0
02-25-2019 12:51 PM
Thanks, BPry. That does the trick.
Just wanted to note a typo. The last configuration line should be this, instead of what you had:
set deviceconfig system aux-2 netmask 255.255.255.0
Worked like a champ.
Clarke
03-27-2023 07:58 AM
Hi Team,
I'm trying to commit templets from Panorama to physical devices but getting below error message. could some help me on this? because new to polo's.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
