Aaron's Worthless Words

It's possible that someone somewhere needs to know this.

Running Commands on a Standby ASA from the Active

November 22, 2010 By jac 4

I was exploring commands on the ASA a while back and discovered that you can run commands on the standby unit from the active.  It’s a bit weird, though, since you actually run the commands from config mode.

As an example, if you want to do a show interface OUTSIDE on the standby unit to see what the status is, you would do this.

firewall(config)#failover exec standby show interface OUTSIDE
Interface Ethernet0/0 "OUTSIDE", is up, line protocol is up
 Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
<SNIP>

Pretty handy when you want to know information about the other firewall without having to log into that sucker (and getting confused by the same prompts and reloading the wrong mate).

Send any misplaced commands questions my way.

jac
Latest posts by jac (see all)
Categoryasa
Tagsasa config exec failover

About The Author

Aaron does lots of stuff and, therefore, does nothing well. He's trying, though. https://masto.ai/@aconaway

4 thoughts on “Running Commands on a Standby ASA from the Active”

  • RichardF says:
    November 24, 2010 at 12:27 am

    Personally, I always set "prompt hostname state", not always necessary when using connection managers like securecrt but is very comforting when wanting to reboot secondaries or working via console.
    Can even go as far as “prompt hostname priority state” but really when you are working in a HA pair the primary is only a name.
     
     
     

    Reply
  • rxtx says:
    November 24, 2010 at 5:30 pm

    Its even better than that, you can use it to send commands the other way (from standby to active). Predictably the syntax for this is "failover exec active …". This has come in handy on the couple of occasions that one of our primary units has stopped accepting management traffic for whatever reason.

    Reply
  • Stubby Post – Changing the Prompt on the ASA | Aaron's Worthless Words says:
    January 19, 2011 at 10:08 pm

    […] commented on an article I wrote last November and mentioned the prompt command in the ASA.  I never set aside any time to research it, but I […]

    Reply
  • vasileiosf@hotmail.com says:
    July 17, 2015 at 4:47 am

    That was great help!! I was looking for hours how to get the macs from the failover device. Your post was the only ONE answearing to this.
    Thanks again

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *