Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cisco ASA - show failover error #424

Closed
edurguti opened this issue Jul 4, 2019 · 1 comment
Closed

Cisco ASA - show failover error #424

edurguti opened this issue Jul 4, 2019 · 1 comment
Labels
bug

Comments

@edurguti
Copy link

edurguti commented Jul 4, 2019

ISSUE TYPE
  • Bug Report
TEMPLATE USING
 cat ~/ntc-templates/templates/cisco_asa_show_failover.template 
Value STATE (\S+)
Value ROLE (\S+)
Value LAN_INTF_NAME (\S+)
Value LAN_INTF (\S+)
Value LAN_INTF_STATE (\S+)
Value SW_VERSION (\S+)
Value SW_VERSION_MATE (\S+)
Value List FAILOVER_GROUP (\d+)
Value List LAST_FAILOVER_TIME (\d+:\d+:\d+)
Value List LAST_FAILOVER_TIMEZONE (\w+)
Value List LAST_FAILOVER_MONTH (\w+)
Value List LAST_FAILOVER_DAY (\d+)
Value List LAST_FAILOVER_YEAR (\d+)
Value List SERVICE_STATE (.*?)
Value List SERVICE_STATE_MATE (.*?)
Value List SSP_SLOT (\d+)
Value List SSP_MODEL (\S+)
Value List SSP_STATUS (\S+)
Value List SSP_SLOT_MATE (\d+)
Value List SSP_MODEL_MATE (\S+)
Value List SSP_STATUS_MATE (\S+)
Value List INTERFACES_CONTEXT (\S+)
Value List INTERFACES (\S+)
Value List INTERFACES_STATUS (.+?)
Value List INTERFACES_STATE (\S+)
Value List INTERFACES_CONTEXT_MATE (\S+)
Value List INTERFACES_MATE (\S+)
Value List INTERFACES_STATUS_MATE (.+?)
Value List INTERFACES_STATE_MATE (\S+)

Start
  ^Failover\s+${STATE}\s*$$
  ^Failover\s+unit\s+${ROLE}\s*$$
  ^Failover\s+LAN\s+Interface:\s+${LAN_INTF_NAME}\s+${LAN_INTF}\s+\(${LAN_INTF_STATE}\)\s*$$
  ^Version:\s+Ours\s+${SW_VERSION},\s+Mate\s+${SW_VERSION_MATE}\s*$$
  ^(?:Group\s+${FAILOVER_GROUP}\s+|)[Ll]ast\s+[Ff]ailover\s+at:\s+${LAST_FAILOVER_TIME}\s+${LAST_FAILOVER_TIMEZONE}\s+${LAST_FAILOVER_MONTH}\s+${LAST_FAILOVER_DAY}\s+${LAST_FAILOVER_YEAR}\s*$$
  ^\s*This\s+host:.+?-\s+${SERVICE_STATE}\s*$$ -> ThisHost
  ^\s*This\s+host:\s+\S+\s*$$ -> ThisHost
  ^Reconnect\s+timeout
  ^Unit\s+Poll\s+frequency
  ^Interface\s+Poll\s+frequency
  ^Interface\s+Policy
  ^Monitored\s+Interfaces
  ^MAC\s+Address\s+Move\s+Notification\s+Interval
  ^Serial\s+Number
  ^failover\s+replication
  ^\s*$$
  ^. -> Error

ThisHost
  ^Group\s+\d+\s+State:\s*${SERVICE_STATE}\s*$$
  ^\s*Active\s+time
  ^\s*slot\s+${SSP_SLOT}:\s+${SSP_MODEL}\s+.+?status\s+\(${SSP_STATUS}.*?\)\s*$$
  ^\s*(${INTERFACES_CONTEXT}\s+|)Interface\s+${INTERFACES}.+?:\s+${INTERFACES_STATUS}(?:\s+\(${INTERFACES_STATE}\)|)\s*$$
  # Service module has different line
  ^\s*\S+,\s+\S+,\s+\S+\s*$$
  ^\s*Other\s+host:.+?-\s+${SERVICE_STATE_MATE}\s*$$ -> OtherHost
  ^\s*Other\s+host:\s+\S+\s*$$ -> OtherHost
  ^\s*slot\s+\d+:\s+empty\s*$$
  ^\s*$$
  ^. -> Error

OtherHost
  ^Group\s+\d+\s+State:\s*${SERVICE_STATE_MATE}\s*$$
  ^\s*Active\s+time
  ^\s*slot\s+${SSP_SLOT_MATE}:\s+${SSP_MODEL_MATE}\s+.+?status\s+\(${SSP_STATUS_MATE}.*?\)\s*$$
  ^\s*(${INTERFACES_CONTEXT_MATE}\s+|)Interface\s+${INTERFACES_MATE}.+?:\s+${INTERFACES_STATUS_MATE}(?:\s+\(${INTERFACES_STATE_MATE}\)|)\s*$$
  # Service module has different line
  ^\s*\S+,\s+\S+,\s+\S+\s*$$
  ^\s*slot\s+\d+:\s+empty\s*$$
  ^Stateful\s+Failover\s+Logical\s+Update\s+Statistics\s*$$ -> Stats
  ^\s*$$
  ^. -> Error

Stats
  ^Link\s*:\s+
  ^Stateful\s+Obj\s+xmit\s+xerr\s+rcv\s+rerr\s*$$
  ^.+?\d+\s+\d+\s+\d+\s+\d+\s*$$
  ^Logical\s+Update\s+Queue\s+Information\s*$$
  ^Cur\s+Max\s+Total\s*$$
  ^.+?:\s+\d+\s+\d+\s+\d+\s*$$
SAMPLE COMMAND OUTPUT
Failover On 
Failover unit Secondary
Failover LAN Interface: sync GigabitEthernet1/4 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 14 of 160 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.8(2), Mate 9.8(2)
Serial Number: Ours JAD222505S9, Mate Unknown
Last Failover at: 18:10:43 CDT Jun 30 2019
        This host: Secondary - Failed 
                Active time: 0 (sec)
                slot 1: ASA5516 hw/sw rev (3.1/9.8(2)) status (Up Sys)
                  Interface outside (x.x.x.x): Normal (Not-Monitored)
                  Interface dmz-guest-house-voip (192.168.254.2): Normal (Monitored)
                  Interface dmz-signage (172.31.21.2): Normal (Monitored)
                  Interface dmz-doorlocks (172.31.4.2): Normal (Monitored)
                  Interface dmz-bms (172.31.8.2): Normal (Monitored)
                  Interface dmz-iptv (172.31.16.2): Normal (Monitored)
                  Interface dmz-3c (172.31.20.2): Normal (Monitored)
                  Interface dmz-cctv (10.0.16.2): Normal (Not-Monitored)
                  Interface dmz-pbx-vm (10.90.143.2): Normal (Monitored)
                  Interface dmz-mgmt (10.90.143.130): Normal (Not-Monitored)
                  Interface dmz-guest-room-voip (172.31.224.2): Normal (Waiting)
                  Interface dmz-guest-wireless-voip (172.31.128.2): Normal (Not-Monitored)
                  Interface dmz-swisscom (10.0.6.2): Normal (Monitored)
                  Interface inside (10.90.136.21): No Link (Waiting)
                  Interface dmz-pci (10.90.137.2): No Link (Waiting)
                  Interface dmz-pos-terminal (10.90.142.2): No Link (Waiting)
                  Interface dmz-non-domain (10.90.142.130): No Link (Waiting)
                  Interface dmz-facilities (10.90.136.226): No Link (Waiting)
                slot 2: SFR5516 hw/sw rev (N/A/6.1.0-330) status (Up/Up)
                  ASA FirePOWER, 6.1.0-330, Up, (Not-Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/6.1.0-330) status (Up/Up)
                  ASA FirePOWER, 6.1.0-330, Up, (Not-Monitored)
        Other host: Primary - Active 
                Active time: 13702089 (sec)
                slot 1: ASA5516 hw/sw rev (3.1/9.8(2)) status (Up Sys)
                  Interface outside (x.x.x.x.x): Normal (Not-Monitored)
                  Interface dmz-guest-house-voip (192.168.254.1): Normal (Monitored)
                  Interface dmz-signage (172.31.21.1): Normal (Monitored)
                  Interface dmz-doorlocks (172.31.4.1): Normal (Monitored)
                  Interface dmz-bms (172.31.8.1): Normal (Monitored)
                  Interface dmz-iptv (172.31.16.1): Normal (Monitored)
                  Interface dmz-3c (172.31.20.1): Normal (Monitored)
                  Interface dmz-cctv (10.0.16.1): Normal (Not-Monitored)
                  Interface dmz-pbx-vm (10.90.143.1): Normal (Monitored)
                  Interface dmz-mgmt (10.90.143.129): Normal (Not-Monitored)
                  Interface dmz-guest-room-voip (172.31.224.1): Normal (Waiting)
                  Interface dmz-guest-wireless-voip (172.31.128.1): Normal (Not-Monitored)
                  Interface dmz-swisscom (10.0.6.1): Normal (Monitored)
                  Interface inside (10.90.136.20): Normal (Waiting)
                  Interface dmz-pci (10.90.137.1): Normal (Waiting)
                  Interface dmz-pos-terminal (10.90.142.1): Normal (Waiting)
                  Interface dmz-non-domain (10.90.142.129): Normal (Waiting)
                  Interface dmz-facilities (10.90.136.225): Normal (Waiting)
                slot 2: SFR5516 hw/sw rev (N/A/6.1.0-330) status (Up/Up)
                  ASA FirePOWER, 6.1.0-330, Up, (Not-Monitored)
                slot 2: SFR5516 hw/sw rev (N/A/6.1.0-330) status (Up/Up)
                  ASA FirePOWER, 6.1.0-330, Up, (Not-Monitored)

Stateful Failover Logical Update Statistics
        Link : sync GigabitEthernet1/4 (up)
        Stateful Obj    xmit       xerr       rcv        rerr      
        General         359        0          2140777    51871     
        sys cmd         359        0          359        0         
        up time         0          0          0          0         
        RPC services    0          0          0          0         
        TCP conn        0          0          56993      688       
        UDP conn        0          0          1454847    373       
        ARP tbl         0          0          27135      0         
        Xlate_Timeout   0          0          0          0         
        IPv6 ND tbl     0          0          0          0         
        VPN IKEv1 SA    0          0          3          0         
        VPN IKEv1 P2    0          0          58         0         
        VPN IKEv2 SA    0          0          0          0         
        VPN IKEv2 P2    0          0          0          0         
        VPN CTCP upd    0          0          0          0         
        VPN SDI upd     0          0          0          0         
        VPN DHCP upd    0          0          0          0         
        SIP Session     0          0          309679     0         
        SIP Tx  0          0          209337     13        
        SIP Pinhole     0          0          82365      50797     
        Route Session   0          0          0          0         
        Router ID       0          0          0          0         
        User-Identity   0          0          1          0         
        CTS SGTNAME     0          0          0          0         
        CTS PAC         0          0          0          0         
        TrustSec-SXP    0          0          0          0         
        IPv6 Route      0          0          0          0         
        STS Table       0          0          0          0         

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       82      1550915
        Xmit Q:         0       1       359
SUMMARY

when using show_failover template on the new ASA with firepower, the Firepower module should be part of the failover interface group, but "Firewpower" doesn't start with "internface".

I'm getting the following error when using with netmiko

STEPS TO REPRODUCE



EXPECTED RESULTS



NA/


ACTUAL RESULTS




Traceback (most recent call last):
  File "asa.py", line 337, in <module>
    device.is_failover_secondary()
  File "asa.py", line 290, in is_failover_secondary
    'show failover', use_textfsm=True, delay_factor=10)  
  File "/Library/Python/2.7/site-packages/netmiko/cisco/cisco_asa_ssh.py", line 36, in send_command_timing
    output = super(CiscoAsaSSH, self).send_command_timing(*args, **kwargs)
  File "/Library/Python/2.7/site-packages/netmiko/base_connection.py", line 1047, in send_command_timing
    command=command_string.strip())
  File "/Library/Python/2.7/site-packages/netmiko/utilities.py", line 239, in get_structured_data
    textfsm_obj.ParseCmd(raw_output, attrs)
  File "/Library/Python/2.7/site-packages/netmiko/_textfsm/_clitable.py", line 261, in ParseCmd
    self.table = self._ParseCmdItem(self.raw, template_file=template_files[0])
  File "/Library/Python/2.7/site-packages/netmiko/_textfsm/_clitable.py", line 291, in _ParseCmdItem
    for record in fsm.ParseText(cmd_input):
  File "/Library/Python/2.7/site-packages/textfsm.py", line 885, in ParseText
    self._CheckLine(line)
  File "/Library/Python/2.7/site-packages/textfsm.py", line 908, in _CheckLine
    if self._Operations(rule, line):
  File "/Library/Python/2.7/site-packages/textfsm.py", line 989, in _Operations
    % (rule.line_num, line))
textfsm.TextFSMError: State Error raised. Rule Line: 61. Input Line:              ASA FirePOWER, 6.1.0-330, Up, (Not-Monitored)


      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @edurguti
edurguti




        changed the title
Cisco ASA - show failover erro

Cisco ASA - show failover error


      Jul 4, 2019

    

  



    


  

  

    
  


  

      

    @FragmentedPacket
FragmentedPacket



    mentioned this issue
    
      Sep 29, 2019
    





  


  

      
   Merged

  







  









      

  
      



  

  @FragmentedPacket





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Contributor


      

  


  

    

  





      


        


  
    

      
          
Closed by #465

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    











  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




              
No branches or pull requests







    
  




        
      

    

  
      

  

    

      2 participants
    

    

        
          @edurguti 
        
          @FragmentedPacket