How to Track Switch Ports Associated with HA Active/Passive Pair if Physical Access is Not Available

How to Track Switch Ports Associated with HA Active/Passive Pair if Physical Access is Not Available

0
Created On 09/26/18 13:53 PM - Last Modified 07/19/22 23:11 PM


Resolution


Overview

This document describes how to identify switch ports associated with HA (High Availability) Active/Passive pair of Palo Alto Networks devices when there is no physical access available to them.

Steps

The two methods below shows how to differentiate between active and passive mac addresses:

Method 1

This method can be performed to track the switch ports without any downtime and can be done with minimal service interruption.

  1. Suspend the passive device.
  2. Change Group ID to a different number.
    Go to Device > High Availability > General and edit Group ID under the Setup section.
  3. Commit the changes.
    ha5.PNG.png
  4. The new virtual MAC address will be seen on the device:
    HA6.PNG.png

Method 2

The original mac address associated with the interface can be checked with HA disabled. This method may potentially cause service outage and should be performed during a maintenance window.

  1. Go to Device > High Availability > General tab
  2. In the Setup section, uncheck 'Enable HA' box.
    ha7.PNG.png
  3. Commit the changes
  4. The original mac of the interface can be now seen.
    HA8.PNG.png

Once the different MAC address is seen on either HA device, the switch ports can be tracked accordingly.

owner: ukhapre
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxJCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail