Cisco PIX 500 Series Configuration Manual page 251
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
(Optional) To enable Stateful Failover, configure the Stateful Failover link:
Step 3
Specify the interface to be used as Stateful Failover link:
a.
hostname(config)# failover link if_name phy_if
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. This interface should not be used for any other purpose (except,
optionally, the failover link).
Note
Assign an active and standby IP address to the Stateful Failover link.
b.
Note
hostname(config)# failover interface ip if_name ip_addr mask standby ip_addr
The standby IP address must be in the same subnet as the active IP address. You do not need to
identify the standby address subnet mask.
The state link IP address and MAC address do not change at failover. The active IP address always
stays with the primary unit, while the standby IP address stays with the secondary unit.
Enable the interface.
c.
Note
hostname(config)# interface phy_if
hostname(config-if)# no shutdown
Configure the failover groups. You can have at most two failover groups. The failover group command
Step 4
creates the specified failover group if it does not exist and enters the failover group configuration mode.
For each failover group, specify whether the failover group has primary or secondary preference using
the primary or secondary command. You can assign the same preference to both failover groups. For
load balancing configurations, you should assign each failover group a different unit preference.
The following example assigns failover group 1 a primary preference and failover group 2 a secondary
preference:
hostname(config)# failover group 1
hostname(config-fover-group)# primary
hostname(config-fover-group)# exit
hostname(config)# failover group 2
hostname(config-fover-group)# secondary
hostname(config-fover-group)# exit
Step 5
Assign each user context to a failover group using the join-failover-group command in context
configuration mode.
Any unassigned contexts are automatically assigned to failover group 1. The admin context is always a
member of failover group 1.
OL-12172-03
If the Stateful Failover link uses the failover link or a regular data interface, then you only
need to supply the if_name argument.
If the Stateful Failover link uses the failover link or a regular data interface, skip this step.
You have already defined the active and standby IP addresses for the interface.
If the Stateful Failover link uses the failover link or regular data interface, skip this step. You
have already enabled the interface.
Cisco Security Appliance Command Line Configuration Guide
Configuring Failover
14-31
Advertisement
Table of Contents
Troubleshooting
