Cisco FirePOWER ASA 5500 series Configuration Manual page 224
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Failover
b.
c.
Step 6
Enable failover:
hostname(config)# failover
Step 7
Save the system configuration to Flash memory:
hostname(config)# copy running-config startup-config
Configuring the Secondary Unit
The only configuration required on the secondary unit is for the failover interface. The secondary unit
requires these commands to initially communicate with the primary unit. After the primary unit sends
its configuration to the secondary unit, the only permanent difference between the two configurations is
the failover lan unit command, which identifies each unit as primary or secondary.
For multiple context mode, all steps are performed in the system execution space unless noted otherwise.
To configure the secondary unit, perform the following steps:
(PIX security appliance only) Enable LAN-based failover:
Step 1
hostname(config)# failover lan enable
Cisco Security Appliance Command Line Configuration Guide
14-22
If the Stateful Failover link uses the failover link or a data interface, then you only need to
Note
supply the if_name argument.
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. This interface should not be used for any other purpose (except,
optionally, the failover link).
Assign an active and standby IP address to the Stateful Failover link.
If the Stateful Failover link uses the failover link or data interface, skip this step. You have
Note
already defined the active and standby IP addresses for the interface.
hostname(config)# failover interface ip if_name ip_addr mask standby ip_addr
The standby IP address must be in the same subnet as the active IP address. You do not need to
identify the standby address subnet mask.
The Stateful Failover link IP address and MAC address do not change at failover unless it uses a data
interface. The active IP address always stays with the primary unit, while the standby IP address
stays with the secondary unit.
Enable the interface.
If the Stateful Failover link uses the failover link or data interface, skip this step. You have
Note
already enabled the interface.
hostname(config)# interface phy_if
hostname(config-if)# no shutdown
Chapter 14
Configuring Failover
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
