Cisco FirePOWER ASA 5500 series Configuration Manual page 231
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
Note
hostname/context(config-if)# ip address active_addr netmask standby standby_addr
In routed firewall mode and for the management-only interface, this command is entered in interface
configuration mode for each interface. In transparent firewall mode, the command is entered in global
configuration mode.
Step 2
Configure the basic failover parameters in the system execution space.
(PIX security appliance only) Enable LAN-based failover:
a.
hostname(config)# hostname(config)# failover lan enable
Designate the unit as the primary unit:
b.
hostname(config)# failover lan unit primary
Specify the failover link:
c.
hostname(config)# failover lan interface if_name phy_if
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. On the ASA 5505 adaptive security appliance, the phy_if
specifies a VLAN. This interface should not be used for any other purpose (except, optionally, the
Stateful Failover link).
Specify the failover link active and standby IP addresses:
d.
hostname(config)# failover interface ip if_name ip_addr mask standby ip_addr
The standby IP address must be in the same subnet as the active IP address. You do not need to
identify the standby IP address subnet mask. The failover link IP address and MAC address do not
change at failover. The active IP address always stays with the primary unit, while the standby IP
address stays with the secondary unit.
(Optional) To enable Stateful Failover, configure the Stateful Failover link:
Step 3
Specify the interface to be used as Stateful Failover link:
a.
hostname(config)# failover link if_name phy_if
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. This interface should not be used for any other purpose (except,
optionally, the failover link).
Note
Assign an active and standby IP address to the Stateful Failover link.
b.
Note
OL-10088-01
Do not configure an IP address for the Stateful Failover link if you are going to use a dedicated
Stateful Failover interface. You use the failover interface ip command to configure a dedicated
Stateful Failover interface in a later step.
If the Stateful Failover link uses the failover link or a regular data interface, then you only
need to supply the if_name argument.
If the Stateful Failover link uses the failover link or a regular data interface, skip this step.
You have already defined the active and standby IP addresses for the interface.
Cisco Security Appliance Command Line Configuration Guide
Configuring Failover
14-29
Advertisement
Table of Contents
Troubleshooting
