Cisco ASA Series Cli Configuration Manual page 306
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring ASA Clustering
What to Do Next
•
•
Configuring Advanced Clustering Settings
Perform the following steps to customize your clustering configuration.
Detailed Steps
Command
Step 1
health-check [holdtime timeout]
Example:
hostname(cfg-cluster)# health-check
holdtime 5
Cisco ASA Series CLI Configuration Guide
1-42
Configure advanced settings. See the
page
1-42.
Add slave units. See the
"Configuring Slave Unit Bootstrap Settings" section on page
"Configuring Advanced Clustering Settings" section on
Purpose
Customizes the cluster health check feature, which includes unit
health monitoring and interface health monitoring. The holdime
determines the amount of time between keepalive or interface
status messages, between .8 and 45 seconds. The default is 3
seconds.
To determine unit health, the ASA cluster units send keepalive
messages on the cluster control link to other units. If a unit does
not receive any keepalive messages from a peer unit within the
holdtime period, the peer unit is considered unresponsive or dead.
Interface status messages detect link failure. If an interface fails
on a particular unit, but the same interface is active on other units,
then the unit is removed from the cluster. If a unit does not receive
interface status messages within the holdtime, then the amount of
time before the ASA removes a member from the cluster depends
on the type of interface and whether the unit is an established
member or is joining the cluster. For EtherChannels (spanned or
not), if the interface is down on an established member, then the
ASA removes the member after 9 seconds. If the unit is joining the
cluster as a new member, the ASA waits 45 seconds before
rejecting the new unit. For non-EtherChannels, the unit is
removed after 500 ms, regardless of the member state.
Health check is enabled by default. You can disable it using the no
form of this command.
Note
When any topology changes occur (such as adding or
removing a data interface, enabling or disabling an
interface on the ASA or the switch, or adding an
additional switch to form a VSS or vPC) you should
disable the health check feature. When the topology
change is complete, and the configuration change is
synced to all units, you can re-enable the health check
feature.
Chapter 1
Configuring a Cluster of ASAs
1-43.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
