Managing Asa Cluster Members - Cisco ASA Series Cli Configuration Manual

Chapter 1 Configuring a Cluster of ASAs
Command
Step 6
(Optional)
key shared_secret
Example:
hostname(cfg-cluster)# key
chuntheunavoidable
Step 7
enable as-slave
Example:
hostname(cfg-cluster)# enable as-slave
What to Do Next
Configure the security policy on the master unit. See the chapters in this guide to configure supported
features on the master unit. The configuration is replicated to the slave units. For a list of supported and
unsupported features, see the
Examples
The following example includes the configuration for a slave unit, unit2:
interface tengigabitethernet 0/6
interface tengigabitethernet 0/7
cluster group pod1

Managing ASA Cluster Members

•
•
"ASA Features and Clustering" section on page
channel-group 1 mode on
no shutdown
channel-group 1 mode on
no shutdown
local-unit unit2
cluster-interface port-channel1 ip 192.168.1.2 255.255.255.0
priority 2
key chuntheunavoidable
enable as-slave
Becoming an Inactive Member, page 1-48
Inactivating a Member, page 1-48
Purpose
Sets the same authentication key that you set for the master unit.
Enables clustering. You can avoid any configuration
incompatibilities (primarily the existence of any interfaces not yet
configured for clustering) by using the enable as-slave command.
This command ensures the slave joins the cluster with no
possibility of becoming the master in any current election. Its
configuration is overwritten with the one synced from the master
unit.
To disable clustering, enter the no enable command.
Note
If you disable clustering, all data interfaces are shut down,
and only the management interface is active. If you want
to remove the unit from the cluster entirely (and thus want
to have active data interfaces), see the
Cluster" section on page
Cisco ASA Series CLI Configuration Guide
Managing ASA Cluster Members
"Leaving the
1-49.
1-17.
1-47