Cisco ASA 5505 Configuration Manual page 1229

Chapter 59 Configuring Active/Standby Failover
Configuring the Unit and Interface Health Poll Times
The adaptive security appliance sends hello packets out of each data interface to monitor interface health.
The appliance sends hello messages across the failover link to monitor unit health. If the adaptive
security appliance does not receive a hello packet from the corresponding interface on the peer unit for
over half of the hold time, then the additional interface testing begins. If a hello packet or a successful
test result is not received within the specified hold time, the interface is marked as failed. Failover occurs
if the number of failed interfaces meets the failover criteria.
Decreasing the poll and hold times enables the adaptive security appliance to detect and respond to
interface failures more quickly, but may consume more system resources. Increasing the poll and hold
times prevents the adaptive security appliance from failing over on networks with higher latency.
Step 1 Open the Configuration > Device Management > High Availability > Failover > Criteria tab.
Step 2 To configure the interface poll and hold times, change the following values in the Failover Poll Times
area:
•
•
To configure the unit poll and hold times, change the following values in the Failover Poll Times area:
Step 3
•
•
Click Apply.
Step 4
Configuring Virtual MAC Addresses
The Configuration > Device Management > High Availability > MAC Addresses tab displays the
virtual MAC addresses for the interfaces in an Active/Standby failover pair.
This tab is not available on the ASA 5505 platform.
Note
In Active/Standby failover, the MAC addresses for the primary unit are always associated with the active
IP addresses. If the secondary unit boots first and becomes active, it uses the burned-in MAC address for
its interfaces. When the primary unit comes online, the secondary unit obtains the MAC addresses from
the primary unit. The change can disrupt network traffic.
You can configure virtual MAC addresses for each interface to ensure that the secondary unit uses the
correct MAC addresses when it is the active unit, even if it comes online before the primary unit. If you
do not specify virtual MAC addresses the failover pair uses the burned-in NIC addresses as the MAC
addresses.
OL-20339-01
Monitored Interfaces—The amount of time between polls among interfaces. The range is between
1and 15 seconds or 500 to 999 milliseconds.
Interface Hold Time—Sets the time during which a data interface must receive a hello message on
the data interface, after which the peer is declared failed. Valid values are from 5 to 75 seconds.
Unit Failover—The amount of time between hello messages among units. The range is between 1
and 15 seconds or between 200 and 999 milliseconds.
Unit Hold Time—Sets the time during which a unit must receive a hello message on the failover
link, or else the unit begins the testing process for peer failure. The range is between 1and 45
seconds or between 800 and 999 milliseconds. You cannot enter a value that is less than 3 times the
polltime.
Configuring Active/Standby Failover
Cisco ASA 5500 Series Configuration Guide using ASDM
59-11