Cisco FirePOWER ASA 5500 series Configuration Manual page 233
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
hostname(config)# failover lan enable
Define the failover interface. Use the same settings as you used for the primary unit:
Step 2
Specify the interface to be used as the failover interface:
a.
hostname(config)# failover lan interface if_name phy_if
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The
phy_if argument can be the physical port name, such as Ethernet1, or a previously created
subinterface, such as Ethernet0/2.3. On the ASA 5505 adaptive security appliance, the phy_if
specifies a VLAN.
Assign the active and standby IP address to the failover link:
b.
hostname(config)# failover interface ip if_name ip_addr mask standby ip_addr
Note
The standby IP address must be in the same subnet as the active IP address. You do not need to
identify the standby address subnet mask.
Enable the interface:
c.
hostname(config)# interface phy_if
hostname(config-if)# no shutdown
(Optional) Designate this unit as the secondary unit:
Step 3
hostname(config)# failover lan unit secondary
Note
Enable failover:
Step 4
hostname(config)# failover
After you enable failover, the active unit sends the configuration in running memory to the standby unit.
As the configuration synchronizes, the messages
and
mate
After the running configuration has completed replication, enter the following command to save the
Step 5
configuration to Flash memory:
hostname(config)# copy running-config startup-config
If necessary, force any failover group that is active on the primary to the active state on the secondary
Step 6
unit. To force a failover group to become active on the secondary unit, enter the following command in
the system execution space on the primary unit:
hostname# no failover active group group_id
The group_id argument specifies the group you want to become active on the secondary unit.
OL-10088-01
Enter this command exactly as you entered it on the primary unit when you configured the
failover interface.
This step is optional because by default units are designated as secondary unless previously
configured otherwise.
End Configuration Replication to mate
Beginning configuration replication: Sending to
appear on the active unit console.
Cisco Security Appliance Command Line Configuration Guide
Configuring Failover
14-31
Advertisement
Table of Contents
Troubleshooting
