Cisco ASA Series Cli Configuration Manual page 351
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Information About Failover
If the entire switch fails, as well as the ASASM (such as in a power failure), then both the switch and
the ASASM fail over to their secondary units
Figure 1-11
Failed
ASA SM
Transparent Firewall Mode Requirements
When the active unit fails over to the standby unit, the connected switch port running Spanning Tree
Protocol (STP) can go into a blocking state for 30 to 50 seconds when it senses the topology change. To
avoid traffic loss while the port is in a blocking state, you can configure one of the following
workarounds depending on the switch port mode:
•
•
Switch Failure
Access mode—Enable the STP PortFast feature on the switch:
interface interface_id
spanning-tree portfast
The PortFast feature immediately transitions the port into STP forwarding mode upon linkup. The
port still participates in STP. So if the port is to be a part of the loop, the port eventually transitions
into STP blocking mode.
Trunk mode—Block BPDUs on the ASA on both the inside and outside interfaces:
access-list id ethertype deny bpdu
access-group id in interface inside_name
access-group id in interface outside_name
(Figure
1-11).
Internet
VLAN 100
Trunk
Eng
VLAN 203
Mktg
VLAN 202
Inside
VLAN 201
Cisco ASA Series CLI Configuration Guide
Transparent Firewall Mode Requirements
VLAN 200
Active
ASA SM
1-15
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
