8-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 8 Configuring Interfaces
Starting Interface Configuration (ASA 5510 and Higher)
Configuring a Redundant Interface
A logical redundant interface consists of a pair of physical interfaces: an active and a standby interface.
When the active interface fails, the standby interface becomes active and starts passing traffic. You can
configure a redundant interface to increase the adaptive security appliance reliability. This feature is
separate from device-level failover, but you can configure redundant interfaces as well as failover if
desired.
This section describes how to configure redundant interfaces and includes the following topics:
• Configuring a Redundant Interface, page 8-12
• Changing the Active Interface, page 8-14
Configuring a Redundant Interface
This section describes how to create a redundant interface. By default, redundant interfaces are enabled.
Guidelines and Limitations
• You can configure up to 8 redundant interface pairs.
• All adaptive security appliance configuration refers to the logical redundant interface instead of the
member physical interfaces.
• Redundant interface delay values are configurable, but by default the adaptive security appliance
will inherit the default delay values based on the physical type of its member interfaces.
• The only configuration available to physical interfaces that are part of a redundant interface pair are
physical parameters (set in the “Enabling the Physical Interface and Configuring Ethernet
Parameters” section on page 8-10).
• If you shut down the active interface, then the standby interface becomes active.
For failover, follow these guidelines when adding member interfaces:
• If you want to use a redundant interface for the failover or state link, then you must configure the
redundant interface as part of the basic configuration on the secondary unit in addition to the primary
unit.
• If you use a redundant interface for the failover or state link, you must put a switch or hub between
the two units; you cannot connect them directly. Without the switch or hub, you could have the active
port on the primary unit connected directly to the standby port on the secondary unit.
• You can monitor redundant interfaces for failover.
• When the active interface fails over to the standby interface, this activity does not cause the
redundant interface to appear to be failed when being monitored for device-level failover. Only when
both physical interfaces fail does the redundant interface appear to be failed.
Redundant Interface MAC Address
The redundant interface uses the MAC address of the first physical interface that you add. If you change
the order of the member interfaces in the configuration, then the MAC address changes to match the
MAC address of the interface that is now listed first. Alternatively, you can assign a MAC address to the
redundant interface, which is used regardless of the member interface MAC addresses (see the
“Configuring Advanced Interface Parameters” section on page 8-26 or the “Assigning Interfaces to
To Next Page
Loading...
Need help?
General
