In active/standby implementations, only the primary device in a
pair passes traffic. The standby device sits idle, ready to assume the active
role should the primary device fail. The standby device may receive routing and
state information from the primary device in order to facilitate stateful
failover, but it doesn't actually pass traffic until the primary device fails.
The main differences between the two units in a failover pair are
related to which unit is active and which unit is standby, namely which IP
addresses to use and which unit is primary and actively passes traffic.
A few differences exist between the units based on which unit is
primary (as specified in the configuration) and which unit is secondary:
- The primary unit always becomes the active unit if both units start up at the same time (and are of equal operational health).
- The primary unit MAC address is always coupled with the active IP addresses. The exception to this rule occurs when the secondary unit is active and cannot obtain the primary MAC address over the failover link. In this case, the secondary MAC address is used.
Configuration
(Note: First complete basic configuration as per given in the Topology
Figure)
 |
| Topology |
ASA_Active
int e0/0
nameif outside
ip add 101.1.1.100
255.255.255.0
no shut
exit
int e0/1
ip add 192.168.1.1
255.255.255.0
nameif inside
no shut
exit
inte0/2
no shut
ASA_Standby
inte0/2
no shut
ASA_Active
failover lan unit primary
failover lan interface fover
e0/2
failover link fover e0/2
failover interface ip fover
10.0.0.100 255.255.255.0 standby 10.0.0.101
int e0/0
ip add 101.1.1.100
255.255.255.0 standby 101.1.1.101
exit
int e0/1
ip add 192.168.1.1
255.255.255.0 standby 192.168.1.2
failover replication http
failover
ASA_Standby
failover lan unit secondary
failover lan interface fover
e0/2
failover link fover e0/2
failover interface ip fover
10.0.0.100 255.255.255.0 standby 10.0.0.101
failover replication http
failover
(Note: by default all the interfaces in monitor state by failover)
----
@NetwaxLab
No comments:
Post a Comment