1-47
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Managing ASA Cluster Members
What to Do Next
Configure the security policy on the master unit. See the chapters in this guide to configure supported
features on the master unit. The configuration is replicated to the slave units. For a list of supported and
unsupported features, see the “ASA Features and Clustering” section on page 1-17.
Examples
The following example includes the configuration for a slave unit, unit2:
interface tengigabitethernet 0/6
channel-group 1 mode on
no shutdown
interface tengigabitethernet 0/7
channel-group 1 mode on
no shutdown
cluster group pod1
local-unit unit2
cluster-interface port-channel1 ip 192.168.1.2 255.255.255.0
priority 2
key chuntheunavoidable
enable as-slave
Managing ASA Cluster Members
• Becoming an Inactive Member, page 1-48
• Inactivating a Member, page 1-48
Step 6
(Optional)
key shared_secret
Example:
hostname(cfg-cluster)# key
chuntheunavoidable
Sets the same authentication key that you set for the master unit.
Step 7
enable as-slave
Example:
hostname(cfg-cluster)# enable as-slave
Enables clustering. You can avoid any configuration
incompatibilities (primarily the existence of any interfaces not yet
configured for clustering) by using the enable as-slave command.
This command ensures the slave joins the cluster with no
possibility of becoming the master in any current election. Its
configuration is overwritten with the one synced from the master
unit.
To disable clustering, enter the no enable command.
Note If you disable clustering, all data interfaces are shut down,
and only the management interface is active. If you want
to remove the unit from the cluster entirely (and thus want
to have active data interfaces), see the “Leaving the
Cluster” section on page 1-49.
Command Purpose
To Next Page
Loading...
Need help?
General