14-20
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 14 Configuring Failover
Configuring Failover
The Stateful Failover link IP address and MAC address do not change at failover unless it uses a data
interface. The active IP address always stays with the primary unit, while the standby IP address
stays with the secondary unit.
c. Enable the interface:
hostname(config)# interface phy_if
hostname(config-if)# no shutdown
Step 5 Enable failover:
hostname(config)# failover
Step 6 Power on the secondary unit and enable failover on the unit if it is not already enabled:
hostname(config)# failover
The active unit sends the configuration in running memory to the standby unit. As the configuration
synchronizes, the messages “Beginning configuration replication: sending to mate.” and “End
Configuration Replication to mate” appear on the primary console.
Step 7 Save the configuration to Flash memory on the primary unit. Because the commands entered on the
primary unit are replicated to the secondary unit, the secondary unit also saves its configuration to Flash
memory.
hostname(config)# copy running-config startup-config
Configuring LAN-Based Active/Standby Failover
This section describes how to configure Active/Standby failover using an Ethernet failover link. When
configuring LAN-based failover, you must bootstrap the secondary device to recognize the failover link
before the secondary device can obtain the running configuration from the primary device.
Note If you are changing from cable-based failover to LAN-based failover, you can skip any steps, such as
assigning the active and standby IP addresses for each interface, that you completed for the cable-based
failover configuration.
This section includes the following topics:
• Configuring the Primary Unit, page 14-20
• Configuring the Secondary Unit, page 14-22
Configuring the Primary Unit
Follow these steps to configure the primary unit in a LAN-based, Active/Standby failover configuration.
These steps provide the minimum configuration needed to enable failover on the primary unit. For
multiple context mode, all steps are performed in the system execution space unless otherwise noted.
To configure the primary unit in an Active/Standby failover pair, perform the following steps:
Step 1 If you have not done so already, configure the active and standby IP addresses for each data interface
(routed mode), for the management IP address (transparent mode), or for the management-only
interface. The standby IP address is used on the security appliance that is currently the standby unit. It
must be in the same subnet as the active IP address.
To Next Page
Loading...
Need help?
General