14-26
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 14 Configuring Failover
Configuring Failover
4. The burned-in MAC address.
Use the show interface command to display the MAC address used by an interface.
Configuring Active/Active Failover
This section describes how to configure Active/Active failover.
Note Active/Active failover is not available on the ASA 5505 series adaptive security appliance.
This section includes the following topics:
• Prerequisites, page 14-26
• Configuring Cable-Based Active/Active Failover (PIX security appliance), page 14-26
• Configuring LAN-Based Active/Active Failover, page 14-28
• Configuring Optional Active/Active Failover Settings, page 14-32
Prerequisites
Before you begin, verify the following:
• Both units have the same hardware, software configuration, and proper license.
• Both units are in multiple context mode.
Configuring Cable-Based Active/Active Failover (PIX security appliance)
Follow these steps to configure Active/Active failover using a serial cable as the failover link. The
commands in this task are entered on the primary unit in the failover pair. The primary unit is the unit
that has the end of the cable labeled “Primary” plugged into it. For devices in multiple context mode, the
commands are entered in the system execution space unless otherwise noted.
You do not need to bootstrap the secondary unit in the failover pair when you use cable-based failover.
Leave the secondary unit powered off until instructed to power it on.
Cable-based failover is only available on the PIX 500 series security appliance.
To configure cable-based, Active/Active failover, perform the following steps:
Step 1 Connect the failover cable to the PIX 500 series security appliances. Make sure that you attach the end
of the cable marked “Primary” to the unit you use as the primary unit, and that you attach the end of the
cable marked “Secondary” to the unit you use as the secondary unit.
Step 2 Power on the primary unit.
Step 3 If you have not done so already, configure the active and standby IP addresses for each data interface
(routed mode), for the management IP address (transparent mode), or for the management-only
interface. The standby IP address is used on the security appliance that is currently the standby unit. It
must be in the same subnet as the active IP address.
You must configure the interface addresses from within each context. Use the changeto context
command to switch between contexts. The command prompt changes to
hostname/context(config-if)#, where context is the name of the current context. You must enter a
management IP address for each context in transparent firewall multiple context mode.
To Next Page
Loading...
Need help?
General