https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016570#M439204 <HTML><HEAD></HEAD><BODY><P>Well I should have asked question different way. I have config for two pairs (one pair in one segment and another pair in another segment) and failover configuration is different in terms of one pair has two unique vlans being trunks across crossover cable - unique LAN failover vlan and state vlan while other pair only has one vlan for both purposes...</P><P></P><P>PAIR-1</P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover Vlan100</P><P>failover polltime unit 15 holdtime 45</P><P>failover link failover Vlan100</P><P>failover interface ip failover 192.168.1.1 255.255.255.252 standby 192.168.1.2</P><P></P><P></P><P></P><P></P><P></P><P>PAIR-2 </P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover Vlan300</P><P>failover polltime unit 1 holdtime 3</P><P>failover polltime interface 3</P><P>failover interface-policy 1</P><P>failover link stateful Vlan301</P><P>failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2</P><P>failover interface ip stateful 192.168.254.5 255.255.255.252 standby 192.168.254.6</P><P></P><P></P><P>According Cisco's failover configuration document you should have two vlans trunked across two chassis (ASA or FWSMs on 6500s). I am trying to understand what type of traffic "lan interface failover" vlan 300 in above config and "link stateful" vlan 301 in above config carry across? What is the best practice? should have uniqe vlans or just one vlan for both purposes? Sorry for not being clear on my initial question.</P></BODY></HTML> Sun, 19 Aug 2012 03:42:46 GMT amp512_nyph 2012-08-19T03:42:46Z https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016568#M439202 <P>Whatt is the difference between failover link and state link in the context of Cisco FWSM? Why do I need both or what is the best practice? Thanks in advance. Just trying to understand.</P> Mon, 11 Mar 2019 23:43:42 GMT https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016568#M439202 amp512_nyph 2019-03-11T23:43:42Z https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016569#M439203 <HTML><HEAD></HEAD><BODY><P>Hello ,</P><P></P><P>The difference is that the stateful link is the one in charge of handling the replication of the connections across the FWSM ( Used for the stateful failover) so if by any chance the device goes down the connections already established do not go down.</P><P></P><P>Regards</P></BODY></HTML> Fri, 17 Aug 2012 21:53:07 GMT https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016569#M439203 Julio Carvajal 2012-08-17T21:53:07Z https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016570#M439204 <HTML><HEAD></HEAD><BODY><P>Well I should have asked question different way. I have config for two pairs (one pair in one segment and another pair in another segment) and failover configuration is different in terms of one pair has two unique vlans being trunks across crossover cable - unique LAN failover vlan and state vlan while other pair only has one vlan for both purposes...</P><P></P><P>PAIR-1</P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover Vlan100</P><P>failover polltime unit 15 holdtime 45</P><P>failover link failover Vlan100</P><P>failover interface ip failover 192.168.1.1 255.255.255.252 standby 192.168.1.2</P><P></P><P></P><P></P><P></P><P></P><P>PAIR-2 </P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failover Vlan300</P><P>failover polltime unit 1 holdtime 3</P><P>failover polltime interface 3</P><P>failover interface-policy 1</P><P>failover link stateful Vlan301</P><P>failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2</P><P>failover interface ip stateful 192.168.254.5 255.255.255.252 standby 192.168.254.6</P><P></P><P></P><P>According Cisco's failover configuration document you should have two vlans trunked across two chassis (ASA or FWSMs on 6500s). I am trying to understand what type of traffic "lan interface failover" vlan 300 in above config and "link stateful" vlan 301 in above config carry across? What is the best practice? should have uniqe vlans or just one vlan for both purposes? Sorry for not being clear on my initial question.</P></BODY></HTML> Sun, 19 Aug 2012 03:42:46 GMT https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016570#M439204 amp512_nyph 2012-08-19T03:42:46Z https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016571#M439205 <HTML><HEAD></HEAD><BODY><P>Hello Atrey,</P><P></P><P>Well it is 100 % recommeded to use 2 different vlans ( FWSM) or 2 different interfaces (ASA) for the failover link and the state link between 2 units, this because of the amount of data being transfered on both of this links,</P><P></P><P>Not all the time you have the oportunity to use 2 of them so that is why you can use only one, I have seen a lot of scenarios using just one and that works perfect but again if possible then use 2 <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Is just a desing preference or optimization</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Sun, 19 Aug 2012 06:14:25 GMT https://community.cisco.com/t5/network-security/understanding-failover-link-and-state-link/m-p/2016571#M439205 Julio Carvajal 2012-08-19T06:14:25Z