本帖最后由 xiaocqu 于 2018-10-8 05:47 编辑 zhixincui 发表于 2018-3-13 13:38
不是我配置的,是看到生产网的一个配置,想问是否可以实现HA
问题:
主墙在配置接口地址时未配置standby地址,fo能否正常工作,主墙能否切换到备墙,流量能否不中断转发?
回答:
1/ fo正常工作
ciscoasa/pri/act(config)# interface Management0/0
ciscoasa/pri/act(config-if)# ip address 10.1.1.1 255.255.255.0
WARNING: Failover is enabled but standby IP address is not configured for this interface.
ciscoasa/pri/act(config-if)
----------------------------------------------------------
ciscoasa/pri/act(config)# show run failover
failover
failover lan unit primary
failover lan interface FO GigabitEthernet0/4
failover link ST GigabitEthernet0/5
failover interface ip FO 192.168.1.1 255.255.255.0 standby 192.168.1.2
failover interface ip ST 192.168.2.1 255.255.255.0 standby 192.168.2.2
----------------------------------------------------------
ciscoasa/pri/act(config)# sho failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Standby Ready Comm Failure 04:26:12 UTC Sep 20 2018
====Configuration State===
Sync Done
====Communication State===
Mac set
ciscoasa/pri/act(config)#
2/ 主墙能否切换到备墙,流量会无中断切换。
测试过程:
1)利用PC 长ping Management0/0 IP address 10.1.1.1
C:\Users\xiaocqu>ping 10.1.1.1 -t
Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time<1ms TTL=252
Reply from 10.1.1.1: bytes=32 time=1ms TTL=252
Reply from 10.1.1.1: bytes=32 time<1ms TTL=252
Reply from 10.1.1.1: bytes=32 time=1ms TTL=252
Reply from 10.1.1.1: bytes=32 time<1ms TTL=252
……
然后做手动failover切换(standby 上执行“failover active”),全程无流量中断切换。
3/ 建议:
配置standby ip,否则备墙上对应接口无地址,影响备墙的数据连通性。详细如下:
ciscoasa/pri/act(config)# sho ip
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/4 FO 192.168.1.1 255.255.255.0 unset
GigabitEthernet0/5 ST 192.168.2.1 255.255.255.0 unset
Management0/0 management 10.1.1.1 255.255.255.0 manual
Current IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/4 FO 192.168.1.1 255.255.255.0 unset
GigabitEthernet0/5 ST 192.168.2.1 255.255.255.0 unset
Management0/0 management 10.1.1.1 255.255.255.0 manual
-----------------------------------------------------------------
ciscoasa/sec/stby(config)# sho ip
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/4 FO 192.168.1.1 255.255.255.0 unset
GigabitEthernet0/5 ST 192.168.2.1 255.255.255.0 unset
Management0/0 management 10.1.1.1 255.255.255.0 manual
Current IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/4 FO 192.168.1.2 255.255.255.0 unset
GigabitEthernet0/5 ST 192.168.2.2 255.255.255.0 unset
ciscoasa/sec/stby(config)#