Re: LAN failover using a redundant interface

cclem · ‎04-05-2011

If I want to use a redundant interface for the LAN based failover it is a requirement that I must put a hub or switch between the two ASA devices? I am attaching a couple of recommened scenarios from Cisco -- one without a switch and one with a couple of switches. If I don't use a switch or hub, I am thinking that I could have the active port on the primary unit connected directly to the standby port on the secondary unit thus causing a failure.

padatta · ‎04-05-2011

Hi,

Yes, it is a requirement to have a switch or hub between the two units in case redundant interface is used as failover link.

This is explained here: (check under 'For failover, follow these guidelines when adding member interface')

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/intrface.html#wp1062371

Paps

cclem · ‎04-05-2011

Thanks for the quick reply Padatta. I was somewhat surprised to see the Cisco diagram showing the two failover links directly connected.

Andrew Ossipov · ‎04-05-2011

Hello,

This scenario is supported with Redunant interfaces in 8.0(4) and later software. I will get the documentation corrected.

Andrew

cclem · ‎04-05-2011

Hi Andrew,

Just to clarify. Are you saying that LAN failover using a redundant interface without a switch or hub is supported in 8.0(4) or later software? I have tested both scenarios shown above in my lab using a pair of 5550's with software version 8.4 and have not seen any issues when directly connected or when connecting through a switch.

Regards,

Charles

Andrew Ossipov · ‎04-05-2011

Hello Charles,

That is correct. You can use a pair of directly connected redundant intefaces as a failover or state link in 8.0(4), 8.1(2), and all of the later branches. The change to the configuration guides will be pushed out shortly.

Andrew