Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1805
Views
0
Helpful
2
Replies

ASA 5510 Failover Subinterfaces Monitoring

gdelpanta
Level 1
Level 1

‎01-31-2013 08:02 AM - edited ‎03-11-2019 05:55 PM

Hello,

i have a couple of ASA 5510 in Active/Failover configuration.

Failover LAN is configured on management0/0 e the ASA are connected with a back-to-back direct cable.

ASA has an interface in access mode inside with standby ip address and show failover is compliant with expected result in show failover (Normal)

ASA-PRIMARY# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: LANfailover Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
failover replication http
Version: Ours 7.2(5), Mate 7.2(5)
Last Failover at: 16:45:22 UTC+1 Jan 31 2013
This host: Primary - Active
  Active time: 15619 (sec)
  slot 0: ASA5510 hw/sw rev (2.0/7.2(5)) status (Up Sys)
    Interface inside (150.251.187.35): Normal

----- OMITTED ---

Other host: Secondary - Standby Ready

  Active time: 0 (sec)

  slot 0: ASA5510 hw/sw rev (2.0/7.2(5)) status (Up Sys)

    Interface inside (150.251.187.24): Normal

interface Ethernet0/1.172

description # Routing VLAN 172 - PCS

vlan 172

nameif VLAN172

security-level 50

ip address 192.168.1.1 255.255.255.0 standby 192.168.1.200

Other host: Secondary - Standby Ready
  Active time: 0 (sec)
  slot 0: ASA5510 hw/sw rev (2.0/7.2(5)) status (Up Sys)
    Interface inside (150.251.187.24): Normal

I need to monitor trunk too ... so i have configured standby address in one (only one) of subinterfaces of the trunk

interface Ethernet0/1.172
description # Routing VLAN 172 - PCS
vlan 172
nameif VLAN172
security-level 50
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.200

... background consideration is this: if i lost reachability on VLAN 172 i consider all he trunk unreachable.

so i expect "Normal" in show failover for VLAN 172 ... but conversely i see:

    Interface VLAN172 (192.168.1.1): Normal (Not-Monitored)

I can succesfully reach standby address from primary to secondary ... but it seems that monitoring process doesn't start.

any suggestions ?

Labels:
0 Helpful
2 Replies 2

lcambron
Level 3
Level 3

‎01-31-2013 09:59 AM

Hello,

  By default, monitoring of physical interfaces is enabled, and           monitoring of subinterfaces is disabled.

Use this command to see which interfaces are being monitored: 

show monitor-interface

Use this command to monitor an interface: 

monitor-interface

Regards,

Felipe.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎01-31-2013 09:59 AM

Hi,

In the case on Trunk interfaces and their Sub Interfaces you will need to issue the global configuration "monitor-interface " to activate the monitoring.

Your ASA software level seems to be 7.2.

Please check this link for the command reference of that software. It will link to the command "monitor-interface". Check it for addiotional more specific information on the usage of the command.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card