cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10578
Views
6
Helpful
9
Replies

Function 'monitor interface' in cisco asa

Hi All

 

I just want to ask, what is the function 'monitor-interface' command in cisco ASA? and how it work ? 

 

Thank you so much

9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

In a high availability pair that command determines which interface(s) are monitored for purposes of determining the ability of a member to be eligible for the Active role.

Hi Marvin,

 

it means, when asa active failure and change to asa standby, the link who failover just the link that define monitor-interface ? 

 

Thank you

Individual links don't failover - the whole device does. It dos so based on several factors - no mate detected, requested by admin, or monitored interfaces unavailable. By default all interfaces are monitored, you can choose to not monitor some if they aren't important in your failover design.

Hi Marvin,

 

Thank you for your reply,

so if i make interface gi0/1 to be 'no monitor-interface' it means that interface will not failover to asa standby when asa active goes down?

 

Thank you

Whether or not you monitor (or unmonitor) one or all of the data plane interfaces the standby unit is watching for a heartbeat from the active unit via the failover link. So when the ASA unit with the active role active goes down, the standby unit will assume the active role.

Hi Marvin,

 

So what kind of result of monitor-interface we get ? is it log or what ? and if i not use monitor-interface what affect i can get to the interface or sub-if?

 

Thank you so much 

"monitor interface" is used by the failover process to determine if one of the units has failed interfaces which could cause a failover event. An interface going down will create a syslog even whether or not that command is used. Additionally there will be an entry in "show failover history" if an interface down caused a failover event.

johnlloyd_13
Level 9
Level 9

hi marvin,

does the 'monitor-interface' config has any significance or bearing when i perform a force failover with 'no failover active' from the active FW?

 

Marvin Rhoads
Hall of Fame
Hall of Fame

@johnlloyd_13 it does have some effect. If you are monitoring a given interface (or service module) and failed over to a device where that/those are unhealthy it should fail back as it reports itself as not ready (assuming the mate is healthy).

Review Cisco Networking for a $25 gift card