Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
10182
Views
6
Helpful
9
Replies

Function 'monitor interface' in cisco asa

danielbusisa1410
Level 1
Level 1

‎08-02-2020 12:40 PM

Hi All

 

I just want to ask, what is the function 'monitor-interface' command in cisco ASA? and how it work ? 

 

Thank you so much

0 Helpful
9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-03-2020 04:21 AM

In a high availability pair that command determines which interface(s) are monitored for purposes of determining the ability of a member to be eligible for the Active role.

danielbusisa1410
Level 1
Level 1
In response to Marvin Rhoads

‎08-03-2020 08:52 PM

Hi Marvin,

 

it means, when asa active failure and change to asa standby, the link who failover just the link that define monitor-interface ? 

 

Thank you

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to danielbusisa1410

‎08-04-2020 01:05 AM

Individual links don't failover - the whole device does. It dos so based on several factors - no mate detected, requested by admin, or monitored interfaces unavailable. By default all interfaces are monitored, you can choose to not monitor some if they aren't important in your failover design.

0 Helpful

danielbusisa1410
Level 1
Level 1
In response to Marvin Rhoads

‎08-04-2020 04:35 AM

Hi Marvin,

 

Thank you for your reply,

so if i make interface gi0/1 to be 'no monitor-interface' it means that interface will not failover to asa standby when asa active goes down?

 

Thank you

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to danielbusisa1410

‎08-04-2020 05:38 AM

Whether or not you monitor (or unmonitor) one or all of the data plane interfaces the standby unit is watching for a heartbeat from the active unit via the failover link. So when the ASA unit with the active role active goes down, the standby unit will assume the active role.

0 Helpful

danielbusisa1410
Level 1
Level 1
In response to Marvin Rhoads

‎08-04-2020 09:26 AM

Hi Marvin,

 

So what kind of result of monitor-interface we get ? is it log or what ? and if i not use monitor-interface what affect i can get to the interface or sub-if?

 

Thank you so much 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to danielbusisa1410

‎08-04-2020 09:58 AM

"monitor interface" is used by the failover process to determine if one of the units has failed interfaces which could cause a failover event. An interface going down will create a syslog even whether or not that command is used. Additionally there will be an entry in "show failover history" if an interface down caused a failover event.
0 Helpful

johnlloyd_13
Level 9
Level 9

‎09-28-2021 06:43 PM

hi marvin,

does the 'monitor-interface' config has any significance or bearing when i perform a force failover with 'no failover active' from the active FW?

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-28-2021 08:22 PM

@johnlloyd_13 it does have some effect. If you are monitoring a given interface (or service module) and failed over to a device where that/those are unhealthy it should fail back as it reports itself as not ready (assuming the mate is healthy).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top