05-12-2022 05:06 AM
Hi All,
If I would like to test physical link for command shut/no shut interface on cisco asa . ASA will be detect monitoring interface and take failover or not ? I'm not sure for situation . Please advise me .
05-12-2022 05:09 AM
yes if the interface down, the Failover triggers the operation, if your ASA configured to Monitor that interface.
05-12-2022 05:25 AM
Thank you for answer . If I do shut / no shut interface but still IP address and nameif . will failover trigger ? Can you provide step test physical interface for me ? Or I take command " no monitoring-interface" before test .
05-12-2022 03:18 PM
If you set up Active / Standby. and if you like to test failover
you need to initiate the communication failure, so another FW takes over the active role.
you can do this by shutdown the interface (not the ha link)
or reboot the active FW
some guidance here :
https://www.networkstraining.com/cisco-asa-active-standby-configuration/
05-12-2022 03:34 PM
I would like to test physical interface .Not test failover . I want to test physical interface without failover because I will be config new interface.how can I do that? Please advise me.
05-12-2022 03:46 PM
I want to test physical interface without failover because I will be config new interface.how can I do that?
In this case, you need to remove that interface from the monitor
# sh run all monitor-interface ( you will get the information what interface configured for monitor)
as you mentioned one of the posts to remove the interface being monitored:
I take command " no monitoring-interface" before test .
05-12-2022 05:12 AM
If the ASA is in failover deployment and as long as interface and standby IP addresses are configured on a physical interface, they start getting monitored automatically.
Which means, if you perform a shut on the active firewall's interface that is being monitored, an automatic failover to secondary will be triggered.
05-12-2022 05:27 AM
Thank you for answer. If I need to test physical interface on Cisco ASA firewall . Please help me for step test .
05-12-2022 05:33 AM
If the idea to test/trigger a failover, you can just execute "shut <interface name>" on the active firewall (provided that interface is actually monitored)
05-12-2022 06:37 AM - edited 05-12-2022 09:29 PM
You mean can I test without command nameif and IP address on interface? I wouldn't to test with failover trigger
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: