cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
695
Views
0
Helpful
9
Replies

If create new interface feature monitor interface detect or not

jewfcb001
Level 4
Level 4

Hi All,

 

If I would like to test physical link for command shut/no shut  interface on cisco asa . ASA will be detect monitoring interface and take failover or not ? I'm not sure for situation . Please advise me .  

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

yes if the interface down, the Failover triggers the operation, if your ASA configured to Monitor that interface.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi 

Thank you for answer . If I do shut / no shut interface but still IP address and nameif . will failover trigger ? Can you provide step test physical interface for me ? Or I take command " no monitoring-interface" before test . 

If you set up Active / Standby. and if you like to test failover

 

you need to initiate the communication failure, so another FW takes over the active role.

you can do this by shutdown the interface (not the ha link)

or reboot the active FW

 

some guidance here :

 

https://www.networkstraining.com/cisco-asa-active-standby-configuration/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi 

I would like to test physical interface .Not test failover . I want to test physical interface without failover because I will be config new interface.how can I do that? Please advise me.

 

I want to test physical interface without failover because I will be config new interface.how can I do that?

In this case, you need to remove that interface from the monitor

 

# sh run all monitor-interface  ( you will get the information what interface configured for monitor)

 

as you mentioned one of the posts to remove the interface being monitored:

 

I take command " no monitoring-interface" before test . 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

UdupiKrishna
Cisco Employee
Cisco Employee

If the ASA is in failover deployment and as long as interface and standby IP addresses are configured on a physical interface, they start getting monitored automatically.

 

Which means, if you perform a shut on the active firewall's interface that is being monitored, an automatic failover to secondary will be triggered.

@UdupiKrishna 

Thank you for answer. If  I need to test physical interface on Cisco ASA firewall . Please help me for step test . 

If the idea to test/trigger a failover, you can just execute "shut <interface name>" on the active firewall (provided that interface is actually monitored)

@UdupiKrishna  

You mean can I test without command nameif and IP address on interface? I wouldn't to test with failover trigger

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: