Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1015
Views
0
Helpful
9
Replies

If create new interface feature monitor interface detect or not

jewfcb001
Level 4
Level 4

‎05-12-2022 05:06 AM

Hi All,

 

If I would like to test physical link for command shut/no shut  interface on cisco asa . ASA will be detect monitoring interface and take failover or not ? I'm not sure for situation . Please advise me .  

0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎05-12-2022 05:09 AM

yes if the interface down, the Failover triggers the operation, if your ASA configured to Monitor that interface.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎05-12-2022 05:25 AM

@balaji.bandi 

Thank you for answer . If I do shut / no shut interface but still IP address and nameif . will failover trigger ? Can you provide step test physical interface for me ? Or I take command " no monitoring-interface" before test . 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jewfcb001

‎05-12-2022 03:18 PM

If you set up Active / Standby. and if you like to test failover

 

you need to initiate the communication failure, so another FW takes over the active role.

you can do this by shutdown the interface (not the ha link)

or reboot the active FW

 

some guidance here :

 

https://www.networkstraining.com/cisco-asa-active-standby-configuration/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jewfcb001
Level 4
Level 4
In response to balaji.bandi

‎05-12-2022 03:34 PM

@balaji.bandi 

I would like to test physical interface .Not test failover . I want to test physical interface without failover because I will be config new interface.how can I do that? Please advise me.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jewfcb001

‎05-12-2022 03:46 PM

 

I want to test physical interface without failover because I will be config new interface.how can I do that?

In this case, you need to remove that interface from the monitor

 

# sh run all monitor-interface  ( you will get the information what interface configured for monitor)

 

as you mentioned one of the posts to remove the interface being monitored:

 

I take command " no monitoring-interface" before test . 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Udupi Krishna.
Cisco Employee
Cisco Employee

‎05-12-2022 05:12 AM

If the ASA is in failover deployment and as long as interface and standby IP addresses are configured on a physical interface, they start getting monitored automatically.

 

Which means, if you perform a shut on the active firewall's interface that is being monitored, an automatic failover to secondary will be triggered.

0 Helpful

jewfcb001
Level 4
Level 4
In response to Udupi Krishna.

‎05-12-2022 05:27 AM

@Udupi Krishna. 

Thank you for answer. If  I need to test physical interface on Cisco ASA firewall . Please help me for step test . 

0 Helpful

Udupi Krishna.
Cisco Employee
Cisco Employee
In response to jewfcb001

‎05-12-2022 05:33 AM

If the idea to test/trigger a failover, you can just execute "shut <interface name>" on the active firewall (provided that interface is actually monitored)

0 Helpful

jewfcb001
Level 4
Level 4
In response to Udupi Krishna.

‎05-12-2022 06:37 AM - edited ‎05-12-2022 09:29 PM

@Udupi Krishna.  

You mean can I test without command nameif and IP address on interface? I wouldn't to test with failover trigger

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top