11-22-2012 01:51 PM - edited 03-11-2019 05:26 PM
Hi all,
when we config DHCP pool in ASA and config the VLAN and assign it IP address.
Why we use Standby IP ?How can Primary address fail if they are on same interface
Thanks
Mahesh
Solved! Go to Solution.
11-22-2012 04:37 PM
Hello Mahesh,
Not sure what you mean... Standby IP's on the ASA are used for the exchange of hello packets on the failover cluster.
Regards,
11-24-2012 09:33 AM
Hello Mahesh,
You have it because you are running failover and in order to monitor an interface you will need to exchange hello packets between the primary ip and the standby ip. So you are basically telling the ASA send hello packets over this vlan to this secondary IP.
Regards,
11-24-2012 10:34 AM
So this secondary IP is on backup fw then?
Yes.
Does it mean that if Main Fw says powered off then if i ssh to fw then still i will see the same fw hostname?
Also then which vlan IP it will show under vlan ?
It will show same hostname and same vlan
if we have 2 fw in cluster and i log onto fw it shows info of only 1 fw is there a way i can get info of another fw in cluster
or i can login to backup fw?
You can log in to the backup or you can run commands from the primary unit but get the info from the secondary with the command:
failover exec standby show run
Remember to rate all of the helpful posts
11-25-2012 08:52 AM
There is no such a command, you need to login into the secondary IP address. (straight login to secondary fw)
Regards,
Julio
11-22-2012 04:37 PM
Hello Mahesh,
Not sure what you mean... Standby IP's on the ASA are used for the exchange of hello packets on the failover cluster.
Regards,
11-24-2012 09:14 AM
Hi,
I have ASA with another ASA in failover cluster.
I have defined Vlan there and that vlan is doing DHCP.
So that vlan has IP address and also after ip address statement it has standby ip address.
Need to know why we have standby ip under that vlan?
thanks
mahesh
11-24-2012 09:33 AM
Hello Mahesh,
You have it because you are running failover and in order to monitor an interface you will need to exchange hello packets between the primary ip and the standby ip. So you are basically telling the ASA send hello packets over this vlan to this secondary IP.
Regards,
11-24-2012 09:40 AM
Hi,
So this secondary IP is on backup fw then?
Does it mean that if Main Fw says powered off then if i ssh to fw then still i will see the same fw hostname?
Also then which vlan IP it will show under vlan ?
if we have 2 fw in cluster and i log onto fw it shows info of only 1 fw is there a way i can get info of another fw in cluster
or i can login to backup fw?
Thanks
Mahesh
11-24-2012 10:34 AM
So this secondary IP is on backup fw then?
Yes.
Does it mean that if Main Fw says powered off then if i ssh to fw then still i will see the same fw hostname?
Also then which vlan IP it will show under vlan ?
It will show same hostname and same vlan
if we have 2 fw in cluster and i log onto fw it shows info of only 1 fw is there a way i can get info of another fw in cluster
or i can login to backup fw?
You can log in to the backup or you can run commands from the primary unit but get the info from the secondary with the command:
failover exec standby show run
Remember to rate all of the helpful posts
11-24-2012 02:21 PM
Hi,
So whats command to login to Secondary fw from primary
or can we straight login to secondary fw?
Thanks
Mahesh
11-25-2012 08:52 AM
There is no such a command, you need to login into the secondary IP address. (straight login to secondary fw)
Regards,
Julio
11-25-2012 03:08 PM
hi julio,
Thanks again for all the replies.
Everyday learning more about ASa from this forum
Regards
Mahesh
11-25-2012 03:10 PM
Hi Mahesh,
Glad that I could help
07-12-2018 08:18 AM - edited 07-12-2018 08:19 AM
Hi Julio,
Whats the use of standby ip in the management interface as below ? I know internal, external and HA interfaces have standby which is used to monitor the interfaces, receive hello packets and failover if such interfaces fail. But, when do we need standby ip for management interface ? any usecase can you tell me ?
interface Management0/0
nameif management
security-level 100
ip address 10.198.136.164 255.255.255.224 standby 10.198.136.165
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide