Redundant Interfaces in ASA (CCIE Notes)


Things to remember:-

1. The first configured member-interface under a redundant interface becomes the active interface for that redundant interface.

2. Also, the MAC address used by the redundant interface is that of the first added member-interface under the redundant interface.

3. If the active interface goes down, the standby interface takes over the active interface role, but the MAC address does not change. The MAC address used for the redundant interface is still of the first configured member-interface.

Configuration:-

interface GigabitEthernet0
 no nameif
 no security-level
 no ip address
 no shutdown
!
interface GigabitEthernet1
 no nameif
 no security-level
 no ip address
 no shutdown
!
interface GigabitEthernet2
 no nameif
 no security-level
 no ip address
 no shutdown
!
interface GigabitEthernet3
 no nameif
 no security-level
 no ip address
 no shutdown
!
interface Redundant1
member-interface GigabitEthernet0
member-interface GigabitEthernet1
nameif outside
security-level 100
ip address 2.2.2.10 255.255.255.0 
!
interface Redundant2
member-interface GigabitEthernet2
member-interface GigabitEthernet3
nameif inside
security-level 0
ip address 10.1.1.10 255.255.255.0

Verification;

ASA-FW# show interface redundant 1 
Interface Redundant1 "inside", is up, line protocol is up
 Hardware is Linux Ethernet Dev, BW 100 Mbps, DLY 100 usec
 (Full-duplex), (100 Mbps)
 Input flow control is unsupported, output flow control is unsupported
 MAC address 00ab.cd92.5200, MTU 1500
 IP address 10.1.101.10, subnet mask 255.255.255.0
 820 packets input, 100506 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 pause input, 0 resume input
 233 L2 decode drops
 348 packets output, 39600 bytes, 0 underruns
 0 pause output, 0 resume output
 0 output errors, 0 collisions, 0 interface resets
 0 late collisions, 0 deferred
 0 input reset drops, 0 output reset drops
 input queue (blocks free curr/low): hardware (0/0)
 output queue (blocks free curr/low): hardware (0/0)
 Traffic Statistics for "inside":
 587 packets input, 62109 bytes
 348 packets output, 34728 bytes
 232 packets dropped
 1 minute input rate 0 pkts/sec, 24 bytes/sec
 1 minute output rate 0 pkts/sec, 0 bytes/sec
 1 minute drop rate, 0 pkts/sec
 5 minute input rate 1 pkts/sec, 150 bytes/sec
 5 minute output rate 1 pkts/sec, 115 bytes/sec
 5 minute drop rate, 0 pkts/sec
 Redundancy Information:
 Member GigabitEthernet0(Active), GigabitEthernet1
 Last switchover at 14:34:22 UTC Jun 20 2013

ASA-FW# show interface redundant 2
Interface Redundant2 "outside", is up, line protocol is up
 Hardware is Linux Ethernet Dev, BW 100 Mbps, DLY 100 usec
 (Full-duplex), (100 Mbps)
 Input flow control is unsupported, output flow control is unsupported
 MAC address 00ab.cd92.5202, MTU 1500
 IP address 10.1.102.10, subnet mask 255.255.255.0
 466 packets input, 55974 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 pause input, 0 resume input
 117 L2 decode drops
 229 packets output, 26034 bytes, 0 underruns
 0 pause output, 0 resume output
 0 output errors, 0 collisions, 0 interface resets
 0 late collisions, 0 deferred
 0 input reset drops, 0 output reset drops
 input queue (blocks free curr/low): hardware (0/0)
 output queue (blocks free curr/low): hardware (0/0)
 Traffic Statistics for "outside":
 349 packets input, 36221 bytes
 229 packets output, 22828 bytes
 116 packets dropped
 1 minute input rate 0 pkts/sec, 15 bytes/sec
 1 minute output rate 0 pkts/sec, 0 bytes/sec
 1 minute drop rate, 0 pkts/sec
 5 minute input rate 0 pkts/sec, 92 bytes/sec
 5 minute output rate 0 pkts/sec, 76 bytes/sec
 5 minute drop rate, 0 pkts/sec
 Redundancy Information:
 Member GigabitEthernet2(Active), GigabitEthernet3
 Last switchover at 14:34:22 UTC Jun 20 2013

ASA-FW# sho int g0 | in MAC
 MAC address 00ab.cd92.5200, MTU not set

ASA-FW# sho int g2 | in MAC
 MAC address 00ab.cd92.5202, MTU not set

Bookmark to follow my CCIE Security v4 journey -> https://networkology.net/tag/ccie

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s