Specifications

ManualsBrandsCisco ManualsHome building and DecorPIX 525

141

142

143

144

145

146

147

148

149

150

11-18

Cisco Security Appliance Command Line Configuration Guide

OL-6721-01

Chapter 11 Configuring Failover

Configuring Failover

Configuring the Primary Unit

Follow these steps to configure the primary unit in a LAN-based, Active/Standby failover configuration.

These steps provide the minimum configuration needed to enable failover on the primary unit. For

multiple context mode, all steps are performed in the system execution space unless otherwise noted.

To configure the primary unit in an Active/Standby failover pair, perform the following steps:

Step 1 If you have not done so already, configure the active and standby IP addresses for each interface (routed

mode) or for the management interface (transparent mode). The standby IP address is used on the

security appliance that is currently the standby unit. It must be in the same subnet as the active IP

address.

Note Do not configure an IP address for the failover link or for the state link (if you are going to use

Stateful Failover).

hostname(config-if)# ip address

active_addr netmask

standby

standby_addr

Note In multiple context mode, you must configure the interface addresses from within each context.

Use the changeto context command to switch between contexts. The command prompt changes

to hostname/

context

(config-if)#, where context is the name of the current context.

Step 2 (PIX security appliance platform only) Enable LAN-based failover.

hostname(config)# failover lan enable

Step 3 Designate the unit as the primary unit.

hostname(config)# failover lan unit primary

Step 4 Define the failover interface.

a. Specify the interface to be used as the failover interface.

hostname(config)# failover lan interface

if_name

phy_if

The if_name argument assigns a name to the interface specified by the phy_if argument. The phy_if

argument can be the physical port name, such as Ethernet1, or a previously created subinterface,

such as Ethernet0/2.3.

b. Assign the active and standby IP address to the failover link.

hostname(config)# failover interface ip

if_name ip_addr mask

standby

ip_addr

The standby IP address must be in the same subnet as the active IP address. You do not need to

identify the standby address subnet mask.

The failover link IP address and MAC address do not change at failover. The active IP address for

the failover link always stays with the primary unit, while the standby IP address stays with the

secondary unit.

c. Enable the interface.

hostname(config)# interface

phy_if

hostname(config-if)# no shutdown