Switch failure in redundant mode behind ASA

Answered Question
Sep 30th, 2008
User Badges:

Hi,


Topology:


Data Center Link -> ASA (Active/Standby) -> Cisco Switch with trunk in redundant mode


Query:


If the switch which receives incoming traffic fails, how does the active ASA route the traffic to the redundant switch which is directly connected to Standby ASA. Would the primary ASA failover to Standby ASA due to the switch failure connected to the primary ASA ?


Thanks.

Correct Answer by Jon Marshall about 8 years 6 months ago

Just to confirm - do you have 2 ASA devices, 1 active, 1 standby and 2 internal switches, 1 connected to the active and 1 to the standby with these switches connected via a L2 trunk.


If so yes, when the switch that is connected to your active ASA device fails it the ASA should failover to the standby unit providing you are monitoring the relevnat interfaces in your ASA failover setup.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 09/30/2008 - 05:36
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Just to confirm - do you have 2 ASA devices, 1 active, 1 standby and 2 internal switches, 1 connected to the active and 1 to the standby with these switches connected via a L2 trunk.


If so yes, when the switch that is connected to your active ASA device fails it the ASA should failover to the standby unit providing you are monitoring the relevnat interfaces in your ASA failover setup.


Jon

cisco_realm Tue, 09/30/2008 - 05:50
User Badges:


Thanks.


Yes, the scenario is as you have stated.

On the same lines, if another pair of ASA is placed behind the switch i.e. ASA - Switch - ASA, and one of the second pair of ASA's fail, how will the failover be trickled through the topology.


Is is it that the complete first leg (whatever is mentioned within than) fails over to the second leg. Or would the intermediate switch pass all the traffic via the trunk to the other switch. So the data path would be


1. Primary/Active ASA

2. Switch connected to Primary ASA

3. Switch pass data via trunk to the redundant switch (connected to the standby ASA within first set).

4. Redundant Switch passes traffic to the newly failed over Primary (earlier standby) ASA.


Please advise.

Jon Marshall Tue, 09/30/2008 - 05:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If only one of the ASA fails then that is what the trunk between the switches is used for. So in answer to your question if one of the second ASA devices fails this has no impact on the active/standby first set of ASA's.


Only when one of the switch fails would both pairs of active ASA's have to failover, providing of course that both active ASA's were connected to the same switch.


Jon

Actions

This Discussion