ASA 5520 - Failover monitoring of sub-interfaces

Unanswered Question
Dec 15th, 2008
User Badges:

I recently configured and installed ASA-5520s as a replacement for EOL PIX-525 set. This new configuration utilizes sub-interfaces for partner connections. Traffic is passing through the interfaces, but I am curious as to why the sub-interfaces are not being monitored for failover, and the parent interface isn't listed as monitored as well. (see configlet below):

interface GigabitEthernet0/2

speed 1000

duplex full

no nameif

no security-level

no ip address


interface GigabitEthernet0/2.1

vlan 101

nameif intf1

security-level 0

ip address a.a.a.1 standby a.a.a.2


interface GigabitEthernet0/2.2

vlan 102

nameif intf2

security-level 50

ip address b.b.b.1 standby b.b.b.2


interface GigabitEthernet0/2.3

vlan 103

nameif intf3

security-level 50

ip address c.c.c.1 standby c.c.c.2


firewall# sh fail

Failover On

Failover unit Primary

Failover LAN Interface: FAILOVER GigabitEthernet0/3 (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 3 of 250 maximum

Version: Ours 8.0(4), Mate 8.0(4)

Last Failover at: 08:57:52 EST Dec 14 2008

This host: Primary - Active

Active time: 87450 (sec)

slot 0: ASA5520 hw/sw rev (2.0/8.0(4)) status (Up Sys)

Interface OUTSIDE (ip.address): Normal

Interface INSIDE (ip.address): Normal

Interface intf1 (a.a.a.1): Normal (Not-Monitored)

Interface intf2 (b.b.b.1): Normal (Not-Monitored)

Interface intf3 (c.c.c.1): Normal (Not-Monitored)

Interface MGMT (ip.address): Normal


My assumption would be that it would monitor the parent interface (g0/2), but its not listed in a 'show failover', most likely because there is no name applied to the interface. Does anyone know if the interface is monitored, but not listed or is it simply not monitored?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion