Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
1
Replies

Active/Standby failover

hankmasddi
Level 1
Level 1

‎07-12-2010 10:14 AM - edited ‎03-11-2019 11:10 AM

Hi,

I am trying to setup two pairs of ASA 5510s which they will both be setup as Active/Standby. The failover interfaces will be connected via Ethernet to the same switch. Do the interfaces need to be on separate individual VLANs on the switch to work properly? Or do they only need to be on different IP subnets.

Reason I am asking is because the 2 pairs will not stay synchronized as a pair and I can't figure out why. The configs for each pair are identical as is the hardware, but the standby will always lose connection and default back to "ActNoFailOver" or "StdbyNoFailOver" status.

please help!

Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-12-2010 10:24 AM

It is better if they are in a dedicated vlan because that vlan should not be seeing all kinds of broadcast packets etc since it is used for the failover communication. That is a recommendation though, not a requirement. Putting them in a vlan that is passing regular data will also work.

For the issue you are seeing you can do "sh fail history" to try to see why it is happening. It could be an interface mismatch.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card