Understanding Failover Link and State Link

Unanswered Question
Aug 17th, 2012
User Badges:

Whatt is the difference between failover link and state link in the context of Cisco FWSM? Why do I need both or what is the best practice? Thanks in advance. Just trying to understand.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Julio Carvajal Fri, 08/17/2012 - 14:53
User Badges:
  • Purple, 4500 points or more

Hello ,

The difference is that the stateful link is the one in charge of handling the replication of the connections across the FWSM ( Used for the stateful failover) so if by any chance the device goes down the connections already established do not go down.


atrey_nyph Sat, 08/18/2012 - 20:42
User Badges:

Well I should have asked question different way. I have config for two pairs (one pair in one segment and another pair in another segment) and failover configuration is different in terms of one pair has two unique vlans being trunks across crossover cable - unique LAN failover vlan and state vlan while other pair only has one vlan for both purposes...



failover lan unit primary

failover lan interface failover Vlan100

failover polltime unit 15 holdtime 45

failover link failover Vlan100

failover interface ip failover standby



failover lan unit primary

failover lan interface failover Vlan300

failover polltime unit 1 holdtime 3

failover polltime interface 3

failover interface-policy 1

failover link stateful Vlan301

failover interface ip failover standby

failover interface ip stateful standby

According Cisco's failover configuration document you should have two vlans trunked across two chassis (ASA or FWSMs on 6500s). I am trying to understand what type of traffic "lan interface failover" vlan 300 in above config and "link stateful" vlan 301 in above config carry across? What is the best practice? should have uniqe vlans or just one vlan for both purposes? Sorry for not being clear on my initial question.

Julio Carvajal Sat, 08/18/2012 - 23:14
User Badges:
  • Purple, 4500 points or more

Hello Atrey,

Well it is 100 % recommeded to use 2 different vlans ( FWSM) or 2 different interfaces (ASA) for the failover link and the state link between 2 units, this because of the amount of data being transfered on both of this links,

Not all the time you have the oportunity to use 2 of them so that is why you can use only one, I have seen a lot of scenarios using just one and that works perfect but again if possible then use 2

Is just a desing preference or optimization




This Discussion