Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5520 - Failover on sub-interface

Hi All,

I'm tryng to configure Active/Stanby failover on two ASA-5520, regular and statefull, on two sub-interfaces, but I receive the same ERROR:

"Can not configure failover interface on a shared physical interface"

It is possible? and how can I resolve?

Regards

3 REPLIES

Re: ASA 5520 - Failover on sub-interface

You cant use a sub-interface.

LAN-Based Failover Link

You can use any unused Ethernet interface on the device as the failover link; however, you cannot specify an interface that is currently configured with a name. The LAN failover link interface is not configured as a normal networking interface. It exists for failover communication only. This interface should only be used for the LAN failover link (and optionally for the stateful failover link).

Regards.

New Member

Re: ASA 5520 - Failover on sub-interface

Hi

You can configure Failover on sub-interfaces as long as the physical interface is dedicated to failover.

I.e. you can have 2 vlans one for lan based failover and one for state.

If you are using the same physical interface for any other vlans i.e. inside or outside interfaces then this is not allowed.

HTH

Stu

New Member

HiI know this thread is old

Hi

I know this thread is old but did not find a more relevant one for my question and could not find any specific guidelines on cisco.com abt. using one dedicated interface for both failover and state vs. creating two subinterfaces - one for failover and the other for state.

In my setup, EtherChannel (Gi0/4 + Gi0/5) is dedicated for both failover and state and two L2 catalyst stacks connected in series sit between the ASAs:

ASA1=STACK1=STACK2=ASA2

In this setup STACK ports facing the ASAs are regular access ports (with a dedicated VLAN present in the 802.1q trunk between the stacks)

Alternatively, I can imagine breaking down the EtherChannel interfaces into subinterfaces on the ASAs and converting the ASA=STACK links from access into trunks.

But in the end, are there any practical advantages which would justify the configuration/management slight overhead?

Regards,

Rafal

1271
Views
0
Helpful
3
Replies