I have an ASA5580-20 with 2 port of 10Gig. I have configured the A/S failover usiasang suinterface in "interface TenGigabitEthernet7/1" interface. it work fine. but the problem I have is I can't assign any subinterface to any context. is that a bug?
Step 5 (Optional) To enable Stateful Failover, configure the Stateful Failover link.
a. Specify the interface to be used as Stateful Failover link.
hostname(config)# failover linkif_namephy_if
Note If the Stateful Failover link uses the failover link or a data interface, then you only need to supply the if_name argument.
The if_name argument assigns a logical name to the interface specified by the phy_if argument. The phy_if argument can be the physical port name, such as Ethernet1, or a previously created subinterface, such as Ethernet0/2.3. This interface should not be used for any other purpose (except, optionally, the failover link).
is it a Cisco Bug?
So we're obliged to use Management port if we plan to order the ASA5580 with only 1 TenGig module .
I would not suggest you to use a management interface as the failover link. The reason is that it is not optimized for traffic so if you have high connection rates it might not be able to pass the failover updates of state information.
The reason you see the problem there, as you probably figured, is that the failover is dedicated link, it cannot be used to pass failover info and real traffic at the same time.
I would suggest at lest 2 oprimized interfaces, one for traffic and subinterfaces and one for failover.
Here is a good rule of thumb. The failover link should be as fast as the fastest interface in the box. You can use this same
interface for state as well.
Think about this. You have 4 Gig interfaces and one management 100 mb interface. It is not a good idea to use the mgmt inteface for failover link and state to pump all the state updates for all Gig interfaces over this 100 MB link.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :