Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1660
Views
0
Helpful
5
Replies

Redundant Interface Configuration on ASA

Saurabh Srivastava
Level 1
Level 1

‎07-09-2013 11:32 AM - edited ‎03-11-2019 07:10 PM

Hi All,

I am testing the redundant interface config in GNS3 and below are the configuration which i have done-

ASA1(config)#interface Ethernet0/1

no nameif

no security-level

no ip address

!

ASA1(config)#interface Ethernet0/2

no nameif

no security-level

no ip address

ASA1(config)# sh run | beg Redu

interface Redundant1

member-interface Ethernet0/1

member-interface Ethernet0/2

nameif inside

security-level 100

ip address 10.0.0.1 255.0.0.0

every thing is working fine when redundant interface is e0/1, but whatever i tried to make another interface(E0/2) as active, either by manually shutting down the int E0/1 OR from putting command "redundant-interface redundant 1 active-member ethernet 0/2" on ASA, connctivity between My PC and ASA drop out. below are the output after making E0/2 as active.

ASA1(config)# sh int red1

Interface Redundant1 "inside", is up, line protocol is up

  Hardware is linaeth, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), (100 Mbps)

        Media-type configured as RJ45 connector

       MAC address 00ab.cd92.5201, MTU 1500

        IP address 10.0.0.1, subnet mask 255.0.0.0

        0 packets input, 34804 bytes, 0 no buffer

        Received 51 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 packets output, 1090 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max packets): hardware (256/256) software (0/6)

        output queue (curr/max packets): hardware (0/0) software (0/2)

  Traffic Statistics for "inside":

        102 packets input, 6926 bytes

        25 packets output, 1116 bytes

        79 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  13 bytes/sec

      5 minute output rate 0 pkts/sec,  3 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Redundancy Information:

        Member Ethernet0/2(Active), Ethernet0/1

        Last switchover at 00:02:41 UTC Nov 30 1999

I am trying to debug the thing by Wireshark and found that E0/2 is giving the response with MAC as E0/1 interface(Which is correct and as per cisco documnet). I am attaching the connectivity diagram and output of wireshark and ARP table from My PC and ASA.

Please any one correct me if i am wrong in somewhere...

Regards,
Saurabh       

Regards, Saurabh
Labels:
Preview file
84 KB
0 Helpful
5 Replies 5

Saurabh Srivastava
Level 1
Level 1

‎07-11-2013 10:58 AM

Any one please reply.

Regards,
Saurabh

Regards, Saurabh
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Saurabh Srivastava

‎07-12-2013 11:32 AM

Hello Saurabh,

So this is a GNS enviroment. Hmmmm.....

I can see that you already understand the concept, you know how to configure it and troubleshoot it,

Everything is properly setup so it does not make sense the behavior we are seeing.

What happens if you manually set a MAC address ( one created by you ) on the ASA for the redundant interface?

flush the ARP table of all of the devices and let me know, we are testing here as this is a virtual enviroment, no one will get harm

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Saurabh Srivastava
Level 1
Level 1
In response to Julio Carvajal

‎07-17-2013 03:43 AM

Thanks Julio for reply... I had already tried by clearing the ARP table for PC and firewall but fail to reach via seconnd interface..This might be GNS issue.

Regards,
Saurabh

Regards, Saurabh
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Saurabh Srivastava

‎07-17-2013 10:49 AM

Hello Saurabh,

That's the thing as we are not using a live enviroment we could be hitting those kind of odd issues with GNS,

I can ensure you that the configuration is good,

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Saurabh Srivastava

‎07-18-2013 01:04 AM

hi,

could you try to simulate this on a 5520 in GNS3?

also, try configuring redundant interface pair using ASDM.

a PC reboot makes it work sometimes.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card