Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A.
Each redundant interface can have up to four physical interfaces as its member.
B.
When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C.
Interface duplex and speed configurations are configured under the redundant interface.
D.
Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E.
Each Cisco ASA supports up to eight redundant interfaces.
Explanation:
Configuring a Redundant Interface
A logical redundant interface pairs an active and a standby physical interface. When the active interface fails, the standby interface becomes active and startspassing traffic. You can configure a redundant interface to increase the security appliance reliability. This feature is separate from device-level failover, but you can
configure redundant interfaces as well as failover if desired.
You can configure up to 8 redundant interface pairs.
In Active/Standby failover, the active device uses the primary unit’s MAC addresses. In the event of a failover, the secondary Cisco ASA becomes active and takes
over the primary unit’s MAC addresses, while the active
device (now standby) takes over the standby unit’s MAC addresses. Once the standby Cisco ASA becomes active, it sends out a gratuitous ARP on the network. A
gratuitous ARP is an ARP request that the Cisco ASA sends out on the Ethernet networks with the source and destination IP addresses of the active IP addresses.
The destination MAC address is the Ethernet broadcast address, i.e., ffff.ffff.ffff. All devices on the
Ethernet segment process this broadcast frame and update their ARP table with this information. Using gratuitous ARP, the Layer 2 devices, including bridges and
switches, also update the Content Addressable Memory (CAM) table with the MAC address and the updated switch port information.
Using a virtual MAC address is recommended to avoid network disruptions. When a secondary Cisco ASA boots up before the primary Cisco ASA, it uses its
physical MAC addresses as active Layer 2 addresses.
However, when the primary Cisco ASA boots up, the secondary swaps the MAC addresses and uses the primary Cisco ASA’s physical MAC addresses as active.
With the virtual MAC address, Cisco ASA do not need to swap the MAC address.
When stateful failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same
connection information is available at the new active unit.
Supported end-user applications are not required to reconnect to keep the same communication session.
The state information passed to the standby unit includes these:
The NAT translation table
The TCP connection states
The UDP connection states
The ARP table
The Layer 2 bridge table (when it runs in the transparent firewall mode) The HTTP connection states (if HTTP replication is enabled) The ISAKMP and IPSec SA
table
The GTP PDP connection database
The information that is not passed to the standby unit when stateful failover is enabled includes these:
The HTTP connection table (unless HTTP replication is enabled) The user authentication (uauth) table
The routing tables
State information for security service modules
Note: If failover occurs within an active Cisco IP SoftPhone session, the call remains active because the call session state information is replicated to the standby
unit. When the call is terminated, the IP SoftPhone client loses connection with the Call Manager. This occurs because there is no session information for the
CTIQBE hang-up message on the standby unit. When the IP SoftPhone client does not receive a response back from the Call Manager within a certain time period,
it considers the Call Manager unreachable and unregisters itself.