When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A.
The name if configuration on the member physical interfaces are identical.
B.
The MAC address configuration on the member physical interfaces are identical.
C.
The active interface is sending periodic hellos to the standby interface.
D.
The IP address configuration on the logical redundant interface is correct.
E.
The duplex and speed configuration on the logical redundant interface are correct.
Explanation:
Concept
A logical redundant interface is a pair of an active and a standby physical interface. When the active interface fails, the standby interface becomes active. From
firewall perspective this event is completely transparent and can be viewed as a single logical interface. We can use redundant interfaces to increase the security
appliance reliability. This feature is separate from device-level failover, but you can configure redundant interfaces as well as failover if desired. We can configure
upto 8 redundant interfaces.
Redundant interface are number from 1 to 8 and have the name redundant X. When adding physical interfaces to the redundant pair, please make sure there is no
configuration on it and interface is also in no shutdown state. This is just a precaution, the firewall will remove these settings when adding the physical interface to a
new group. The logical redundant interface will take the MAC address of the first interface added to the group.
This MAC address is not changed with the member interface failures, but changes when you swap the order of the physical interfaces to the pair.
Once we have configured a redundant interface, we can assign it a name and a security level, followed by an IP address. The procedure is the same as with any
interface in the system.
Configuration
–>
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
interface Redundant1
member-interface GigabitEthernet0/0
member-interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.0
Verify
You can use the following command to verify––>
ciscoasa(config)# show interface redundant 1
Interface Redundant1 “outside”, is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(100
Mbps)
MAC address 5475.d0d4.9594, MTU 1500
IP address 1.1.1.1, subnet mask 255.255.255.0
27 packets input, 12330 bytes, 0 no buffer
Received 27 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 27 overrun, 0 ignored, 0 abort 10 L2 decode drops
1 packets output, 64 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops input queue (curr/max packets): hardware (5/25) software (0/0) output queue (curr/max packets): hardware (0/1) software
(0/0)
Traffic Statistics for “outside”:
17 packets input, 7478 bytes
1 packets output, 28 bytes
17 packets dropped
1 minute input rate 0 pkts/sec, 92 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Redundancy Information:
Member GigabitEthernet0/0(Active), GigabitEthernet0/1 Last switchover at 23:13:03 UTC Dec 15 2011