PIX 7.1, failover

From

Slawa Olhovchenkov (2:5030/500)

To

Nick Maryenko (2:5054/37.63)

Date

2006-02-28T10:33:14Z

Area

RU.CISCO

Hello Nick!

28 Feb 06, Nick Maryenko writes to Slawa Olhovchenkov:

 NM> Насколько я знаю, для failover over lan необходим отдельный физичекий
 NM> интерфес.

Да, действительно, просто очень криво написали и хорошо запрятали:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008054c4b7.html#wp1055300

LAN-Based Failover Link

You can use any unused Ethernet interface on the device as the failover link. You cannot specify an interface that is currently configured with a name. The failover link interface is not configured as a normal networking interface; it exists only for failover communication. This interface should only be used for the failover link (and optionally for the Stateful Failover link). You can connect the LAN-based failover link by using a dedicated switch with no hosts or routers on the link or by using a crossover Ethernet cable to link the units directly.

Note When using VLANs, use a dedicated VLAN for the failover link. Sharing the failover link VLAN with any other VLANs can cause intermittent traffic problems and ping and ARP failures. If you use a switch to connect the failover link, use dedicated interfaces on the switch and security appliance for the failover link; do not share the interface with subinterfaces carrying regular network traffic.

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008054c4b7.html#wp1064158

Step 4 Define the failover interface.

a. Specify the interface to be used as the failover interface.

hostname(config)# failover lan interface if_name phy_if

The if_name argument assigns a name to the interface specified by the phy_if argument.
The phy_if argument can be the physical port name, such as Ethernet1, or a previously
created subinterface, such as Ethernet0/2.3.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 >> А кто-нибудь с данным софтом на 515E вообще работает?
 >> А с failover?
 >>
 >> А то фигня-с. С сериальным линком -- линк становится failed очень быстро.
 >>
 >> А пытаюсь на LAN перейти -- так мне по рукам:
 >>
 >> # failover lan interface failover Ethernet1.111
 >> ERROR: Can not configure failover interface on a shared physical
 >> interface
 >>
 >>
 >> ... Утерянное всегда находишь в последнем каталоге


 NM> --- ifmail v.2.15dev5.3
 NM>  * Origin: ICB (2:5020/400)

... КЛАВУ топтать - это вам не с ДЖОЙСТИКОМ баловаться...
--- GoldED+/BSD 1.1.5
 * Origin:  (2:5030/500)
SEEN-BY: 46/50 50/203 400/814 450/186 1024 451/30 5000/5000 5001/5001 5011/13
SEEN-BY: 5015/28 221 5019/31 5020/175 400 545 639 715 758 830 937 1042 1523
SEEN-BY: 5020/1604 1630 2020 2238 4441 5021/3 29 5022/128 5025/3 750 5026/45
SEEN-BY: 5026/49 5027/12 5030/115 436 473 500 966 1063 1900 5040/47 5042/13
SEEN-BY: 5045/7 5049/36 5053/16 5054/1 4 8 9 28 30 35 36 37 67 72 75 81 5062/1
SEEN-BY: 5062/10 5063/3 5070/1222 5071/166 5077/70 5080/80 1003 5082/6 5083/21
SEEN-BY: 5085/13 5090/108 5095/20 5096/18 6000/1 12 6001/10

PATH: 5030/500 5020/4441 545 5054/1 37