--> Redundant interface is a logical interface in ASA which allows you to combine multiple physical interfaces into one logical interface.
--> We call this redundant interface as interface bonding in checkpoint.
--> The main advantage of this feature is to provide physical interface redundancy.
--> At the same time only one of the interfaces in the logical group is active, if it fails ASA transparently switches to the next available interface in the group and all traffic passes through it.
--> By default the interface which is added first in the logical group will be active and other interface becomes standby.
--> All the configurations associated with the physical interfaces are removed once we assign the physical interface to the logical group.
--> We can define up to 8 Redundant interfaces in ASA.
-->All the interfaces in the logical group should be of the same type and only one interface forwards the traffic at a given time.
--> Redundant interface gets the MAC address from the interface which is added first in the group.
--> If the active interface goes down, the standby interface takes over the active interface role, but the MAC address does not change. The MAC address used for the redundant interface is still of the first configured member-interface.
--> We can force one interface to become Active always using the command:
ASA# redundant-interface redundant active-member <if_name>
Configuration
interface Ethernet0
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet1
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet2
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet3
no nameif
no security-level
no ip address
no shutdown
!
interface Redundant1
member-interface Ethernet0
member-interface Ethernet1
nameif outside
security-level 100
ip address 172.32.100.1 255.255.255.0
!
interface Redundant2
member-interface Ethernet2
member-interface Ethernet3
nameif inside
security-level 0
ip address 192.168.1.222 255.255.255.0
Verification
ASA# show interface redundant 1
--> We call this redundant interface as interface bonding in checkpoint.
--> The main advantage of this feature is to provide physical interface redundancy.
--> At the same time only one of the interfaces in the logical group is active, if it fails ASA transparently switches to the next available interface in the group and all traffic passes through it.
--> By default the interface which is added first in the logical group will be active and other interface becomes standby.
--> All the configurations associated with the physical interfaces are removed once we assign the physical interface to the logical group.
--> We can define up to 8 Redundant interfaces in ASA.
-->All the interfaces in the logical group should be of the same type and only one interface forwards the traffic at a given time.
--> Redundant interface gets the MAC address from the interface which is added first in the group.
--> If the active interface goes down, the standby interface takes over the active interface role, but the MAC address does not change. The MAC address used for the redundant interface is still of the first configured member-interface.
--> We can force one interface to become Active always using the command:
ASA# redundant-interface redundant active-member <if_name>
Configuration
interface Ethernet0
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet1
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet2
no nameif
no security-level
no ip address
no shutdown
!
interface Ethernet3
no nameif
no security-level
no ip address
no shutdown
!
interface Redundant1
member-interface Ethernet0
member-interface Ethernet1
nameif outside
security-level 100
ip address 172.32.100.1 255.255.255.0
!
interface Redundant2
member-interface Ethernet2
member-interface Ethernet3
nameif inside
security-level 0
ip address 192.168.1.222 255.255.255.0
Verification
ASA# show interface redundant 1
0 comments:
Post a Comment