Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
49-19
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 49 Configuring Failover
Failover Policies
Active/Standby In an Active/Standby configuration, the active security appliance
handles all network traffic passing through the failover pair. The
standby security appliance does not handle network traffic until a
failure occurs on the active security appliance. Whenever the
configuration of the active security appliance changes, it sends
configuration information over the failover link to the standby security
appliance.
When a failover occurs, the standby security appliance becomes the
active unit. It assumes the IP and MAC addresses of the previously
active unit. Because the other devices on the network do not see any
changes in the IP or MAC addresses, ARP entries do not change or time
out.
LAN Failover
Interface Choose the interface to use as the failover link; all interfaces available
on the device are listed.
When configured for failover, the interface is directly connected to the
standby device.
Note You can choose an EtherChannel interface as the failover link.
As with any other type of interface assigned as a failover link,
the EtherChannel interface cannot be named, and none of the
EtherChannel’s member interfaces can be named. Further,
while being used as an active failover link, changes to the
interface configuration are not allowed. Refer to Configuring
EtherChannels, page 45-8 for more information.
Logical Name Enter a logical name for the failover interface.
Active IP Address Specify the active IP address for this interface.
Standby IP Address Specify a standby IP address for this interface.
To receive packets from both units in a failover pair, standby IP
addresses need to be configured on all interfaces. The Standby IP
address is used on the security appliance that is currently the standby
unit, and it must be in the same subnet as the active IP address.
Subnet Mask Enter the Subnet Netmask for the active and standby IP addresses.
Stateful Failover
(Optional) To configure Stateful Failover, page 49-4, provide the following parameters.
Interface Choose the interface to use for the stateful failover link; all interfaces
available on the device are listed.
Note You can choose an EtherChannel interface as the stateful
failover link. As with any other type of interface assigned as a
failover link, the EtherChannel interface cannot be named, and
none of the EtherChannel’s member interfaces can be named.
Further, while being used as an active failover link, changes to
the interface configuration are not allowed. Refer to
Configuring EtherChannels, page 45-8 for more information.
Table 49-6 Failover Page (ASA/PIX 7.0+) (Continued)
Element Description