Configuring failover criteria – Cisco ASA 5505 User Manual

62-14

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 62 Configuring Active/Standby Failover

Configuring Active/Standby Failover

Configuring Failover Criteria

You can specify a specific number of interface or a percentage of monitored interfaces that must fail
before failover occurs. By default, a single interface failure causes failover.

To the change the default failover criteria, enter the following command in global configuration mode:

Configuring the Unit and Interface Health Poll Times

The ASA sends hello packets out of each data interface to monitor interface health. The appliance sends
hello messages across the failover link to monitor unit health. If the ASA does not receive a hello packet
from the corresponding interface on the peer unit for over half of the hold time, then the additional
interface testing begins. If a hello packet or a successful test result is not received within the specified
hold time, the interface is marked as failed. Failover occurs if the number of failed interfaces meets the
failover criteria.

Decreasing the poll and hold times enables the ASA to detect and respond to interface failures more
quickly but may consume more system resources. Increasing the poll and hold times prevents the ASA
from failing over on networks with higher latency.

no monitor-interface

if_name

Example:

hostname(config)# no monitor-interface

lanlink

Disables health monitoring for an interface.

monitor-interface

if_name

Example:

hostname(config)# monitor-interface

lanlink

Enables health monitoring for an interface.

Command

Purpose

failover interface-policy

num[%]

Example:

hostname (config)# failover

interface-policy 20%

Changes the default failover criteria.

When specifying a specific number of interfaces, the num argument can be
from 1 to 250.

When specifying a percentage of interfaces, the num argument can be from
1 to 100.