FO 必要条件
硬件需求:相同硬件型号、相同数量和类型的接口、相同类型SSM模块、相同内存
软件需求:相同的操作模式、相同的主版本和子版本
授权需求:不必一模一样的授权,只需要FO授权即可
部署模式
无状态化的FO:
仅仅只提供硬件冗余
当切换发生时,所有已经建立的状态话跟踪的连接都将被丢弃
用户必须重新建立连接
状态化的FO:
护展了无状态化FO的功能
提供了硬件和状态话表项的冗余
故障切换期间,连接依旧保持
用户没必要重新建立连接
在两个设备之间需要一个状态化链路(是LAN-FO链路之外的另外一条链路)
案例
switch
vIOS7
interface GigabitEthernet0/0
ip address 202.100.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 202.100.1.10
vIOS8
interface GigabitEthernet0/0
ip address 10.1.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.1.1.10
ASA16
hostname ASA1
!
no cluster interfgace-mode
!
interface GigabitEthernet0
nameif outside
security-level 0
ip address 202.100.1.10 255.255.255.0 standby 202.100.1.20
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 10.1.1.10 255.255.255.0 standby 10.1.1.20
!
interface GigabitEthernet2
description LAN Failover Interface
!
interface GigabitEthernet3
description STATE Failover Interface
!
failover lan unit primary
failover lan interface FO GigabitEthernet2
failover key *****
failover link stateful GigabitEthernet3
failover interface ip FO 192.168.1.10 255.255.255.0 standby 192.168.1.20
failover
!
failover interface ip stateful 192.168.2.10 255.255.255.0 standby 192.168.2.20
ASA17
!
interface GigabitEthernet2
no shutdown
!
no cluster interfgace-mode
!
failover lan unit secondary
failover lan interface FO GigabitEthernet2
failover key cisco
failover link stateful GigabitEthernet3
failover interface ip FO 192.168.1.10 255.255.255.0 standby 192.168.1.20
failover interface ip stateful 192.168.2.10 255.255.255.0 standby 192.168.2.20
failover