Cisco Systems 535 user service Installing LAN-Based Failover

Chapter 7 PIX 535

Installing LAN-Based Failover

Caution Do not turn the power on until the units are connected and the primary unit is configured completely.

Step 7 Power the primary unit on first, then power on the secondary unit. Within a few seconds, the active unit automatically downloads its configuration to the standby unit.

If the primary unit fails, the secondary unit automatically becomes active.

Note All enabled interfaces must be connected between the active and standby units. Only configure the active unit. On the PIX 535, the active unit is indicated by the ACT LED on the front panel (see Figure 7-1).

Installing LAN-Based Failover

LAN-based failover supports failover between two units connected over a dedicated Ethernet interface. LAN-based failover eliminates the need for a special failover cable and overcomes the distance limitations imposed by the failover cable.

Note Both PIX security appliances must be the same model number, have the same amount of RAM, Flash memory, number and type of interfaces, and be running the same software version.

To set up a LAN-based failover connection, perform the following steps:

Step 1 Disconnect both PIX security appliance, so that there is no traffic flow between them. If the failover cable is connected to the PIX security appliance, disconnect it.

Step 2 Configure the PIX security appliance for LAN-based failover. Refer to the chapter on configuring LAN-based failover in the configuration guide online at:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_configuration_guides_list.html

Step 3 Power off both units.

Step 4 Connect the LAN failover interfaces to the dedicated switch/hub, as shown in Figure 7-6.

Note A dedicated LAN interface and a dedicated switch (or VLAN) is required to implement LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX security appliances.

Cisco PIX Security Appliance Hardware Installation Guide