我有 Cisco ASA 5585 并且它在端口通道中有 10G 接口,我在其中配置了多个 vlan 子接口,是否值得监控每个子接口的故障切换策略或仅监控物理接口?
这里的最佳做法是什么?
接口输出。
asa/pri/act# sh ip
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside 201.201.115.210 255.255.255.248 CONFIG
GigabitEthernet0/3 ilo 172.29.0.1 255.255.0.0 manual
Port-channel1.8 aws_0 169.254.8.1 255.255.255.248 manual
Port-channel1.9 aws_1 169.254.9.1 255.255.255.248 manual
Port-channel1.10 dmz_e 12.10.0.1 255.255.0.0 CONFIG
Port-channel1.11 rip_0 12.11.0.1 255.255.248.0 manual
Port-channel1.12 imp_2 12.12.0.1 255.255.248.0 manual
Port-channel1.20 dmz_int 12.20.0.1 255.255.0.0 CONFIG
Port-channel1.21 imp_1 12.21.0.1 255.255.248.0 manual
Port-channel1.22 imp_3 12.22.0.1 255.255.248.0 manual
Port-channel1.30 inside 12.30.0.1 255.255.0.0 CONFIG
Port-channel1.31 imp_0 12.31.0.1 255.255.248.0 manual
Port-channel1.32 imp_1 12.32.0.1 255.255.248.0 manual
Port-channel1.40 pxe_boot 12.40.0.1 255.255.0.0 CONFIG
Port-channel2 site 12.5.3.1 255.255.248.0 CONFIG
Redundant1 FailoverLink 192.168.100.1 255.255.255.0 unset
故障转移输出。
Last Failover at: 21:13:16 UTC Mar 5 2019
This host: Primary - Active
Active time: 11080100 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (1.3/9.6(3)1) status (Up Sys)
Interface outside (201.201.115.210): Normal (Monitored)
Interface management (0.0.0.0): Link Down (Shutdown)
Interface dmz_e (12.10.0.1): Normal (Monitored)
Interface dmz_i (12.20.0.1): Normal (Monitored)
Interface inside (12.30.0.1): Normal (Monitored)
Interface pxe_boot (12.40.0.1): Normal (Monitored)
Interface rip_0 (10.11.0.1): Normal (Not-Monitored)
Interface site (12.5.3.1): Normal (Monitored)
Interface ilo (172.29.0.1): Normal (Monitored)
Interface aws_0 (169.254.9.1): Normal (Not-Monitored)
Interface aws_1 (169.254.8.1): Normal (Not-Monitored)
Interface imp_0 (12.31.0.1): Normal (Monitored)
Interface imp_1 (12.21.0.1): Normal (Not-Monitored)
Interface imp_2 (12.12.0.1): Normal (Not-Monitored)
Interface imp_3 (12.22.0.1): Normal (Not-Monitored)
Interface imp_4 (12.32.0.1): Normal (Not-Monitored)