ASA Pro Tip — A Better Prompt

The Cisco ASA FW has a simple and robust failover mechanism. It works so well that sometimes an administrator may not realize that the load has moved from the primary device to the secondary device. When connecting to the IP address, the primary IP address for the interface follows the active unit. So it is even possible to be logged in to a different Firewall than the administrator thinks they are in.

This can easily be determined by doing a show failover.  In the output, it is easy to see if the unit is the Primary or Secondary (configured state) and Active or Standby (operational state). Since the ASA Failover is not preemptive, any glitch moving the load to standby will result in the load remaining there (unless there is a subsequent failure or manual failback).

Given the fact that I am a huge fan of situational awareness, I like to reflect the state in the CLI prompt. This is a simple configuration change.

asav-1# 
asav-1# conf t
asav-1(config)# prompt hostname priority state 
asav-1/pri/act(config)# exit
asav-1/pri/act# 

As can be seen above, a simple configuration change results in the ASA displaying its hostname, configured priority and operational state.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to ASA Pro Tip — A Better Prompt

  1. My friend @aconaway made a very good point via twitter. If you are using multi-context mode, also leverage “context” in the prompt command as well.

  2. Tom says:

    Pretty cool tip. Thanks!

Comments are closed.