View this post via video : Click Here for Video Post 

Interface-Level Redundancy is another new feature introduced in the 8.x version of the ASA/PIX code. In a nutshell, Interface-Level Redundancy is achieved by configuring a logical interface on top of two physical interfaces that reside on the same VLAN. One physical interface passes traffic whilst the other physical interface is in a Standby state. When the Active physical interface fails, traffic fails over to the Standby physical interface and routing adjacencies do not need to be relearned. This failover take less than 500ms, which is faster than possible for full device failover. When a physical interface is assigned as a member of a redundant interface, its configuration is cleared in the same manner as a failover interface. When a physical interface is part of the redundant logical interface group, commands such as ip address, security-level, and nameif are no longer allowed to be configured on the physical interface. This feature in the 8.x version of code allows for a maximum of 8 redundant interface pairs to be configured. The redundant interface is considered in failure state only when both of the underlying physical interfaces are failed. In this case, device level failover will be triggered if it is configured and enabled. More about this feature can be read here: Interface Redundancy 

In order to enable interface redundancy use first must create a new logical interface as follows: 

[no] interface Redundant[1-8]

Next you must assign a physical interface to the redundant interface using the following command: 

[no] member-interface [physical-interface]

Only 2 physical interfaces can be assigned to a redundant interface so you will need to use this command once for each interface you are adding to the redundant config. One thing to keep in mind is that the first interface you add to the redundant interface is considered the active interface. If you want to manually change the status of the standby interface to the active interface, use the following command: 

Redundant-interface [redundant-interface] active-member [member-interface]
 
This forces the [member-interface] to become the active interface for the redundant interface. One last thing that I want to mention is that the two member interfaces can have independent speed & duplex settings but the redundant interface inherits the speed & duplex settings of the active interface. Here is a sample redundant interface configuration:

interface Ethernet0/2 
  no nameif  
  no security-level 
  no ip address
interface Ethernet0/3 
  no nameif  
  no security-level 
  no ip address
interface Redundant1
  member-interface Ethernet0/2 
  member-interface Ethernet0/3 
  nameif Inside 
  security-level 100 
  ip address 192.168.100.80 255.255.255.0
!
!
!
ciscoasa# sh interface redundant 1 detail
Interface Redundant1 “Inside”, is down, line protocol is down
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
MAC address 0018.b9a8.a20a, MTU 1500
IP address 192.168.100.80, subnet mask 255.255.255.0
…..
Redundancy Information:
Member Ethernet0/2(Active), Ethernet0/3
Last switchover at 12:04:10 UTC Oct 29 2007