topic ASA , 3750 Switch stack ,Etherchanel cross-stack and HA in Network Security https://community.cisco.com/t5/network-security/asa-3750-switch-stack-etherchanel-cross-stack-and-ha/m-p/2492164#M268965 <P style="margin: 0cm; margin-bottom: .0001pt;">Hi Guys,</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">I have run into a scenario where there they use a switch stack of four 3750’s and two ASA 5540 in Active-stanby HA Pair.</P><P style="margin: 0cm 0cm 0.0001pt;">ASA's are connected with 4 interfaces across stack (1 interface to each switch).</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">1 Etherchannels (4 ports) is configured between ASA and switch. All vlans are terminated on ASA as a subiterfaces.</P><P>somehting like:</P><P></P><P>Port-channell1</P><P>no ip address</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">Port-channell1.10</P><P style="margin: 0cm 0cm 0.0001pt;">vlan 10</P><P style="margin: 0cm 0cm 0.0001pt;">ip address 192.168.10.1 255.255.255.0 stanby 192.168.10.2</P><P></P><P>Port-channell1.20</P><P style="margin: 0cm 0cm 0.0001pt;">vlan 10</P><P style="margin: 0cm 0cm 0.0001pt;">ip address 192.168.20.1 255.255.255.0 stanby 192.168.20.2 </P><P></P><P style="margin: 0cm 0cm 0.0001pt;">..and so on..</P><P></P><P></P><P style="margin: 0cm 0cm 0.0001pt;">There is about different 60-70 vlans currently terminated on ASA.</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">We found a problem with failover testing:</P><P style="margin: 0cm 0cm 0.0001pt;">When we test the failover and fail manually with “failover active” command, </P><P></P><P style="margin: 0cm 0cm 0.0001pt;">It looks like only 29 vlans can fail to backup ASA instantly , the rest can take up to 5 min.</P><P style="margin: 0cm; margin-bottom: .0001pt;">Is there a limitation for ASA or 3750 etherchannel&nbsp; in this scenario why it would not failover instantly for all vlans ?</P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">Thanks</P><P style="margin: 0cm; margin-bottom: .0001pt;">Martin</P> Tue, 12 Mar 2019 03:51:06 GMT bufycisco77 2019-03-12T03:51:06Z ASA , 3750 Switch stack ,Etherchanel cross-stack and HA https://community.cisco.com/t5/network-security/asa-3750-switch-stack-etherchanel-cross-stack-and-ha/m-p/2492164#M268965 <P style="margin: 0cm; margin-bottom: .0001pt;">Hi Guys,</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">I have run into a scenario where there they use a switch stack of four 3750’s and two ASA 5540 in Active-stanby HA Pair.</P><P style="margin: 0cm 0cm 0.0001pt;">ASA's are connected with 4 interfaces across stack (1 interface to each switch).</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">1 Etherchannels (4 ports) is configured between ASA and switch. All vlans are terminated on ASA as a subiterfaces.</P><P>somehting like:</P><P></P><P>Port-channell1</P><P>no ip address</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">Port-channell1.10</P><P style="margin: 0cm 0cm 0.0001pt;">vlan 10</P><P style="margin: 0cm 0cm 0.0001pt;">ip address 192.168.10.1 255.255.255.0 stanby 192.168.10.2</P><P></P><P>Port-channell1.20</P><P style="margin: 0cm 0cm 0.0001pt;">vlan 10</P><P style="margin: 0cm 0cm 0.0001pt;">ip address 192.168.20.1 255.255.255.0 stanby 192.168.20.2 </P><P></P><P style="margin: 0cm 0cm 0.0001pt;">..and so on..</P><P></P><P></P><P style="margin: 0cm 0cm 0.0001pt;">There is about different 60-70 vlans currently terminated on ASA.</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">We found a problem with failover testing:</P><P style="margin: 0cm 0cm 0.0001pt;">When we test the failover and fail manually with “failover active” command, </P><P></P><P style="margin: 0cm 0cm 0.0001pt;">It looks like only 29 vlans can fail to backup ASA instantly , the rest can take up to 5 min.</P><P style="margin: 0cm; margin-bottom: .0001pt;">Is there a limitation for ASA or 3750 etherchannel&nbsp; in this scenario why it would not failover instantly for all vlans ?</P><P></P><P style="margin: 0cm; margin-bottom: .0001pt;">Thanks</P><P style="margin: 0cm; margin-bottom: .0001pt;">Martin</P> Tue, 12 Mar 2019 03:51:06 GMT https://community.cisco.com/t5/network-security/asa-3750-switch-stack-etherchanel-cross-stack-and-ha/m-p/2492164#M268965 bufycisco77 2019-03-12T03:51:06Z ASA , 3750 Switch stack ,Etherchanel cross-stack and HA https://community.cisco.com/t5/network-security/asa-3750-switch-stack-etherchanel-cross-stack-and-ha/m-p/2492165#M268966 <HTML><HEAD></HEAD><BODY><P>sory mistake there :</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">Port-channell1.20</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0cm 0cm 0.0001pt; font-family: Arial, verdana, sans-serif;">vlan 20</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0cm 0cm 0.0001pt; font-family: Arial, verdana, sans-serif;">ip address 192.168.20.1 255.255.255.0 stanby 192.168.20.2</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; margin: 0cm 0cm 0.0001pt; font-family: Arial, verdana, sans-serif;">Martin</P></BODY></HTML> Thu, 27 Feb 2014 13:49:22 GMT https://community.cisco.com/t5/network-security/asa-3750-switch-stack-etherchanel-cross-stack-and-ha/m-p/2492165#M268966 bufycisco77 2014-02-27T13:49:22Z