本記事ではCisco ASA for Firepower 2100 シリーズのEtherChannel(PortChannel) の設定や関連情報の確認方法についてご紹介します。
* 本記事は2019年1月23日現在の情報を元に作成しています。正式なドキュメントが公開されている場合は、そちらをご確認ください。
*  本記事はFirepower2100-ASA(FXOS:2.2.2.100 ASA: 9.8.3.11) で確認しています。

 
なお、EtherChannelの設定方法等については下記URLをご確認下さい。
 
<Cisco ASA for Firepower 2100 シリーズ スタートアップ ガイド>

https://www.cisco.com/c/ja_jp/td/docs/security/asa/quick_start/fp2100/asa-2100-gsg/asa-2100-gsg_chapter_00.html

2.設定確認コマンド 

ASA for Firepower2100 シリーズでは、主にFXOSのCLIからEtherchannelの設定確認コマンドを実施します。
以下がFXOSにて情報を出力するための show コマンドと、その出力例になります。

2-1. show portchannel summary

firepower-2110# connect local-mgmt
firepower-2110(local-mgmt)#
firepower-2110(local-mgmt)# show portchannel summary
Flags:  D - Down        P - Up in port-channel (members)
I - Individual  H - Hot-standby (LACP only)
s - Suspended   r - Module-removed
S - Switched    R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------

1     Po1(U)      Eth      LACP      Eth1/3(P)    Eth1/4(P)

2-2. show portchannel load-balance

firepower-2110(local-mgmt)# show portchannel load-balance
PortChannel Load-Balancing Configuration:
        src-dst ip-l4port
PortChannel Load-Balancing Configuration Used Per-Protocol:
Non-IP: src-dst mac
   IP: src-dst ip-l4port

2-3. show lacp counters

firepower-2110(local-mgmt)# show lacp counters

             LACPDUs         Marker      Marker Response    LACPDUs
Port       Sent   Recv     Sent   Recv    Sent    Recv      Pkts Err
---------------------------------------------------------------------
Channel group: 1
Eth1/3     62     57       0      0        0      0         0
Eth1/4     63     59       0      0        0      0         0

2-4. show lacp neighbor

firepower-2110(local-mgmt)# show lacp neighbor

Flags:  S - Device is requesting Slow LACPDUs
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode

Channel group: 1

Partner (internal) information:

          Partner                 Partner                       Partner
Port      System ID             Port Number     Age         Flags
Eth1/3    32768,acf2.c53a.1080  0x10a           4  s        SA


          LACP Partner           Partner           Partner
          Port Priority        Oper Key        Port State
          32768                0x1             0x3d

          Port State Flags Decode:
          Activity:   Timeout:   Aggregation:   Synchronization:
          Active      Short      Yes            Yes

          Collecting:   Distributing:   Defaulted:   Expired:
          Yes           Yes             No           No

          Partner                 Partner                       Partner
Port      System ID             Port Number     Age         Flags
Eth1/4    32768,acf2.c53a.1080  0x10b           0  s        SA


          LACP Partner           Partner           Partner
          Port Priority        Oper Key        Port State
          32768                0x1             0x3d

          Port State Flags Decode:
          Activity:   Timeout:   Aggregation:   Synchronization:
          Active      Short      Yes            Yes

          Collecting:   Distributing:   Defaulted:   Expired:
          Yes           Yes             No           No

2-5. show lacp sys-id

firepower-2110(local-mgmt)# show lacp sys-id
32768, d4c9.3cc0.e013

2-6. show detail expand

"show detail expand" コマンドは上記showコマンドとは異なり、設定したport-channel id の情報を表示できます。

firepower-2110# scope eth-uplink
firepower-2110 /eth-uplink # scope fabric a
firepower-2110 /eth-uplink/fabric # scope port-channel 1
firepower-2110 /eth-uplink/fabric/port-channel # show detail expand
Port Channel:
    Port Channel Id: 1
    Name: Port-channel1
    Port Type: Data
    Description:
    Admin State: Enabled
    Oper State: Up
    Auto negotiation: Yes
    Speed: 1 Gbps
    Duplex: Full Duplex
    Oper Speed: 1 Gbps
    Band Width (Gbps): 2
    State Reason: Up
    flow control policy: default
    LACP policy name: default
    oper LACP policy name: org-root/lacp-default
    Lacp Mode: Active
    Inline Pair Admin State: Enabled
    Inline Pair Peer Port Name:

    Member Port:
        Port Name: Ethernet1/3
        Membership: Up
        Oper State: Up
        State Reason: Up
        Ethernet Link Profile name: default
        Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
        Udld Oper State: Unknown
        Current Task:

        Port Name: Ethernet1/4
        Membership: Up
        Oper State: Up
        State Reason: Up
        Ethernet Link Profile name: default
        Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
        Udld Oper State: Unknown
        Current Task:

3.ASA での確認方法

ASAでは"show interface channel detail" コマンドで設定されているport-channel の情報を確認できます。

3-1.show interface channel detail

FPR2110-ASA# show interface channel detail
Interface Port-channel1 "channel", is up, line protocol is up
  Hardware is EtherSVI, BW 2000 Mbps, DLY 1000 usec
    MAC address d4c9.3cc0.e02d, MTU 1500
    IP address unassigned
  Traffic Statistics for "channel":
    0 packets input, 0 bytes
    0 packets output, 0 bytes
    0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
    Interface number is 25
    Interface config status is active
    Interface state is active

また、特定のport-channel id だけを確認されたい場合は、"show interface port-channel x" コマンドでも確認可能です。