구매 혹은 리뉴얼하기
구매 혹은 리뉴얼하기
취소
제안사항 사용
다음에 대한 결과 표시 
다음에 대한 검색 
다음을 의미합니까? 
cancel
토론 시작하기
Bookmark
|
Subscribe
|
402
VIEWS
3
Helpful
5
답글

Configure portchannels on routers and ASAv

솔루션으로 이동
SilverAfter
Level 1
Level 1

날짜: ‎12-26-2024 08:08 PM

You used BVI on the router to bundle two interfaces into one interface, and now you need to configure them as one network using portchannel on the ASAv.
However, the ASAv must function as a failover.
Below is the topology and the configuration of the routers.스크린샷 2024-12-26 194918.png

interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
media-type rj45
bridge-group 1

!

interface GigabitEthernet0/4
no ip address
shutdown
duplex auto
speed auto
media-type rj45
bridge-group 1

!

interface BVI1
ip address 114.141.24.1 255.255.255.252

!

 

레이블:
0 Helpful
1 채택된 솔루션

채택된 솔루션

솔루션으로 이동
MHM Cisco World
VIP
VIP
SilverAfter에 대한 응답

‎12-26-2024 09:22 PM - 편집 ‎12-26-2024 09:32 PM

You can NOT config it as PO since the FW is HA active/standby 

this only work for FW cluster 

Screenshot (229).png

MHM

원본 게시물의 솔루션 보기

5 응답 5

솔루션으로 이동
MHM Cisco World
VIP
VIP

날짜: ‎12-26-2024 08:21 PM

Sorry what is Q here.

MHM

0 Helpful

솔루션으로 이동
SilverAfter
Level 1
Level 1
MHM Cisco World에 대한 응답

날짜: ‎12-26-2024 09:15 PM

PUB-R2's interfaces g0/2 and g0/4 are grouped together as BVI to make them a single interface.
On the other side, we want to group G0/0 of FW1 and 2 into one interface.

솔루션으로 이동
MHM Cisco World
VIP
VIP
SilverAfter에 대한 응답

‎12-26-2024 09:22 PM - 편집 ‎12-26-2024 09:32 PM

You can NOT config it as PO since the FW is HA active/standby 

this only work for FW cluster 

Screenshot (229).png

MHM

솔루션으로 이동
SilverAfter
Level 1
Level 1
MHM Cisco World에 대한 응답

날짜: ‎12-27-2024 08:57 AM

That's not possible Thanks.

0 Helpful

솔루션으로 이동
Flavio Miranda
VIP
VIP

날짜: ‎12-26-2024 09:20 PM

@SilverAfter 

"If you use the ASA device in an Active/Standby failover deployment, then you need to create separate EtherChannels on the switches in the VSS/vPC, one for each ASA device. On each ASA deivce, a single EtherChannel connects to both switches. Even if you could group all switch interfaces into a single EtherChannel connecting to both ASA devices (in this case, the EtherChannel will not be established because of the separate ASA system IDs), a single EtherChannel would not be desirable because you do not want traffic sent to the standby ASA device. "

Here what Cisco says. You should not add a port-channel on both active and standby firewall because the traffic will be load balanced between them and you should not receive traffic on the firewall in standby mode.

빠른 링크

커뮤니티를 보다 손쉽게 둘러보실 수 있는 빠른 링크를 사용해보세요

문서 게시 또는 검색 아이디어 및 뉴스 공유 기술 관련 비디오 게시 또는 보기
Customers Also Viewed These Support Documents
상위