cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2328
Views
0
Helpful
6
Replies

ASA 5525-X Clustering and 3750-x stack

Hi support community

i'm making a design which has two ASA 5525-X in cluster connected to a stack of 3750-x by a port-channel. the topology is attached.

I found in the documentation the following statement:

"The ASA does not support connecting an  EtherChannel to a switch stack. If the ASA EtherChannel is connected  cross stack, and if the Master switch is powered down, then the  EtherChannel connected to the remaining switch will not come up. "

however it's no clear for me if my design will work as each ASA will connect to only one Switch. So is the design correct?

thanks in advance 

best regards,

6 Replies 6

Pavel Pokorny
Level 1
Level 1

Hi,

Nobody from Cisco replies?

Documentation here :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_cluster.html#pgfId-1574185

 

Table 8-2 External Hardware and Software Dependencies for ASA Clustering

Catalyst 3750-X, IOS 15.0(2) and later

 

Please make a suggestion, because not everyone is having pair of C6500 or Nexus 5000/7000.

 

Thank you.

 

Hi Pavel, do you have any update? I'm trying to do the same configuration, but as you said, no everyone have a Nexus or C6500.

Thanks.

David

Hello David,

 

Right now, I have no news. But I hope during month I will be able do some labs to confirm behavior of solution.

 

Pavel

Hi everyone!
Has anyone solved this problem?
Please share information.

Hi,

From my point of view it doesn't work (mean clustering with 3750-x) switches in a way I would expect.

I have made tests with 3850 and there are few problems (cluster with cross-switch etherchannel):

- with persistent mac address of stack, when master is only rebooted (can happen), then (after exMaster boot) all traffic stops (you have 2 devices with same mac address). Then you have to reboot whole stack (or just slave).

- if you allow convergence of network (non persistent mac add of stack), then you have outage which cluster of ASA will not survive and you have to manually recover cluster.

 

One way or another, there will be outage.

And what bothers me most is, you have to something to have 100% working solution (as before outage).

 

I am going to continue with Active/Standby scenario (even with half of power useless). But it will be most bullet-proof solution I can get (with this hardware).

 

HTH

 

Pavel

Павел большое спасибо! 

Thank's Pavel! 

Review Cisco Networking for a $25 gift card