Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2034
Views
5
Helpful
6
Replies

ASA cluster with non Cisco switches

Gianluca Renzi
Level 1
Level 1

‎04-29-2015 05:55 AM - edited ‎03-11-2019 10:51 PM

I'm trying to figure out if it is possible to configure an ASA cluster (with spanned etherchannel) when the firewalls connect to third party switches configured as a single virtual switch (similar to VSS but not VSS). Since the spanned portchannel "speaks" LACP on the ASA side, is it enough that the virtual switch supports LACP on his side to form such a portchannel?

If, conversely, we connect the ASAs to Cisco switches in VSS, the option "vss-id 1" or "vss-id 2" on the etherchannel configuration is only required when each node (each ASA firewall in the cluster) binds two interfaces to the VSS, one to one switch e the other to the second switch, in the same portchannel?

On this page, it is said that compatible switches are the following: Cisco Nexus 9500|9300|7000|5000, Catalyst 6800|6500|3750-X. Are the Cisco Catalyst 4500-X unsupported? Catalyst 4500-X support VSS, while, as far as I know, 3750-X don't.

 

Thank you in advance,

Gianluca

3 people had this problem
Labels:
0 Helpful
6 Replies 6

Przemyslaw Konitz
Level 1
Level 1

‎09-23-2015 03:04 AM

hi,

have u found any answer? I especialy interested in 4500-X platform.

 

regards

Przemek

0 Helpful

ashley_dew
Level 1
Level 1
In response to Przemyslaw Konitz

‎09-29-2015 08:50 AM

Not sure with Vss 4500x. But tried with 3850 stack and it works. Supposed issue with spanned etherchannel lacp will not mount upon failure of one switch and break cluster did not happen.

tested it and 3850 is not in cisco list. Will teat with a cisco 2960x stack which is agggregating links. Let us know for the 4500x would like to know the results.

michaelzhq
Level 2
Level 2
In response to ashley_dew

‎01-06-2016 08:41 AM

4500-X is supported now. Did you have a chance to test the cluster with 2960x switch?

Thanks,

Michael

0 Helpful

ashley_dew
Level 1
Level 1
In response to michaelzhq

‎01-07-2016 10:42 AM

Hi,

I have tested with a cisco switch 2960x and it works fine.

Is there an official doc or source from cisco that Cisco 4500x is supported for asa cluster?

0 Helpful

michaelzhq
Level 2
Level 2
In response to ashley_dew

‎01-07-2016 01:58 PM

I found 4500 in the document below:

http://d2zmdbbm9feqrf.cloudfront.net/2015/usa/pdf/BRKSEC-3032.pdf

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-137822

0 Helpful

MARTIN HUERTER
Level 1
Level 1
In response to Przemyslaw Konitz

‎09-30-2015 12:30 PM

Przemek,

 

I did not find an answer and I have abandoned the idea of deploying them in a cluster.

 

Sorry I wasn't much help.

 

Martn

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card