cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2772
Views
0
Helpful
7
Replies

ASA Port-Channel config

Ramirov
Level 1
Level 1

Hi guys , 

Im trying to configure a port channel beetween ASA (active/stanby) <--> SW 3850.

ASA Config

 

interface GigabitEthernet0/1
channel-group 10 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
channel-group 10 mode active
no nameif
no security-level
no ip address

 

interface Port-channel10
nameif inside
security-level 100
ip address 10.54.119.132 255.255.255.192 standby 10.54.119.190

 

3850 Config. ( 1 port-channel to each ASA)

 

interface Port-channel5
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access

 

interface GigabitEthernet1/0/25
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access
channel-group 5 mode active
!
interface GigabitEthernet1/0/26
description INSIDE-PRIMARIO
switchport access vlan 602
switchport mode access
channel-group 5 mode active

 

!
interface Port-channel15
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access

interface GigabitEthernet2/0/7
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access
channel-group 15 mode active
!
interface GigabitEthernet2/0/8
description INSIDE-SECUNDARIO
switchport access vlan 602
switchport mode access
channel-group 15 mode active

 

I see that the PO comes up without problems , but traffic is not working .

The config is okey??

 

Thanks

 

 

7 Replies 7

your config are ok. can you try to ping from any ip address in range of inside address.

please do not forget to rate.

I cant reach the inside address , I think is a problem of ARP , maybe I have to clear ARP in some switches .

What do you think?

clear arp best is do in change control all arp cache entries will flush. could be  a downtime for a 2 to 3 secounds

please do not forget to rate.

Abheesh Kumar
VIP Alumni
VIP Alumni
Hi,
Is your vlan 602 IP address is from the same range of 192.54.119.128/26, your ASA & Switch side configuration is OK.
Please verify one more PO5 is connected ASA1` & PO 15 is connected to ASA2.

Hope This Helps
Abheesh

Yep, the vlan 602 is assigned to that range 10.54.119.128/26  . Po5 to FW1 and Po15 to Fw2 , I will try again but how this is a production enviroment  I wanted to make sure that the config is Okey

can you confirm the etherchannel are up

!

show etherchannel summary

!

check both side the port channel is up and running. can you ping from your firewall cli inside interface to any ip address in insdie network which is up and running.

please do not forget to rate.

give a output of this command

 

show failover

please do not forget to rate.
Review Cisco Networking for a $25 gift card