cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
2
Replies

Licensing, VLANs, and Clustering on FP4110

sulaimangd
Level 1
Level 1

Hi,

I have the following questions regarding FP4110 running ASA image

Do we need Smartnet Liscenes to Run the ASA Image on FP4110?

 

As far as i recall from ealier dicussions. We cant configure Port Channels on ASA, we need to do that using the FXOS Chassis Manager. Does that alos apply to SVIs we configure on those ports (The Port Channels)  or it can be done using ASA CLI? same Applies to Normal SVI's (without Port Channels)?

 

If we have two FP4110 with ASA running.

What the the Difference between Clustering of FP4110 and HA using ASA?

 

Thanks

Sulaiman

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You need Smartnet although the required licenses are free. You register the chassis via Cisco Smart Software Manager portal and then apply at least an ASA base license.

 

SVIs would be configured via the ASA cli or ASDM, not FCM (Firepower Chassis Manager). That applies whether or not they are under an Etherchannel.

 

Clustering is active-active and increases system capacity as all the units are forwarding traffic. ASA HA is Active-Standby (assuming single context) and only a single ASA is forwarding traffic at a given time.

View solution in original post

2 Replies 2

Hello,

 

 Here the answer for you questioins:

 

Do we need Smartnet Liscenes to Run the ASA Image on FP4110?

Licensing Requirements for the ASA for Firepower 4100

On the ASA for Firepower 4100, Smart Software Licensing configuration is split between the Firepower 4100 and the ASA.

  • Firepower 4100—Configure all Smart Software Licensing infrastructure on the Firepower 4100, including parameters for communicating with the License Authority. The Firepower 4100 itself does not require any licenses to operate.
  • ASA—Configure all license entitlements in the ASA, including the required Standard tier license. Other optional licenses are also available. The Strong Encryption license is automatically enabled for qualified customers when you apply the registration token on the Firepower 4100, so no additional action is required.

Note: For Smart Software Manager satellite deployments, before you can use ASDM (and features such as VPN) you must enable the Strong Encryption (3DES/AES) license by requesting the entitlement within the ASA software. You must perform this task from the ASA CLI, which is accessible from the FXOS CLI. For an evaluation license, you cannot receive a Strong Encryption license.

 

 

 

-------

As far as i recall from ealier dicussions. We cant configure Port Channels on ASA, we need to do that using the FXOS Chassis Manager. Does that alos apply to SVIs we configure on those ports (The Port Channels)  or it can be done using ASA CLI? same Applies to Normal SVI's (without Port Channels)?

 

This is from my ASA:


ASA-LAB(config-if)# channel-group ?

interface mode commands/options:
<1-48> Channel group number
ASA-LAB(config-if)# channel-group 1 ?

interface mode commands/options:
mode Etherchannel Mode of the interface
ASA-LAB(config-if)# channel-group 1 mo
ASA-LAB(config-if)# channel-group 1 mode ?

interface mode commands/options:
active Enable LACP unconditionally
on Enable static port-channel
passive Enable LACP only if a LACP device is detected

 

 ------

If we have two FP4110 with ASA running.

What the the Difference between Clustering of FP4110 and HA using ASA?

The configuration is different but the idea is the same.

 

Marvin Rhoads
Hall of Fame
Hall of Fame

You need Smartnet although the required licenses are free. You register the chassis via Cisco Smart Software Manager portal and then apply at least an ASA base license.

 

SVIs would be configured via the ASA cli or ASDM, not FCM (Firepower Chassis Manager). That applies whether or not they are under an Etherchannel.

 

Clustering is active-active and increases system capacity as all the units are forwarding traffic. ASA HA is Active-Standby (assuming single context) and only a single ASA is forwarding traffic at a given time.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: