cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
922
Views
0
Helpful
2
Replies

Question about switch configure for HA ASA with EtherChannel

SIMMN
Spotlight
Spotlight

Hi,

 

I have a pair of HA ASA and 2960 switch stack (two member). As shown in the rough diagram, I am using Port 1 of each ASA connecting to Port 47 of the switch stack; Port 2 of each ASA connecting to Port 48 of the switch stack. The port-channel is configured as Trunk on ASA with multiple sub-interface for each VLAN. ASA is the gateway for each VLAN and ASA is running 9.8.2 code.

 

My question is: do I configure on etherchannel on switch stack for all four ports like in diagram OR do I configure two etherchannels: one for the ports connecting to Primary ASA and another one for ports connecting to Secondary ASA?

 

If one etherchannel is fine, then my problem is I can not ping the standby IP configured on the port-channel sub-interface. Below is a sample for VLAN 100 on ASA:

interface GigabitEthernet1/1
  channel-group 10 mode active
  no nameif
  no security-level
  no ip address
  no shut
!
interface GigabitEthernet1/2
  channel-group 10 mode active
  no nameif
  no security-level
  no ip address
  no shut
!
interface Port-channel10.100
  vlan 100
  nameif inside-data
  security-level 100
  ip address 192.168.100.254 255.255.255.0 standby 192.168.100.253

 

Here below is the corresponding configure on the SW:

interface Port-channel10
 description Uplink to FW
 switchport mode trunk

!

interface range GigabitEthernet1/0/47-48, Gig2/0/47-48
 description Uplink to FW
 switchport mode trunk
 channel-group 10 mode active

 

I can ping 192.168.100.254 but not the 192.168.100.253.

 

Suggestions?

1 Accepted Solution

Accepted Solutions

Hi.

 

 You need two port-channels. You can´t, as far as I know, split the port-channel and connect to a different device.

 

 

-If I helped you somehow, please, rate it as useful.-

View solution in original post

2 Replies 2

Hi.

 

 You need two port-channels. You can´t, as far as I know, split the port-channel and connect to a different device.

 

 

-If I helped you somehow, please, rate it as useful.-

Okey...the two switches are stacked, not separate switches.

I will try two port-channels on the switch stack tomorrow.
Review Cisco Networking for a $25 gift card