Accepted Solutions
Hi,
Personally I do not see this as a major issue, we see scenarios where all four interfaces of an ASA are tied in one port channel and then sub interface concept is being used. So i would say there is no major issue that you are going to face because of this setup.
In regards to best practices, Cisco only shares guidelines which are mentioned below :
EtherChannel Guidelines
•
You can configure up to 48 EtherChannels.
•Each channel group can have eight active interfaces. Note that you can assign up to 16 interfaces to a channel group. While only eight interfaces can be active, the remaining interfaces can act as standby links in case of interface failure.
•All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed.
•The device to which you connect the ASA EtherChannel must also support 802.3ad EtherChannels; for example, you can connect to the Catalyst 6500 switch.
•The ASA does not support LACPDUs that are VLAN-tagged. If you enable native VLAN tagging on the neighboring switch using the Cisco IOS vlan dot1Q tag nativecommand, then the ASA will drop the tagged LACPDUs. Be sure to disable native VLAN tagging on the neighboring switch. In multiple context mode, these messages are not included in a packet capture, so you cannot diagnose the issue effectively.
•The ASA does not support connecting an EtherChannel to a switch stack. If the ASA EtherChannel is connected cross stack, and if the Master switch is powered down, then the EtherChannel connected to the remaining switch will not come up.
•All ASA configuration refers to the logical EtherChannel interface instead of the member physical interfaces.
•You cannot use a redundant interface as part of an EtherChannel, nor can you use an EtherChannel as part of a redundant interface. You cannot use the same physical interfaces in a redundant interface and an EtherChannel interface. You can, however, configure both types on the ASA if they do not use the same physical interfaces.
•You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
-
Pulkit
Hi,
Personally I do not see this as a major issue, we see scenarios where all four interfaces of an ASA are tied in one port channel and then sub interface concept is being used. So i would say there is no major issue that you are going to face because of this setup.
In regards to best practices, Cisco only shares guidelines which are mentioned below :
EtherChannel Guidelines
•You can configure up to 48 EtherChannels.
•Each channel group can have eight active interfaces. Note that you can assign up to 16 interfaces to a channel group. While only eight interfaces can be active, the remaining interfaces can act as standby links in case of interface failure.
•All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed.
•The device to which you connect the ASA EtherChannel must also support 802.3ad EtherChannels; for example, you can connect to the Catalyst 6500 switch.
•The ASA does not support LACPDUs that are VLAN-tagged. If you enable native VLAN tagging on the neighboring switch using the Cisco IOS vlan dot1Q tag nativecommand, then the ASA will drop the tagged LACPDUs. Be sure to disable native VLAN tagging on the neighboring switch. In multiple context mode, these messages are not included in a packet capture, so you cannot diagnose the issue effectively.
•The ASA does not support connecting an EtherChannel to a switch stack. If the ASA EtherChannel is connected cross stack, and if the Master switch is powered down, then the EtherChannel connected to the remaining switch will not come up.
•All ASA configuration refers to the logical EtherChannel interface instead of the member physical interfaces.
•You cannot use a redundant interface as part of an EtherChannel, nor can you use an EtherChannel as part of a redundant interface. You cannot use the same physical interfaces in a redundant interface and an EtherChannel interface. You can, however, configure both types on the ASA if they do not use the same physical interfaces.
•You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
-
Pulkit
