cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2197
Views
0
Helpful
9
Replies

Ether-Channel

Senbonzakura
Level 1
Level 1

Is it possible to configure Ether-Channel on an ASA Firewall, and if so how? Also, is it worth it? Looking for Redundancy 

 

For example, having 2-3 Ethernet lines feeding a switch from the ASA. Thoughts on this?

1 Accepted Solution

Accepted Solutions

I do not understand parts of your follow up question. The part that is clear is what other ways. So another way would be to configure multiple interfaces (on an ASA) connecting to multiple interfaces (on switch(es) as EtherChannel and configure it as a trunk carrying multiple vlans (so you could have a vlan for Inside and a vlan for DMZ both carried over the EtherChannel). Another possibility is to configure interfaces on 2 ASA (configured as a failover pair) as Etherchannels connecting to interfaces on switch(es) 

HTH

Rick

View solution in original post

9 Replies 9

Hello,

 

Etherchannel on the ASA is certainly possible. Check the link below for details:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/interface-echannel.html

balaji.bandi
Hall of Fame
Hall of Fame

For link resiliancy always suggested to use link bundle,(for high throughput and link resilinacy)  where possible to get advantage of it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I configured ASA Ether Channel for a customer. They were pleased with how it worked and thought it was well worth doing. It provided quite effective redundancy.

HTH

Rick

That pretty awesome, lets say you have ip address dhcp setroute on the
outside interface then you can configure 3 other inside interfaces with the
same VLAN then 3 ports on the switch to be within the same VLAN then
configure them for Etherchannel and should work pretty well?

That should be one way to do it.

HTH

Rick

Whats another way? Compared to this way and another way, I know one is
without wlans and another with but is the other way better and more
reasonable?

I do not understand parts of your follow up question. The part that is clear is what other ways. So another way would be to configure multiple interfaces (on an ASA) connecting to multiple interfaces (on switch(es) as EtherChannel and configure it as a trunk carrying multiple vlans (so you could have a vlan for Inside and a vlan for DMZ both carried over the EtherChannel). Another possibility is to configure interfaces on 2 ASA (configured as a failover pair) as Etherchannels connecting to interfaces on switch(es) 

HTH

Rick

Thats a good idea, thank you for telling me that. It's greatly appreciated
:) your way seems less complicated haha.

You are welcome. I am glad that my suggestions have been helpful.

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: