Re: How can I config Port-channel from ASA to Core Switch and assign I

NetworkRookie · ‎09-21-2022

I've got 2 ASA and 2 Core Switch stacked. How can I config Port-channel from ASA to Core Switch and assign IP to Port-Channel of ASA, Coreswitch. Look like gateway will be .1 in core and .2 in ASA.
From ASA1, I already used 4 ports from g1/1 - g1/4 for port-channel and g1/1-2 from ASA2
here my config:
Core:

Vlan 101

vlan 102

int range g1/0/45-48

channel-group 1 mode on

int po1

sw trunk encaps dot1q

sw trunk native vlan 101

sw mode trunk

int range g1/0/43-44

channel-group 2 mode on

int po2

sw trunk encaps dot1q

sw trunk native vlan 102

sw mode trunk

ASA1:

int g1/1

no sh

channel-group 1 mode on

int g1/2

no sh

channel-group 1 mode on

int g1/3

no sh

channel-group 1 mode on

int g1/4

no sh

channel-group 1 mode on

int po1.101

vlan 101

ip add 10.1.0.2 255.255.255.248

no sh

nameif Inside

security-level 100

ASA2:

int g1/1

no sh

channel-group 2 mode on

int g1/2

no sh

channel-group 2 mode on

int po2.102

vlan 102

ip add 10.2.0.2 255.255.255.248

security-level 50

nameif Internal

and here are subnets for 2 vlan: vlan 101: 10.1.0.0/29 vlan 102: 10.2.0.0/29

marce1000 · ‎09-21-2022

>... How can I config Port-channel from ASA to Core Switch and assign IP to Port-Channel

You can't assign an IP address to a layer2 interface , only to Vlan(SVI)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

NetworkRookie · ‎09-23-2022

Light me.
As you said. I can assign IP to int vlan 101 and vlan 102 in CoreSW, so how can I switch int po1 and int po2 access to vlan 101 and 102?
I've read about Cisco ASA 5506 and higher removed vlan, so I can Switch port access to vlan in ASA5506