Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
4
Helpful
2
Replies

link between 6500 & asa

suthomas1
Level 6
Level 6

‎07-14-2013 09:45 PM - edited ‎03-07-2019 02:23 PM

We have a 6506 as core switch.

It has vlans 100 ( 192.168.100.1/24) & vlan 200 ( 192.168.200.1/24).

An ASA upstream needs to be connected to this 6506. This ASA allows a group of users to connect

to these vlans.

Users will access vlan 100 & 200 on core switch through the ASA.

I understand the configuration between ASA & 6505 needs to be trunk for these vlans to be accessed,

correct me if this is wrong.

We were thinking of using two ports on each side to get a etherchannel or so for increased pipe.

how do i configure the 6506 & ASA side to actually achieve this?

I reckon we will need a layer 3 interface in between to route the traffic.

Appreciate all help on this.

Labels:
0 Helpful
2 Replies 2

Eduardo Aliaga
Level 4
Level 4

‎07-14-2013 11:37 PM

I wouldn't recommend a trunk If you have only two vlans. On the other hand if in the near future you're going to deploy several vlans, then I think the trunk will be necesary.

What version of ASA do you have? ASA supports etherchannel from version 8.4.2

But there are some restrictions when configure etherchannel with an ASA. For example ASA only supports the LACP protocol. The 6500 supports both PagP and LACP to create the etherchannel. For a full list of ASA restrictions please see the following link

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1326437

Here's a sample configuration of ASA etherchannel without trunk.

interface GigabitEthernet0/0

  channel-group 1 mode active

interface GigabitEthernet0/1 

 channel-group 1 mode active

interface Port-channel1

  lacp max-bundle 4 

  port-channel min-bundle 1

  port-channel load-balance dst-ip

  no shut

  nameif CHANNEL

  security-level 100

  ip address 192.168.10.10 255.255.255.0

Here you have another example of ASA and switch etherchannel configuration

http://www.amirmontazeri.com/?p=18

Please rate if this helps

suthomas1
Level 6
Level 6
In response to Eduardo Aliaga

‎07-14-2013 11:49 PM

Thank You.

We are using ver  9.0(2) on ASA. In near future we'll have about 5 vlans to pass through.

Because all server vlans will reside on the 6506.

Management vlan & another application vlan is planned to be located on ASA.

In this scenario, what will be the best way to do the inter-link between 6505 & ASA to pass the traffic properly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card