Showing results for 
Search instead for 
Did you mean: 

Need ASA 9.x Etherchannel example w/ layer 2 switch config

Hello there:

Could anyone please point me to example configurations of Etherchannel on an ASA 9.x, connecting to a layer 2 switch?  I need to see how the switch is configured as well.

Thank you.

Everyone's tags (1)
Hall of Fame Master

It's pretty simple - follow

It's pretty simple - follow these guides:

ASA Configuration

Switch configuration

The second link is for a 4500 series switch but the concept is the same for most Layer 2 Catalyst switches running IOS or IOS-XE.


Hi,I have configured Port


I have configured Port channel with Cisco 2960S switch. Here is the below configuration example. If the answer is correct please Comments.



fw-01# sho port-channel summary

Flags: D - down P - bundled in port-channel

I - stand-alone s - suspended

H - Hot-standby (LACP only)

U - in use N - not in use, no aggregation/nameif

M - not in use, no aggregation due to minimum links not met

w - waiting to be aggregated

Number of channel-groups in use: 1

Group Port-channel Protocol Span-cluster Ports


11 Po11(U) LACP No Gi0/1(P) Gi0/0(P)




interface GigabitEthernet0/0

description *** Connected to CORE-SW-01 ***

channel-group 11 mode passive

no nameif

no security-level

no ip address


interface GigabitEthernet0/1

description *** Connected to CORE-SW-01 ***

channel-group 11 mode passive

no nameif

no security-level

no ip address


interface Port-channel11

description *** Connected to CORE-SW ***

nameif outside

security-level 100

ip address standby




interface Port-channel12

description *** Port-Channel Used for DC-INSIDE-FW-1-IPS***

switchport access vlan 912


interface GigabitEthernet1/0/21

description **** inside Firewall 01 ***

switchport access vlan 912

channel-protocol lacp

channel-group 12 mode active


Please let me know your topology.


Sorry, I should have provided

Sorry, I should have provided more information. We would like to setup VLANs throughout, and within the etherchannel. The ASA 5545 is new, but the stack of Catalyst 3850's won't arrive for a bit. So For the time being, I have to connect the ASA to an existing layer 3 Netgear gsm7328s, which supports ether channel, and a few other layer 3 Foundry switches, 648p units, and an hp Procurve layer 3. The existing setup is messy. Not all traffic would go through the ether channel, but I would like the VLANs to span all the switches if possible. Thank you for the feedback.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards