• はじめに

• ASA CLIでのChannel-groupの設定

• FXOS CLIに移行

• FXOS CLIでのPort-channelステータスの確認

• 参考情報

はじめに

ASA9.13(1)リリース以降のFirepower 1000および2100シリーズにはアプライアンスモードがサポートされています。アプライアンスモードについて、以下の資料にご参考ください。

Firepower1000/2100シリーズ: ASA アプライアンスモードの概要紹介
https://community.cisco.com/t5/-/-/ta-p/4319018

アプライアンスモードにはプラットフォームモードと違い、すべてのインターフェースの設定はASA CLI にて設定ことができます。しかし、アプライアンスモードのASA CLIには、「show port-cahnnel summary」のコマンドを使うことができなく、FXOS CLIに移行してから確認することができます。

なお、本ドキュメントは、Firepower1010 を用いて、ASA 9.14.2.15バージョンで検証しております。

ASA CLIでのChannel-groupの設定

ASA CLIには、以下のように Channel-groupの設定ができます。

ASA(config)# interface ethernet 1/2
ASA(config-if)# channel-group 3 mode ?            

interface mode commands/options:
  active  Enable LACP unconditionally               
  on      Enable static port-channel                
ASA(config-if)# channel-group 3 mode on 
INFO: security-level, delay, IP address, cts manual, bfd and fail-open configuration are cleared on Ethernet1/2.
ASA(config-if)# no shutdown
ASA(config-if)# interface ethernet 1/3                
ASA(config-if)# channel-group 3 mode on           
INFO: security-level, delay, IP address, cts manual, bfd and fail-open configuration are cleared on Ethernet1/3.
ASA(config-if)# no shutdown

ASA(config)# interface port-channel 3
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# ip address 10.20.30.1 255.255.255.0
ASA(config-if)# no shutdown 

ASA CLIに、「show port-channel summary」と「show lacp」のコマンドで、以下の出力が確認できます。

ASA# show port-channel summary
Port-Channel related information is available via FXOS.  
Please use "connect fxos admin" to connect to FXOS.      

ASA# show lacp 
LACP related information is available via FXOS.         
Please use "connect fxos admin" to connect to FXOS.   

そのため、FXOS CLIに移行して確認することが必要となります。

FXOS CLIに移行

"Connect fxos admin"により、FXOS CLIに移行することができます。

ASA(config)# connect fxos admin
Configuring session.
Connecting to FXOS.
...
Connected to FXOS. Escape character sequence is 'CTRL-^X'.

NOTICE: You have connected to the FXOS CLI with admin privileges.
Config commands and commit-buffer are not supported in appliance mode.



Cisco Firepower Extensible Operating System (FX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2019, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license.

Certain components of this software are licensed under the "GNU General Public
License, version 3" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU General Public
License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU LESSER GENERAL
PUBLIC LICENSE, version 3" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU LESSER GENERAL PUBLIC LICENSE" Version 3", available here:
http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for
details.

Certain components of this software are licensed under the "GNU Lesser General
Public License, version 2.1" provided with ABSOLUTELY NO WARRANTY under the
terms of "GNU Lesser General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual
(''Licensing'') for details.

Certain components of this software are licensed under the "GNU Library General
Public License, version 2" provided with ABSOLUTELY NO WARRANTY under the terms
of "GNU Library General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual
(''Licensing'') for details.

firepower-1010#
firepower-1010#

FXOS CLIでのPort-channelステータスの確認

FXOS CLIにアクセスできたら、Local-mgmtモードに入り、以下のようにPort-channelのステータスを確認することができます。

firepower-1010# connect local-mgmt
Warning: network service is not available when entering 'connect local-mgmt'

firepower-1010(local-mgmt)# show portchannel summary
Flags:  D - Down        P - Up in port-channel (members)
I - Individual  H - Hot-standby (LACP only)
s - Suspended   r - Module-removed
S - Switched    R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
3     Po3(U)      Eth       ON        Eth1/2(P)    Eth1/3(P)    

firepower-1010(local-mgmt)# show lacp            
counters lacp traffic 
internal lacp internal 
neighbor lacp neighbor 
sys-id lacp sys-id 

参考情報

Cisco ASA シリーズ 9.13(x) リリースノート
https://www.cisco.com/c/ja_jp/td/docs/security/asa/asa913/release/notes/asarn913.html

Cisco Firepower 2100 スタートアップガイド

https://www.cisco.com/c/ja_jp/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/asa-platform.html