本記事ではCisco ASA for Firepower 2100 シリーズのEtherChannel(PortChannel) の設定や関連情報の確認方法についてご紹介します。
* 本記事は2019年1月23日現在の情報を元に作成しています。正式なドキュメントが公開されている場合は、そちらをご確認ください。
* 本記事はFirepower2100-ASA(FXOS:2.2.2.100 ASA: 9.8.3.11) で確認しています。
なお、EtherChannelの設定方法等については下記URLをご確認下さい。
2.設定確認コマンド
ASA for Firepower2100 シリーズでは、主にFXOSのCLIからEtherchannelの設定確認コマンドを実施します。
以下がFXOSにて情報を出力するための show コマンドと、その出力例になります。
2-1. show portchannel summary
firepower-2110# connect local-mgmt
firepower-2110(local-mgmt)#
firepower-2110(local-mgmt)# show portchannel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(U) Eth LACP Eth1/3(P) Eth1/4(P)
2-2. show portchannel load-balance
firepower-2110(local-mgmt)# show portchannel load-balance
PortChannel Load-Balancing Configuration:
src-dst ip-l4port
PortChannel Load-Balancing Configuration Used Per-Protocol:
Non-IP: src-dst mac
IP: src-dst ip-l4port
2-3. show lacp counters
firepower-2110(local-mgmt)# show lacp counters
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
Channel group: 1
Eth1/3 62 57 0 0 0 0 0
Eth1/4 63 59 0 0 0 0 0
2-4. show lacp neighbor
firepower-2110(local-mgmt)# show lacp neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group: 1
Partner (internal) information:
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/3 32768,acf2.c53a.1080 0x10a 4 s SA
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3d
Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes
Collecting: Distributing: Defaulted: Expired:
Yes Yes No No
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/4 32768,acf2.c53a.1080 0x10b 0 s SA
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3d
Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes
Collecting: Distributing: Defaulted: Expired:
Yes Yes No No
2-5. show lacp sys-id
firepower-2110(local-mgmt)# show lacp sys-id
32768, d4c9.3cc0.e013
2-6. show detail expand
"show detail expand" コマンドは上記showコマンドとは異なり、設定したport-channel id の情報を表示できます。
firepower-2110# scope eth-uplink
firepower-2110 /eth-uplink # scope fabric a
firepower-2110 /eth-uplink/fabric # scope port-channel 1
firepower-2110 /eth-uplink/fabric/port-channel # show detail expand
Port Channel:
Port Channel Id: 1
Name: Port-channel1
Port Type: Data
Description:
Admin State: Enabled
Oper State: Up
Auto negotiation: Yes
Speed: 1 Gbps
Duplex: Full Duplex
Oper Speed: 1 Gbps
Band Width (Gbps): 2
State Reason: Up
flow control policy: default
LACP policy name: default
oper LACP policy name: org-root/lacp-default
Lacp Mode: Active
Inline Pair Admin State: Enabled
Inline Pair Peer Port Name:
Member Port:
Port Name: Ethernet1/3
Membership: Up
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current Task:
Port Name: Ethernet1/4
Membership: Up
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current Task:
3.ASA での確認方法
ASAでは"show interface channel detail" コマンドで設定されているport-channel の情報を確認できます。
3-1.show interface channel detail
FPR2110-ASA# show interface channel detail
Interface Port-channel1 "channel", is up, line protocol is up
Hardware is EtherSVI, BW 2000 Mbps, DLY 1000 usec
MAC address d4c9.3cc0.e02d, MTU 1500
IP address unassigned
Traffic Statistics for "channel":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 25
Interface config status is active
Interface state is active
また、特定のport-channel id だけを確認されたい場合は、"show interface port-channel x" コマンドでも確認可能です。
4.参考