Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are trying to configure an ASA cluster with two 5585s (using the new clustering feature in release 9.0) connected to Nexus 7K. The documentation calls for creating a cluster port-channel and a data port-channel with . The cluster port channel is a...
I have a pair of ASA 5585s that I've configured in a cluster.FWL1# sho cluster infoCluster HQASA: On Interface mode: spanned This is "FWL1" in state MASTER ID : 0 Version : 9.0(2) Serial No.: <removed> CCL I...
I have an ASA 5585 in transparent mode, multi-context. It seems that the option to configure a BVI in one of the traffic contexts isn't there. In other words, while I see the option to configure a bridge group interface in the admin context, no such ...
I've seen Cisco documentation recommendation transparent mode for firewall deployment in the data center, e.g. 5585X. I understand the key reasons for this are:- easy "insertion" of firewall in pre-existing network- speed (since there is no "hair-pin...
We saw a warning message in our ACS:Cause:active sessions are over limit Details: session is over 250000While other discussion threads say that this is a bug (which has been closed), we investigated and found that an account associated with CSM Cisco...
It's been a while since there was any activity on this thread. I was able to track down this problem. It turned out that this was related to ASA not supporting native VLAN tagging on etherchannels. Once we disabled native vlan tagging on the nexus (...
I think I figured it out. It seems that when you create a context, it is created in routed mode by default. So you have to explicitly go in and change it to transparent mode. Then the BVI interface shows up of course.
Thanks. Does anyone have any insight into why Cisco limits the number of bridge-groups in transparent mode to 8? And I don't think this is a licensed feature (so you can't increase that number either). Can't be due to hardware limitations...especial...
It seems that the following command seemed to do the trick for us:dot1x guest-vlan supplicantBasically, even though I had the guest VLAN specified at the interface level, until I entered the above command at the global level, the client (that has no ...
