The ability to configure EtherChannels on ASA models 5510 and above was introduced within 8.4/8.6. An Etherchannel provides a method of aggregating multiple Ethernet links into a single logical channel.
Within this article we will provide the steps required to create an Etherchannel link on the Cisco ASA along with providing the main troubleshooting/show commands.
Below shows the configuration to create am EtherChannel that will act as a trunk with the VLAN 1000 enabled.
interface GigabitEthernet0/1 speed 1000 duplex full channel-group 1 mode active no nameif no security-level no ip address interface GigabitEthernet0/2 speed 1000 duplex full channel-group 1 mode active no nameif no security-level no ip address interface Port-channel1.1000 vlan 1000 nameif INSIDE security-level 100 ip address 172.16.1.1 255.255.255.0
By default when you configure a port channel the port channel will remain up as long as there is one active member interface. Meaning that even if you are monitoring the port-channel if a single link goes down within the bundle it will not trigger a device-level failover.
To ensure a device-level failover occurs in the event of a single member link failure the port-channel min-bundle command is used. Below shows the necessary commands,
monitor-interface port-channel 1.1000 interface port-channel 1.1000 port-channel min-bundle 2
Note : the command monitor-interface only allows you to monitor interfaces that have been configured with nameif. i.e so you can only monitor the portchannel interface rather then each of the member links.
Below shows 2 of the main show commands,
asa/pri/act# sh interface port-channel 1 Interface Port-channel1 "", is up, line protocol is up Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps) Input flow control is unsupported, output flow control is off Available but not configured via nameif MAC address 1c6a.7ac1.3db9, MTU not set IP address unassigned Members in this channel: Active: Gi0/1 Gi0/2 asa/pri/act# sh port-channel 1 Ports: 2 Maxports = 16 Port-channels: 2 Max Port-channels = 48 Protocol: LACP/ active Minimum Links: 1 Maximum Bundle: 8 Load balance: src-dst-ip
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial