1-25
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Guidelines and Limitations
• On the switch, we recommend that you use one of the following EtherChannel load-balancing
algorithms: source-dest-ip or source-dest-ip-port (see the Nexus OS and IOS port-channel
load-balance command). Do not use a vlan keyword in the load-balance algorithm because it can
cause unevenly distributed traffic to the ASAs in a cluster. Do not change the load-balancing
algorithm from the default on the ASA (in the port-channel load-balance command).
• If you change the load-balancing algorithm of the EtherChannel on the switch, the EtherChannel
interface on the switch temporarily stops forwarding traffic, and the Spanning Tree Protocol restarts.
There will be a delay before traffic starts flowing again.
EtherChannel Guidelines
• For detailed EtherChannel guidelines, limitations, and prerequisites, see the “Configuring an
EtherChannel” section on page 1-28.
• See also the “EtherChannel Guidelines” section on page 1-11.
• Spanned vs. Device-Local EtherChannel Configuration—Be sure to configure the switch
appropriately for Spanned EtherChannels vs. Device-local EtherChannels.
–
Spanned EtherChannels—For ASA Spanned EtherChannels, which span across all members of
the cluster, the interfaces are combined into a single EtherChannel on the switch. Make sure
each interface is in the same channel group on the switch.
VLAN 101
port-ch1
RIGHT WRONG
port-ch2
port-ch3
port-ch4
ASA1
Switch Switch
ASA2
ASA3
ASA4
ten0/6
VLAN 101
port-ch1
Spanned Data Ifc
port-ch1
ten0/6
ten0/6
ten0/6
ASA1
ASA2
ASA3
ASA4
ten0/6
Spanned Data Ifc
port-ch1
ten0/6
ten0/6
ten0/6
334621
To Next Page
Loading...
Need help?
General
