1-35
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring a Cluster of ASAs
Configuring ASA Clustering
Detailed Steps
Command Purpose
Step 1
interface physical_interface
Example:
hostname(config)# interface
gigabitethernet 0/0
Specifies the interface you want to add to the channel group,
where the physical_interface ID includes the type, slot, and port
number as type slot/port. This first interface in the channel group
determines the type and speed for all other interfaces in the group.
Step 2
channel-group channel_id mode active
[vss-id {1 | 2}]
Example:
hostname(config-if)# channel-group 1 mode
active
Assigns this interface to an EtherChannel with the channel_id
between 1 and 48. If the port-channel interface for this channel ID
does not yet exist in the configuration, one will be added
automatically:
interface port-channel channel_id
Only active mode is supported for Spanned EtherChannels.
If you are connecting the ASA to two switches in a VSS or vPC,
then configure the vss-id keyword to identify to which switch this
interface is connected (1 or 2). You must also use the
port-channel span-cluster vss-load-balance command for the
port-channel interface in Step 6. See also the “Connecting to a
VSS or vPC” section on page 1-13 for more information.
Step 3
no shutdown
Example:
hostname(config-if)# no shutdown
Enables the interface.
Step 4
(Optional) Add additional interfaces to the
EtherChannel by repeating Step 1 through
Step 3.
Example:
hostname(config)# interface
gigabitethernet 0/1
hostname(config-if)# channel-group 1 mode
active
hostname(config-if)# no shutdown
Multiple interfaces in the EtherChannel per unit are useful for
connecting to switches in a VSS or vPC. Keep in mind that an
EtherChannel, can have only 8 active interfaces out of 16
maximum; the remaining 8 interfaces are on standby in case of
link failure. For example, for a cluster of 8 ASAs, you can use a
maximum of 2 interfaces on each ASA, for a total of 16 interfaces
in the EtherChannel.
Step 5
interface port-channel channel_id
Example:
hostname(config)# interface port-channel 1
Specifies the port-channel interface. This interface was created
automatically when you added an interface to the channel group.
Step 6
port-channel span-cluster
[vss-load-balance]
Example:
hostname(config-if)# port-channel
span-cluster
Sets this EtherChannel as a Spanned EtherChannel.
If you are connecting the ASA to two switches in a VSS or vPC,
then you should enable VSS load balancing by using the
vss-load-balance keyword. This feature ensures that the physical
link connections between the ASAs to the VSS (or vPC) pair are
balanced. You must configure the vss-id keyword in the
channel-group command for each member interface before
enabling load balancing (see Step 2).
To Next Page
Loading...
Need help?
General
