Etherchannel (Port Channel) on Cisco ASA


Etherchannel (Port Channel) on Cisco ASA

Generally Cisco ASA has one Management interface and four Gigabit Interfaces, but in modern systems and scalable Infrastructures you will need more than four Interfaces. To overcome this limitation you can configure some VLANs and trunk them to an Interfaces. This was a standard solution to this problem, however since ASA version 8.4.2 you are able to use Ether Channel to solve this problem.
The benefit of Ether Channel or Port Channel is that you are able to configure redundancy and load balancing in the same time; all four ASA Interfaces will be bundle to a link in the Layer 2 then you assign all VLANs directly to the Port Channel and so they applied to all Interfaces of ASA .
The ASA distributes the traffics to all Interfaces, which means you have the functioning Load balancing, furthermore if you lost one or two Interface the whole traffics will be distribute to the Interfaces which are available.
If you run the Port Channel on the ASA then you are permitted to make up to 200 VLANs.
Zeichnung2
The Port Channel’s configuration is not really tricky but it is a little bit complex and it will be best if you keep the history of what you have changed to not lose overview of what and why you actually configured.
Here you can see the Port Channel configuration on an ASA 5540 and a Catalyst 2960.
OK, first of all you have the configure the Port Channel on the Catalyst; it is very simple something like that:
1
2
3
4

!
interface Port-channel1
switchport mode trunk
!
Then I apply the Port Channel configuration, to four catalysts Interfaces which are connected to the ASA (in this case GigabitEthernet1/12 till GigabitEthernet1/15 :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

!
interface GigabitEthernet1/12
description UpLink to ASA
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/13
description UpLink to ASA
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/14
description UpLink to ASA
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/15
description UpLink to ASA
switchport mode trunk
channel-group 1 mode on
!
Ok we are finish with catalyst configuration; now let’s go to the ASA
Now we have to create the Port Channel:
1
2
3
4
5
6
7

  
!
interface Port-channel1
no nameif
no security-level
no ip address
!
We apply the Port Channel 1 to four Interfaces:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

!
interface GigabitEthernet0
channel-group 1 mode on
no nameif
no security-level
no ip address
!
interface GigabitEthernet1
channel-group 1 mode on
no nameif
no security-level
no ip address
!
interface GigabitEthernet2
channel-group 1 mode on
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
channel-group 1 mode on
no nameif
no security-level
no ip address
!
The next steps are very important , for each VLANs you have to create a port-channel sub-Interfaces, in there you define the VLAN ID , IP address and the security-Level , I will show you here one inside and one OUTSIDE sub-interface:
1
2
3
4
5
6
7

!
interface Port-channel1.10
vlan 10
nameif inside
security-level 100
ip address 192.168.XX.XXX 255.255.255.0
!
and
1
2
3
4
5
6
7

!
interface Port-channel1.1000
vlan 1000
nameif OUTSIDE
security-level 0
ip address dhcp setroute
!
Well, that is all. !!
It is important to have the same VLAN’s number and VLAN’s ID of both side, there when you have a new VLAN you should apply that configuration in Catalyst first. For debugging and control the Port Channels you can use the :
1
2
3
4
5
6

show port-channel summary
 
Number of channel-groups in use: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-------------------------------------
1 Po1(U) LACP Gi0/0(P) Gi0/1(P) Gi0/2(P) Gi0/3(P)
The command displays the number of Port Channel group and which Interfaces are member to this ; furthermore you can see the Channel-Group Protocol LACP ( Link Aggregation Control Protocol) ;you have to consider that Cisco ASA support LACP only (no PAgP ) ; you get more useful information by using :
1

Show port-channel detail
1
2
3
4
5
6
7
8
9
10

Group: 1
----------
Ports: 4 Maxports = 16 you see we use four Interfaces (Ports 4) you can extend that up to 16 Physical Interfaces
Port-channels: 1 Max Port-channels= 48 you can configure 48 different Port Channel group
Protocol: LACP/ active
Minimum Links: 2  this is the minimum number of physical Interfaces for a Port Channel Group
Maximum Bundle: 8 you can put maximal 8 physical Interface to a Port Channel
Load balance: src-dst-ip
Ports in the group:
-------------------
For the Catalyst I prefer to use the :
 
1

sho etherchannel port-channel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

sho etherchannel port-channel
Channel-group listing:
----------------------
Group: 1
----------
Port-channels in the group:
---------------------------
Port-channel: Po1 (Primary Aggregator)
------------
Age of the Port-channel = 761d:02h:50m:21s
Logical slot/port = 5/1 Number of ports = 4
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/45 Active 0
0 00 Gi1/0/46 Active 0
0 00 Gi1/0/47 Active 0
0 00 Gi1/0/48 Active 0
 
Time since last port bundled: 749d:02h:28m:31s Gi1/0/46
Just as the commands in the ASA , the catalyst will show you now the number of Port Channel , port channel status and the physical Interfaces which are applied to this Port Channel group .
Don’t worry about the Spanning-tree Protocol (STP ) on the Catalyst , the STP counts the four EtherChannel’s Interfaces as “one” link like a single port so no member of the EtherChannel will be blocked from STP to prevent looping , I personally use the portfast for each Port Channel member Interface but you have to modify the command for a trunk interface :
1

spanning-tree portfast trunk

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

How to Setup and Configure Your Own GitLab Server on Ubuntu 20.04

Imagen
  GitLab CE(Community Edition) is a free and opensource web-based git manager tool & it’s written in Ruby. GitLab CE is generally used for Software development teams, it has a lot of features like version control, code review, monitoring, CI & CD, issue management, wiki, etc. GitLab allows you to host your Git reposit o ry that can be accessed from either your local LAN / WAN / local server or (if you have an available public IP address) from outside your company. The community edition is open-sourced and freely available to install and setup. There are three different editions of GitLab available, Community Edition (CE), Enterprise Edition (EE), and a GitLab-hosted version. In this article, we will go step by step to install the latest version of GitLab CE on Ubuntu 20.04 / 18.04 Server. Below should be your laptop or desktop minimum configuration: RAM: Gitlab recommends 4 GB for Gitlab Setup 2 CPU cores. (optional) Domain or subdomain pointing to the server IP address. Instal
Leer más