Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Failover on Etherchannel Subinterfaces

hey -

anybody figured out how to use Subinterfaces on an Etherchannel for a Lan Failover link?

I successfully bundled e0/0-1 and e0/2-3 to 2 Port-Channels with a 3750X Stack - and was able to set my "nameifs" and "security level" on Port-Channel Subinterfaces like "Port-channel1.4" As a lan based failover link the subinterfaces seem  to be unusable ....

am I missing something?


  • Firewalling
Hall of Fame Super Silver

ASA Failover on Etherchannel Subinterfaces

From the configuration guide (emphasis in mine):

"You can use any unused interface on the device as the failover link; however, you cannot specify an interface that is currently configured with a name. The failover link interface is not configured as a normal networking interface; it exists for failover communication only. This interface should only be used for the failover link (and optionally for the Stateful Failover link)."

Using an Etherchannel for failover should work (reference Failover Guidelines for Etherchannels) but subinterfaces no. I would say the parent interface that your attempted failover subinterface belongs to (along with the other active subinterfaces you mentioned) would make it a used interface.

This widget could not be displayed.