Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1440
Views
0
Helpful
4
Replies

interface allocation in ASA cluster multimode

phamthecong
Level 1
Level 1

‎07-30-2013 08:56 PM - last edited on ‎03-25-2019 05:51 PM by Community Manager

Hi All,

Could someone help this please?

In   ASA cluster multimode ver 9.0, do the cluster control links need to be allocated per context  or do they just require in system context?                

Regards,

TaoLao

Labels:
0 Helpful
4 Replies 4

ssummang
Cisco Employee
Cisco Employee

‎07-31-2013 09:35 AM

Hi TaoLao

No need to allocate CCL interface to context. Cluster bootstrap configuration will be done only in system context . 

0 Helpful

subriyer
Cisco Employee
Cisco Employee
In response to ssummang

‎07-31-2013 08:53 PM

CCL interface like failover is configured only in system context.

0 Helpful

phamthecong
Level 1
Level 1
In response to subriyer

‎07-31-2013 08:59 PM

Got it. Thank you Sujith and Subriyer.

   

When I configure Data Link I have a message below. Do we have to do any special thing on the ASA

N7K

interface Ethernet1/6
  switchport mode trunk
  mtu 9216
  channel-group 20 mode active

interface Ethernet1/7
  switchport mode trunk
  mtu 9216
  channel-group 20 mode active

interface port-channel20

switchport mode trunk

mtu 9216

vpc 20

show vpc bri | be Po20

20   Po20   down*  failed      vpc port channel           -

                               mis-config due to vpc

                               links in the 2 switches

                               connected to different

                               partners

One of ASA

interface Port-channel20

port-channel span-cluster vss-load-balance

interface TenGigabitEthernet0/6

description Data Link (Span Port)

channel-group 20 mode active vss-id 2

interface TenGigabitEthernet0/7

description Data Link (Span Port)

channel-group 20 mode active vss-id 1

0 Helpful

subriyer
Cisco Employee
Cisco Employee
In response to phamthecong

‎08-01-2013 01:20 AM

Taolao,

You got data-interface and CCL interfaces mixed up. Only data-interface is configured as "port-channel span-cluster" which tells the port-channel it has member interfaces spanning multiple physical devices.

vss-id, too is supposed to be used for data-interfaces.

CCL interface configuration on ASA and N7k should be as below

SW-1

--------

interface Ethernet2/9

  description CONNECTED TO ASA-A Ten0/8

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  channel-group 41

  no shutdown

interface port-channel41

  description CONNECTED TO ASA-A CCL

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  vpc 41

SW-2

--------

interface Ethernet2/9

  description CONNECTED TO ASA-A Ten0/9

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  channel-group 41

  no shutdown

interface port-channel41

  description CONNECTED TO ASA-A CCL

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  vpc 41

ASA

-------

interface TenGigabitEthernet0/8

channel-group 1 mode on

!

interface TenGigabitEthernet0/9

channel-group 1 mode on

!

interface Port-channel1

description Clustering Interface

!

Since CCL port-channel is individual to an ASA, you need to create a corresponding port-channel on N7k for each of the cluster nodes. For example, on N7k you need to create Po42 for node-B, Po43 for node-C etc.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card