Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

interface allocation in ASA cluster multimode

Hi All,

Could someone help this please?

In   ASA cluster multimode ver 9.0, do the cluster control links need to be allocated per context  or do they just require in system context?                

Regards,

TaoLao

4 REPLIES
Cisco Employee

Re: interface allocation in ASA cluster multimode

Hi TaoLao

No need to allocate CCL interface to context. Cluster bootstrap configuration will be done only in system context . 

Cisco Employee

Re: interface allocation in ASA cluster multimode

CCL interface like failover is configured only in system context.

New Member

Re: interface allocation in ASA cluster multimode

Got it. Thank you Sujith and Subriyer.

   

When I configure Data Link I have a message below. Do we have to do any special thing on the ASA

N7K

interface Ethernet1/6
  switchport mode trunk
  mtu 9216
  channel-group 20 mode active

interface Ethernet1/7
  switchport mode trunk
  mtu 9216
  channel-group 20 mode active

interface port-channel20

switchport mode trunk

mtu 9216

vpc 20

show vpc bri | be Po20

20   Po20   down*  failed      vpc port channel           -

                               mis-config due to vpc

                               links in the 2 switches

                               connected to different

                               partners

One of ASA

interface Port-channel20

port-channel span-cluster vss-load-balance

interface TenGigabitEthernet0/6

description Data Link (Span Port)

channel-group 20 mode active vss-id 2

interface TenGigabitEthernet0/7

description Data Link (Span Port)

channel-group 20 mode active vss-id 1

Cisco Employee

Re: interface allocation in ASA cluster multimode

Taolao,

You got data-interface and CCL interfaces mixed up. Only data-interface is configured as "port-channel span-cluster" which tells the port-channel it has member interfaces spanning multiple physical devices.

vss-id, too is supposed to be used for data-interfaces.

CCL interface configuration on ASA and N7k should be as below

SW-1

--------

interface Ethernet2/9

  description CONNECTED TO ASA-A Ten0/8

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  channel-group 41

  no shutdown

interface port-channel41

  description CONNECTED TO ASA-A CCL

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  vpc 41

SW-2

--------

interface Ethernet2/9

  description CONNECTED TO ASA-A Ten0/9

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  channel-group 41

  no shutdown

interface port-channel41

  description CONNECTED TO ASA-A CCL

  switchport

  switchport access vlan 500

  spanning-tree port type edge

  mtu 9000

  vpc 41

ASA

-------

interface TenGigabitEthernet0/8

channel-group 1 mode on

!

interface TenGigabitEthernet0/9

channel-group 1 mode on

!

interface Port-channel1

description Clustering Interface

!

Since CCL port-channel is individual to an ASA, you need to create a corresponding port-channel on N7k for each of the cluster nodes. For example, on N7k you need to create Po42 for node-B, Po43 for node-C etc.

710
Views
0
Helpful
4
Replies