Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PortChannel in Cisco ASA with subinterface vlan

Dear Cisco Expert,

I have problem with portchannel in cisco ASA with subinterface, My asa create port channel two link with switch :

my asa configuration (PO3 == int gi0/1 & int gi0/0 ASA) :

interface Port-channel3

no nameif

no security-level

no ip address

!

interface Port-channel3.20

vlan 20

nameif XXXX

security-level 50

ip address 172.27.3.1 255.255.255.224

my switch configuration (PO3 == int gi0/19 & int gi0/20 switch) :

interface Port-channel3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20,30,40,50

switchport mode trunk

end

I also tried create int vlan 20 in switch,

interface Vlan20

ip address 172.27.3.2 255.255.255.224

end

but it doesn't work

the etherchannel status is still in waiting :

show etherchannel sum :

3      Po3(SD)         LACP      Gi0/19(w)   Gi0/20(w)  

Do you have any clue ?

Thank u guys, ...

Btw, if i create ASA port chanel withoout subinterface it's work.

Best Regards

Rizal Ferdiyan

3 REPLIES

PortChannel in Cisco ASA with subinterface vlan

You ASA cofniguration should look like this. You havnt posted the full config so no comment on that

interface GigabitEthernet0/0

channel-group 10 mode active

speed 1000

duplex full

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1

channel-group 10 mode active

speed 1000

duplex full

no nameif

no security-level

no ip address

!

!

interface Port-channel3

speed 1000

duplex full

no nameif

no security-level

no ip address

!

interface Port-channel3.20

vlan 20

nameif XXXX

security-level 50

ip address 172.27.3.1 255.255.255.224

Thanks

Ajay

New Member

thanks Ajay,how can u

thanks Ajay,

how can u leverage this multi-vlan port-channel in a security context? I have allocated the port-channel and its sub-interfaces to a context, is that enough? the downlink switch will use the asa security context for inter-vlan routing.

 

Hi,In a multi vlan multi

Hi,

In a multi vlan multi context setup, you just need to allocate a sub interface to correct context and map it to correct vlan.

You should have appropriate nat and acl according to your network.

Is there any specific issue that you are facing?

Thanks,

R.Seth

5315
Views
8
Helpful
3
Replies
CreatePlease to create content