So everything I've read on Cisco's documentation here: URL says that I can create a port-channel on two physical interfaces that will uplink to a VSS pair. However, the command is not recognized. What am I missing? I've tried executing "channel-group #" on the physical interface and tried creating the port-channel 1st and neither commands exist. I haven't seen it listed anywhere if it is only available after a specific piece of ASA software. If it is the software what version at a minimum I need to upgrade to? Below is an output from a show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-(code)
Create a port channel out of interface 3 and 4 of ASAConfigure 2 sub-interfaces in those Po interface (my inside vlan and the dmz)At the 4948, configure a trunked port channel out of a single interface (funny ), then do the same in the second 4948Connect ASA port 3 to the 1st 4948's single-interfaced port channel, ASA port 4 connects the same on the 2nd 4948.
Anyway, here's the situation I'm trying to configure several VLANs on my ASA to uniquely allocate to contexts, the VLANs will be trunked from my VSS. Unfortunately I'm not clear on how to achieve this, the configuration guide for 8.4 talks about multiple contexts and routed setups all which don't appear to apply exactly. I've configured the port channel at both ends and I've configured sub-interfaces on the port channel and assigned VLAN IDs. These sub-interfaces are then allocated to the contexts to set 'ip address' etc. I've not been able to successfully test this configuration and I am concerned that it is incorrect..
I'm doing some L2 cleanups across mutliple 6509E environments and I've found something consistent that I can't find in documentation. On all my pairs of 6509s where I have FWSMs bundled (6509-A has FWSM-1 is Slot 1 and 6509-B has FWSM-2 in Slot 1) I also have a port channel 305. Obviously when I do a "show run" or "show int desc" I don't see anything in slot one. It's a service module. But the port channel is referencing ports 1/1-6. And it's all in service/up. I was about to delete this as I thought it was some leftover config (TEST 6509s) until I went and saw the same things on our PROD 6509s. Is it cosmetic? Necessary? Can I delete it as part of my audit cleanup? Don't want to mess with it even in TEST without some information. Nothing on google that's clear and I can't find anything on CCO.
################################################################################# 6509-1#sho etherch 305 summ Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only)
We have an ASA 5520 and it's inside interface is currently plugged into a fast ethernet port on a 3750. I have just bought a 1gig SFP module and have copied the fast ethernet port config to the gigabit port, but the port seems to be flapping
The port conf gi is this:
interface GigabitEthernet1/0/4 description Link to Inside ASA switchport access vlan 2 switchport trunk encapsulation dot1q
we are having a firewall asa 5520 .we have connected the management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.
In a cisco firewall 5520 how could you take a public wan connection and pass it to another firewall behind the 5520 without using nat. How could you put a single port on the 5520 into transparent or passthrough much like you can on a broadband modem?
I have an ASA 5520 Cisco Adaptive Security Appliance Software Version 8.4(2)8 Device Manager Version 6.4(5)206. I am trying to add a nat for outside x.x.x.77 port going inside x.x.x.22 port 80 . the wan interface is .74 with subnet of 255.255.255.248 the rule will add but traffic wont pass in.
I have a cisco asa 5520. i need to forward telnet to a router on the inside interface. Here is what i have done so far but it doesnt seem to be working.
I have created an access-list that looks like this:
access-list 102 extended permit tcp any host 10.10.60.2 eq telnet
But when do this it still doesnt forward my request to the router at 10.10.60.2 . So just to explain what im trying to do. I use Putty, i am putting the outside interface IP into putty, selecting telnet and opening the session. i need the outside interface to see this request and know to forward port 23 to the router on the inside interface with IP 10.10.60.2. The ASA is running version: asa842-k8.bin
I am trying to correctly configure our ASA 5520 and our Mitel Border Gateway in our DMZ. In the documentation for the Mitel border gateway it wants me to set up 2 external IP's on my ASA one to allow 443 traffice into the MBG, and another for 443 traffic that needs to be forwarded to port 4443 for the MGB in the DMZ. My problem is I don't know how to do this. the MBG only has one IP, and I need to have 2 different URL's mapped to two different external IP's both externally using port 443, and one of them forwarding to 4443 on the DMZ interface.
I am having cisco asa 5520 with internet having public ip and cisco 2911 with mpls link in my office. the mpls link is between my HO and my branchmi am putting my webserver in the branch side i want to port forward one of my publicip in my office to be forwarded to branch we, server.is it poosible on the firewall ouside the local network.
I need to allow traffic between webserver in dmz and mssql (Microsoft SQL Server 2008).MSSQL use dynamic port (now it is 63796) and this cannot be changed.
Basically, I can allow such traffic using next configuration:access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 1433access-list dmz extended permit udp host 1.2.3.4 host 5.6.7.8 eq 1434 access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 63796
But, I would like to add mssql inspection and I did the next:
I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port. It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.
So I have a current port-channel between two 6ks that I need to upgrade. There's too much traffic and the port buffers on the SUP7203B sort of suck. Microbursts are causing overruns like mad. Im going to move the 2x1gig port-channel to a 6724 and make it a 3x1gig port-channel. The switches carry production traffic across the link to the tune of about 400 meg during the lowest load time. Initially, I thought that I couldn't move the port channel without temporarily taking down the link but I think I have a workable solution now. Has anyone done this successfully before? Im curious what others have done. Also, to make matters worse, the existing port-channel is 'mode on' and I want to migrate to 'mode active' in the new channel
I want to do the inter vlan routing packet tracer file url...configuration of MLS are as bellow can anyone tell me why vlan on switch0 can not ping vlan on switch1. [code]
I have just been setting up a WISM2 in a test lab and for some reason the Supervisor is not creating a port channel on my 6500 as suggested in the WISM2 Deployment Guide. WISM2 is installed in an appropriate slot (according to same doco) and have attempted reset to factory defaults, removing and power cycling several times.
Is it possible to configure a Cisco 2801 router with Multipoint Port Channeling? A service provider dropped a 4.5Mbps ( 3x T1s ) to one of our customers without any equipment. They assume the CPE responsible. If so, any links to documentation on this configuration. If not, what device will they need to buy from Cisco that can bundle these 3 T1s together then feed it into their router?
I have configured my Nexus 7018 and 5548 as follow (see diag attached).Both 7000 and 5500 are vPC pair(po1and po2). Now I have created port-chanel between 7018and 5548 as port channel PO3 on 5500. Would it give me 20g bandwidth as PO3?or 10g only uplink to 7018? Do I need to config all four 10g links in PO3 on both 5500 and 7000 switches to achieve max b/w and failover?
We have added GLC-SX-LH module to E1/1 and E1/10 and speed is set to 1000 (1Gig) Now other side of E1/9 and E1/10 are not connected. Port-channel status is down
Po105 1 eth trunk down No operational members 1000(D) lacp
show interface port-channel 105 shows different bandwidth (100) MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,question is under interface port-channel105 speed 1000 command inserted automatically.Now if we connect otherisde of interface, during port-channel comes up.what will be the port-channel interface bandwidth ? will it change to 2Gig(2000). Why speed 1000 command inserted automatically on port-channel.Since it is migration, we want to be more specific on the port-channel configuration?
What is the load balance method of 3750 port channel ( by source ip , or by source mac ) to diver traffic to paths? I have tried to use 10.242.104.101 and 10.242.104.102 as source ip, it will travel to the same link (G0/1) within one port channel (G0/1+G0/2). Howerver, if I later use 10.242.104.109, then this time it will traffic to G0/2 link. What's the concept behind.
I need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
I have a customer that would like a 40Gb port-channel between two 3750-x switch stacks. When I try to activate four 10Gb ports in the channel, they go into error-disable. However, I am able to create a 20Gb port-channel without issue. I have had my configurations verified to Cisco best practice.
Is there a limitation on the amount of throughput that the 3750-x can handle? According to the data sheet the 3750X-48T can handle 101.2mpps, based on two 10Gb uplinks so if my math is correct then a stack of two 3750X-48T should be able to handle 202.4mpps.
I have 3750 core/distribution switches with routing enabled in two offices connected with copper link and L3 port channel interfaces. NewOffice#2 has moved about 5 miles farther away from office#1 and I have to deploy new core/distribution switch connect it to old core#2 via F.O and move all access switches with it. Old core will stay in old #2 offices as a bridge between office#1 and new office#2 Office#1core<->copper (Ethernet) <->oldoffice#2core<->f.o. <->new office#2core How I should configure port channels ports on oldoffice#2 core to act as bridge between office#1 core/dist and newoffice#2 core/dist without changing anything else (ip, etc) on whole network
