Cisco Firewall :: Port-channel On ASA 5520
Jun 11, 2013
So everything I've read on Cisco's documentation here: URL says that I can create a port-channel on two physical interfaces that will uplink to a VSS pair. However, the command is not recognized. What am I missing? I've tried executing "channel-group #" on the physical interface and tried creating the port-channel 1st and neither commands exist. I haven't seen it listed anywhere if it is only available after a specific piece of ASA software. If it is the software what version at a minimum I need to upgrade to? Below is an output from a show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-(code)
View 2 Replies
ADVERTISEMENT
Nov 20, 2012
Create a port channel out of interface 3 and 4 of ASAConfigure 2 sub-interfaces in those Po interface (my inside vlan and the dmz)At the 4948, configure a trunked port channel out of a single interface (funny ), then do the same in the second 4948Connect ASA port 3 to the 1st 4948's single-interfaced port channel, ASA port 4 connects the same on the 2nd 4948.
View 4 Replies
View Related
Dec 17, 2012
Anyway, here's the situation I'm trying to configure several VLANs on my ASA to uniquely allocate to contexts, the VLANs will be trunked from my VSS. Unfortunately I'm not clear on how to achieve this, the configuration guide for 8.4 talks about multiple contexts and routed setups all which don't appear to apply exactly. I've configured the port channel at both ends and I've configured sub-interfaces on the port channel and assigned VLAN IDs. These sub-interfaces are then allocated to the contexts to set 'ip address' etc. I've not been able to successfully test this configuration and I am concerned that it is incorrect..
View 1 Replies
View Related
Jan 22, 2012
I'm doing some L2 cleanups across mutliple 6509E environments and I've found something consistent that I can't find in documentation. On all my pairs of 6509s where I have FWSMs bundled (6509-A has FWSM-1 is Slot 1 and 6509-B has FWSM-2 in Slot 1) I also have a port channel 305. Obviously when I do a "show run" or "show int desc" I don't see anything in slot one. It's a service module. But the port channel is referencing ports 1/1-6. And it's all in service/up. I was about to delete this as I thought it was some leftover config (TEST 6509s) until I went and saw the same things on our PROD 6509s. Is it cosmetic? Necessary? Can I delete it as part of my audit cleanup? Don't want to mess with it even in TEST without some information. Nothing on google that's clear and I can't find anything on CCO.
#################################################################################
6509-1#sho etherch 305 summ
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
[code]....
View 1 Replies
View Related
Jun 11, 2012
We have an ASA 5520 and it's inside interface is currently plugged into a fast ethernet port on a 3750. I have just bought a 1gig SFP module and have copied the fast ethernet port config to the gigabit port, but the port seems to be flapping
The port conf gi is this:
interface GigabitEthernet1/0/4
description Link to Inside ASA
switchport access vlan 2
switchport trunk encapsulation dot1q
View 1 Replies
View Related
Jan 2, 2012
I have got ASA 5520. How to use the management port as a normal port on ASA. What are the basic reqirements for that.
View 3 Replies
View Related
Nov 29, 2011
we are having a firewall asa 5520 .we have connected the management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.
View 2 Replies
View Related
Jan 13, 2012
In a cisco firewall 5520 how could you take a public wan connection and pass it to another firewall behind the 5520 without using nat. How could you put a single port on the 5520 into transparent or passthrough much like you can on a broadband modem?
View 3 Replies
View Related
Oct 3, 2012
I have an ASA 5520 Cisco Adaptive Security Appliance Software Version 8.4(2)8 Device Manager Version 6.4(5)206. I am trying to add a nat for outside x.x.x.77 port going inside x.x.x.22 port 80 . the wan interface is .74 with subnet of 255.255.255.248 the rule will add but traffic wont pass in.
View 14 Replies
View Related
Oct 3, 2012
I am trying to forward all the traffic of a particular port number to my outside interface forwarded to an internal IP address.
View 1 Replies
View Related
Feb 9, 2012
I'm unable to assign port E2/1 to port channel. I get following error:
NEXUS5K(config)# int e2/1
NEXUS5K(config-if)# switchport mode trunk
NEXUS5K(config-if)# channel-group 14 mode active
[Code].....
View 2 Replies
View Related
Sep 26, 2012
I have a cisco asa 5520. i need to forward telnet to a router on the inside interface. Here is what i have done so far but it doesnt seem to be working.
I have created an access-list that looks like this:
access-list 102 extended permit tcp any host 10.10.60.2 eq telnet
But when do this it still doesnt forward my request to the router at 10.10.60.2 . So just to explain what im trying to do. I use Putty, i am putting the outside interface IP into putty, selecting telnet and opening the session. i need the outside interface to see this request and know to forward port 23 to the router on the inside interface with IP 10.10.60.2. The ASA is running version: asa842-k8.bin
View 3 Replies
View Related
Oct 31, 2011
I am trying to correctly configure our ASA 5520 and our Mitel Border Gateway in our DMZ. In the documentation for the Mitel border gateway it wants me to set up 2 external IP's on my ASA one to allow 443 traffice into the MBG, and another for 443 traffic that needs to be forwarded to port 4443 for the MGB in the DMZ. My problem is I don't know how to do this. the MBG only has one IP, and I need to have 2 different URL's mapped to two different external IP's both externally using port 443, and one of them forwarding to 4443 on the DMZ interface.
View 10 Replies
View Related
May 26, 2012
I am having cisco asa 5520 with internet having public ip and cisco 2911 with mpls link in my office. the mpls link is between my HO and my branchmi am putting my webserver in the branch side i want to port forward one of my publicip in my office to be forwarded to branch we, server.is it poosible on the firewall ouside the local network.
View 3 Replies
View Related
Jun 5, 2012
I need to allow traffic between webserver in dmz and mssql (Microsoft SQL Server 2008).MSSQL use dynamic port (now it is 63796) and this cannot be changed.
Basically, I can allow such traffic using next configuration:access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 1433access-list dmz extended permit udp host 1.2.3.4 host 5.6.7.8 eq 1434 access-list dmz extended permit tcp host 1.2.3.4 host 5.6.7.8 eq 63796
But, I would like to add mssql inspection and I did the next:
class-map class_sqlnetmatch port tcp eq 1433policy-map global_policyclass inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp class class_sqlnet inspect sqlnet service-policy global_policy global
[Code] ..........
View 1 Replies
View Related
Jul 6, 2012
I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port. It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.
View 1 Replies
View Related
Sep 2, 2012
I have Cisco 3845 with two Gigabit interfaces configured as port-channel with sub interface and with QoS. However shape does not work.
[code]...
View 8 Replies
View Related
Feb 7, 2013
what is active/passive port-channel..? and how it will do load balancing when my network traffic is flowing on both the ports.
View 5 Replies
View Related
Sep 13, 2012
I have Cisco 3845 with two Gigabit interfaces configured as port-channel with subinterface and with QoS.However shape does not work, why? [code]
View 1 Replies
View Related
Nov 2, 2012
are port-channel interfaces supported in 6500s -w- SUP-2T?
Inquiring if able to bundle a couple of 10GB ports on a 6908 via port-channeling.
12.33 IOS doesn't it, but haven't completely confirm whether 15.1 IOS does.
View 3 Replies
View Related
Mar 6, 2012
So I have a current port-channel between two 6ks that I need to upgrade. There's too much traffic and the port buffers on the SUP7203B sort of suck. Microbursts are causing overruns like mad. Im going to move the 2x1gig port-channel to a 6724 and make it a 3x1gig port-channel. The switches carry production traffic across the link to the tune of about 400 meg during the lowest load time. Initially, I thought that I couldn't move the port channel without temporarily taking down the link but I think I have a workable solution now. Has anyone done this successfully before? Im curious what others have done. Also, to make matters worse, the existing port-channel is 'mode on' and I want to migrate to 'mode active' in the new channel
View 7 Replies
View Related
Oct 30, 2012
I want to do the inter vlan routing packet tracer file url...configuration of MLS are as bellow can anyone tell me why vlan on switch0 can not ping vlan on switch1. [code]
View 12 Replies
View Related
Jan 18, 2013
I have just been setting up a WISM2 in a test lab and for some reason the Supervisor is not creating a port channel on my 6500 as suggested in the WISM2 Deployment Guide. WISM2 is installed in an appropriate slot (according to same doco) and have attempted reset to factory defaults, removing and power cycling several times.
View 1 Replies
View Related
Jan 5, 2012
Is it possible to configure a Cisco 2801 router with Multipoint Port Channeling? A service provider dropped a 4.5Mbps ( 3x T1s ) to one of our customers without any equipment. They assume the CPE responsible. If so, any links to documentation on this configuration. If not, what device will they need to buy from Cisco that can bundle these 3 T1s together then feed it into their router?
View 6 Replies
View Related
Jan 16, 2011
I have configured my Nexus 7018 and 5548 as follow (see diag attached).Both 7000 and 5500 are vPC pair(po1and po2). Now I have created port-chanel between 7018and 5548 as port channel PO3 on 5500. Would it give me 20g bandwidth as PO3?or 10g only uplink to 7018? Do I need to config all four 10g links in PO3 on both 5500 and 7000 switches to achieve max b/w and failover?
View 4 Replies
View Related
May 22, 2012
I have port-channel configured on Nexus 5K (version 5.0.3) with below configuration.
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 60
speed 1000
channel-group 105 mode active
[code]....
We have added GLC-SX-LH module to E1/1 and E1/10 and speed is set to 1000 (1Gig) Now other side of E1/9 and E1/10 are not connected. Port-channel status is down
Po105 1 eth trunk down No operational members 1000(D) lacp
show interface port-channel 105 shows different bandwidth (100) MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,question is under interface port-channel105 speed 1000 command inserted automatically.Now if we connect otherisde of interface, during port-channel comes up.what will be the port-channel interface bandwidth ? will it change to 2Gig(2000). Why speed 1000 command inserted automatically on port-channel.Since it is migration, we want to be more specific on the port-channel configuration?
View 1 Replies
View Related
Jul 17, 2011
What is the load balance method of 3750 port channel ( by source ip , or by source mac ) to diver traffic to paths? I have tried to use 10.242.104.101 and 10.242.104.102 as source ip, it will travel to the same link (G0/1) within one port channel (G0/1+G0/2). Howerver, if I later use 10.242.104.109, then this time it will traffic to G0/2 link. What's the concept behind.
View 1 Replies
View Related
Sep 12, 2012
Have 2 N2K with dual-connections to both 2 N5K, will all 4-ports of N5K will be the same port-channel. N2K as well ?
View 1 Replies
View Related
Jan 27, 2013
I need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
I have two 10GE ports available on the SCE
View 1 Replies
View Related
Jan 2, 2013
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
View 7 Replies
View Related
Nov 29, 2011
I need to configure a port channel between two sw 4507R. with port Giga, but those port are in different modules.
Sw-1
interface GigabitEthernet5/48
description **** Conexion Switch-2*****
[Code].....
View 2 Replies
View Related
Apr 9, 2012
I have a customer that would like a 40Gb port-channel between two 3750-x switch stacks. When I try to activate four 10Gb ports in the channel, they go into error-disable. However, I am able to create a 20Gb port-channel without issue. I have had my configurations verified to Cisco best practice.
Is there a limitation on the amount of throughput that the 3750-x can handle? According to the data sheet the 3750X-48T can handle 101.2mpps, based on two 10Gb uplinks so if my math is correct then a stack of two 3750X-48T should be able to handle 202.4mpps.
[URL]
View 3 Replies
View Related
Dec 7, 2011
I have 3750 core/distribution switches with routing enabled in two offices connected with copper link and L3 port channel interfaces. NewOffice#2 has moved about 5 miles farther away from office#1 and I have to deploy new core/distribution switch connect it to old core#2 via F.O and move all access switches with it. Old core will stay in old #2 offices as a bridge between office#1 and new office#2 Office#1core<->copper (Ethernet) <->oldoffice#2core<->f.o. <->new office#2core How I should configure port channels ports on oldoffice#2 core to act as bridge between office#1 core/dist and newoffice#2 core/dist without changing anything else (ip, etc) on whole network
View 1 Replies
View Related
