Link aggregation control protocol, Figure 6-1 – Cisco ASA 5505 User Manual

Page 248

Advertising
background image

6-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 6 Starting Interface Configuration (ASA 5510 and Higher)

Information About Starting ASA 5510 and Higher Interface Configuration

Figure 6-1

Connecting to a VSS

If you use the ASA in an Active/Standby failover deployment, then you need to create separate
EtherChannels on the switches in the VSS, one for each ASA (see

Figure 6-1

). On each ASA, a single

EtherChannel connects to both switches. Even if you could group all switch interfaces into a single
EtherChannel connecting to both ASAs (in this case, the EtherChannel will not be established because
of the separate ASA system IDs), a single EtherChannel would not be desirable because you do not want
traffic sent to the standby ASA.

Figure 6-2

Active/Standby Failover and VSS

Link Aggregation Control Protocol

The Link Aggregation Control Protocol (LACP) aggregates interfaces by exchanging the Link
Aggregation Control Protocol Data Units (LACPDUs) between two network devices.

You can configure each physical interface in an EtherChannel to be:

Active—Sends and receives LACP updates. An active EtherChannel can establish connectivity with
either an active or a passive EtherChannel. You should use the active mode unless you need to
minimize the amount of LACP traffic.

Passive—Receives LACP updates. A passive EtherChannel can only establish connectivity with an
active EtherChannel.

ASA

Switch 1

port-channel 1

VSS

Switch 2

port-channel 2

gig0/0

gig3/5

gig6/5

gig0/1

Primary ASA

Switch 1

port-channel 1

port-channel 1

VSS

Switch 2

Secondary ASA

port-channel 3

port-channel 2

gig0/0

gig0/1

gig0/0

gig0/1

gig3/2

gig3/3

gig6/3

gig6/2

Advertising