Cisco Asa

Moderator: mike

Post Reply
Uldis (UD)
Posts: 5083
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: Cisco Asa

Post by Uldis (UD) » Thu Jan 24, 2019 8:07 pm

common dear :)?
vPC between 2 nexus
and portchannel trunk facing to ASA
Top
dimelo
Posts: 15
Joined: Tue Aug 22, 2017 12:40 am
Location: Brazil

Re: Cisco Asa

Post by dimelo » Thu Jan 24, 2019 8:29 pm

follows my settings, in this way the port channel is flipping.

NXOS

interface port-channel3000
description *** FWCTM01 - STATEFUL/FAILOVER ***
switchport mode trunk
switchport trunk allowed vlan 663-664
spanning-tree port type normal
speed 100
vpc 3000

interface Ethernet1/5
description *** FWCTM01 - STATEFUL/FAILOVER ***
switchport mode trunk
switchport trunk allowed vlan 663-66
speed 100
channel-group 3000 mode active

ASA

interface Ethernet0
description *** DVOSB01 STATE/FAILOVER ***
channel-group 22 mode active
!
interface Ethernet1
description *** DVOSB02 STATE/FAILOVER ***
channel-group 22 mode active

interface Port-channel22.1
description LAN Failover Interface
vlan 663
!
interface Port-channel22.2
description STATE Failover Interface
vlan 664
!
failover
failover lan unit secondary
failover lan interface FAILOVER Port-channel22.1
failover link STATE Port-channel22.2
failover interface ip FAILOVER 1.1.1.1 255.255.255.252 standby 1.1.1.2
failover interface ip STATE 2.2.2.1 255.255.255.252 standby 2.2.2.2


LOGS

2019 Jan 24 20:11:23 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel3000: Ethernet1/5 is down
2019 Jan 24 20:11:23 CTMSB01 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel3000: first operational port changed from Ethernet1/5 to none
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel3000 is down (No operational members)
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/5 is down (Initializing)
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel3000 is down (No operational members)
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-SPEED: Interface port-channel3000, operational speed changed to 1 Gbps
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_DUPLEX: Interface port-channel3000, operational duplex mode changed to Full
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel3000, operational Receive Flow Control state changed to off
2019 Jan 24 20:11:23 CTMSB01 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel3000, operational Transmit Flow Control state changed to off
2019 Jan 24 20:11:29 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel3000: Ethernet1/5 is up
2019 Jan 24 20:11:29 CTMSB01 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel3000: first operational port changed from none to Ethernet1/5
2019 Jan 24 20:11:29 CTMSB01 %ETHPORT-5-IF_UP: Interface Ethernet1/5 is up in mode trunk
2019 Jan 24 20:11:29 CTMSB01 %ETHPORT-5-IF_UP: Interface port-channel3000 is up in mode trunk
2019 Jan 24 20:12:59 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel3000: Ethernet1/5 is down
2019 Jan 24 20:12:59 CTMSB01 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel3000: first operational port changed from Ethernet1/5 to none
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel3000 is down (No operational members)
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/5 is down (Initializing)
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel3000 is down (No operational members)
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-SPEED: Interface port-channel3000, operational speed changed to 1 Gbps
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_DUPLEX: Interface port-channel3000, operational duplex mode changed to Full
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel3000, operational Receive Flow Control state changed to off
2019 Jan 24 20:12:59 CTMSB01 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel3000, operational Transmit Flow Control state changed to off
2019 Jan 24 20:13:08 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_SUSPENDED: Ethernet1/5: Ethernet1/5 is suspended
2019 Jan 24 20:13:43 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_HOT_STANDBY: port-channel3000: Ethernet1/5 goes to hot-standby
2019 Jan 24 20:14:48 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_HOT_STANDBY_DOWN: port-channel3000: hot-standby port Ethernet1/5 is down
2019 Jan 24 20:14:48 CTMSB01 %ETHPORT-5-SPEED: Interface port-channel3000, operational speed changed to 1 Gbps
2019 Jan 24 20:14:48 CTMSB01 %ETHPORT-5-IF_DUPLEX: Interface port-channel3000, operational duplex mode changed to Full
2019 Jan 24 20:14:48 CTMSB01 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel3000, operational Receive Flow Control state changed to off
2019 Jan 24 20:14:48 CTMSB01 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel3000, operational Transmit Flow Control state changed to off
2019 Jan 24 20:14:53 CTMSB01 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel3000: Ethernet1/5 is up
2019 Jan 24 20:14:53 CTMSB01 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel3000: first operational port changed from none to Ethernet1/5
2019 Jan 24 20:14:53 CTMSB01 %ETHPORT-5-IF_UP: Interface Ethernet1/5 is up in mode trunk
2019 Jan 24 20:14:53 CTMSB01 %ETHPORT-5-IF_UP: Interface port-channel3000 is up in mode trunk
Top
Uldis (UD)
Posts: 5083
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: Cisco Asa

Post by Uldis (UD) » Thu Jan 24, 2019 9:56 pm

no flaps at all.. Cluster works just perfecto

min configs attached, ASA cluster outside interface Po1.22 in vlan 22 speaking with CSR Po1.22
vPC 22 for ASA interfaces (4 interfaces total, asa1 e0-1, asa2 e0-1)
vPC 23 for CSR

BTW your config is not cluster, but Failover
and it is very bad idea make failover on virtual ports !! Just from my real life experience
Uldis
You do not have the required permissions to view the files attached to this post.
Top
Post Reply

Return to “EVE-NG General Discussions”