Cisco Asa
Moderator: mike
-
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco Asa
ge interface or e makes no sense..
But multiconexts supports 9.1.5 ASA
But multiconexts supports 9.1.5 ASA
-
- Posts: 15
- Joined: Tue Aug 22, 2017 12:40 am
- Location: Brazil
Re: Cisco Asa
Connection of the 9k nxos works in 100 1000 10000, even forcing to 100 gets flapping because the 5.1 wing works at speed 100 and nexus switches to 1gig auto.
-
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco Asa
What is wing 5.1?
Is that old buggy virtual nexus 5.1?
Is that old buggy virtual nexus 5.1?
-
- Posts: 15
- Joined: Tue Aug 22, 2017 12:40 am
- Location: Brazil
Re: Cisco Asa
sorry meant 9.1 ASA
-
- Posts: 15
- Joined: Tue Aug 22, 2017 12:40 am
- Location: Brazil
Re: Cisco Asa
NXOS version is 7.0.3.I7.4
-
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco Asa
they both works pefect, I even did cluster lab and subinterfaces...
see below my cluster lab
Used ASA 9.1.5 and NX9K 7.0.3.I7.4
CSRv1000 XE 16.3, as well in portchannel as top router
and below is Winserver 2016 multihomed LACP to NXOS and simple IOL SW multihomed to nexus as etherchannel....
here are used just Po interfaces with IP, but I tested with Po dot1q inetrfacces as well works great
And nothing flaps mate....
see below my cluster lab
Used ASA 9.1.5 and NX9K 7.0.3.I7.4
CSRv1000 XE 16.3, as well in portchannel as top router
and below is Winserver 2016 multihomed LACP to NXOS and simple IOL SW multihomed to nexus as etherchannel....
here are used just Po interfaces with IP, but I tested with Po dot1q inetrfacces as well works great
And nothing flaps mate....
You do not have the required permissions to view the files attached to this post.
-
- Posts: 15
- Joined: Tue Aug 22, 2017 12:40 am
- Location: Brazil
Re: Cisco Asa
could show the configuration of Po? the interfaces
-
- Posts: 5081
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco Asa
I how this question:
You must follow some squence in config to make portchannel interfaces....
First you MUST issue global command:
cluster interface-mode spanned
Then
No shut cluster interface, my case its e6
create Po interface and assign it in
port-channel span-cluster
then assign real ports to this etcherchannel and no shut
and only then create Po1.XX
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface Ethernet0
channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface Ethernet1
channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet6
description Clustering Interface
!
interface Ethernet7
shutdown
no nameif
no security-level
no ip address
!
interface Port-channel1
port-channel span-cluster
no nameif
no security-level
no ip address
!
interface Port-channel1.10
vlan 10
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
ftp mode passive
cluster group mycuster
local-unit ASA1
cluster-interface Ethernet6 ip 10.1.1.1 255.255.255.252
priority 1
health-check holdtime 3
clacp system-mac auto system-priority 1
-
- Posts: 15
- Joined: Tue Aug 22, 2017 12:40 am
- Location: Brazil
Re: Cisco Asa
right and on the side of the nexus how is the configuration?