VLAN Port channel and redundant interfaces
Interfaces Options
VLAN Int
EtherChannel
Redundant
How to create multiple interfaces on ASA?
create logical layer 3 interfaces. Switch port connected to ASA should be configured as a trunk port and ASA port need to support 802.1q tag and create multiple sub-interfaces on ASA. This is exactly same like a router on the stick config.
Let's configure ASA1 with three logical subinterfaces.
Config -> Device setup -> interfaces -> Add -> Interface
Once we create sub-interfaces ASA automatically knows that we are going to use 802.1q mechanism.
CLI :
interface g1.10
vlan 10
no shut
nameif inside_10
security-level 100
ip address 10.0.10.1 255.255.255.0
Similarly, we can create sub-interfaces for vlan 20 and 30.
Note: The 5505 uses “interface vlan x” commands to create new logical interfaces. All the rest of 5500 family uses sub-interfaces, as shown above.
To enable traffic between same security-level interfaces
same-security-traffic permit inter-interface
EtherChannel :
To increase throughput. Implement between the switches. To configure etherchannel we can either use PagP cisco propriety or standard LACP as communicating protocol between switches.
Link Aggregation Control protocol (LACP) uses 3 options for negotiating the etherchannel :
Active
Passive
ON (static)
Besides these protocols, we have two types of EtherChannel
L2 and L3
Let's create new logical L3 Etherchannel.
We can configure etherchannel between ASA and switch. Upto 8 active ASA interfaces can participate in etherchannel.
ASDM :
Config -> Device setup -> interfaces -> Add -> EtherChannel
No config should present on interfaces which are going to participate on etherchannel
CLI :
interface g2
channel-group 1 mode Active
interface g3
channel-group 1 mode Active
interface port-channel1
port-channel load-balance src-port
port-channel min-bundle 1
lacp max-bundle 8
no shut
speed auto
duplex auto
nameif dmz
security-level 50
ip address 172.16.0.1 255.255.255.0
Redundant :
Let's create a new L3 redundant interface. This will not do load-balancing instead two interfaces active and backup will participate as a pair. At a given time active interface only forward traffic. If an active physical interface fails, standby will take up as active and it will use active interface mac address.
ASDM :
Config -> Device setup -> interfaces -> Add -> redundant interface
No config should present on interfaces which are going to participate in redundant.
CLI :
interface redundant1
member-interface g4
member-interface g5
no shut
nameif outside
security-level 0
ip address 192.168.1.171 255.255.255.0
Note: the interface which is configured first will be active on. in our case it is g4
Verify through CLI
show interface port-channel 1
show port-channel 1
show int redundant 1
We can make g5 as active interface
redundant-interface redundant 1 active-member g5
Now g5 will become active member
Is etherchannel and portchannel same?
Interfaces Options
VLAN Int
EtherChannel
Redundant
How to create multiple interfaces on ASA?
create logical layer 3 interfaces. Switch port connected to ASA should be configured as a trunk port and ASA port need to support 802.1q tag and create multiple sub-interfaces on ASA. This is exactly same like a router on the stick config.
Let's configure ASA1 with three logical subinterfaces.
Config -> Device setup -> interfaces -> Add -> Interface
Once we create sub-interfaces ASA automatically knows that we are going to use 802.1q mechanism.
CLI :
interface g1.10
vlan 10
no shut
nameif inside_10
security-level 100
ip address 10.0.10.1 255.255.255.0
Similarly, we can create sub-interfaces for vlan 20 and 30.
Note: The 5505 uses “interface vlan x” commands to create new logical interfaces. All the rest of 5500 family uses sub-interfaces, as shown above.
To enable traffic between same security-level interfaces
same-security-traffic permit inter-interface
EtherChannel :
To increase throughput. Implement between the switches. To configure etherchannel we can either use PagP cisco propriety or standard LACP as communicating protocol between switches.
Link Aggregation Control protocol (LACP) uses 3 options for negotiating the etherchannel :
Active
Passive
ON (static)
Besides these protocols, we have two types of EtherChannel
L2 and L3
Let's create new logical L3 Etherchannel.
We can configure etherchannel between ASA and switch. Upto 8 active ASA interfaces can participate in etherchannel.
ASDM :
Config -> Device setup -> interfaces -> Add -> EtherChannel
No config should present on interfaces which are going to participate on etherchannel
CLI :
interface g2
channel-group 1 mode Active
interface g3
channel-group 1 mode Active
interface port-channel1
port-channel load-balance src-port
port-channel min-bundle 1
lacp max-bundle 8
no shut
speed auto
duplex auto
nameif dmz
security-level 50
ip address 172.16.0.1 255.255.255.0
Redundant :
Let's create a new L3 redundant interface. This will not do load-balancing instead two interfaces active and backup will participate as a pair. At a given time active interface only forward traffic. If an active physical interface fails, standby will take up as active and it will use active interface mac address.
ASDM :
Config -> Device setup -> interfaces -> Add -> redundant interface
No config should present on interfaces which are going to participate in redundant.
CLI :
interface redundant1
member-interface g4
member-interface g5
no shut
nameif outside
security-level 0
ip address 192.168.1.171 255.255.255.0
Note: the interface which is configured first will be active on. in our case it is g4
Verify through CLI
show interface port-channel 1
show port-channel 1
show int redundant 1
We can make g5 as active interface
redundant-interface redundant 1 active-member g5
Now g5 will become active member
Is etherchannel and portchannel same?
Yes, "EtherChannel" and "PortChannel" refer to the same technology. EtherChannel is Cisco's proprietary term for link aggregation, which allows multiple physical Ethernet links to be combined into a single logical link. This logical link provides increased bandwidth, improved redundancy, and load balancing across the member links.
PortChannel is the generic term used in the networking industry to describe the logical aggregation of multiple physical ports into a single logical port. While EtherChannel is specific to Cisco devices, other networking vendors may use the term PortChannel or similar terminology to describe the same functionality.
In essence, EtherChannel and PortChannel represent the same concept of bundling multiple physical links to create a higher-bandwidth and more resilient connection between network devices. They are commonly used in scenarios where increased throughput, fault tolerance, and load distribution are required, such as connecting switches, routers, or servers to network infrastructure.
No comments:
Post a Comment