Filter
Top Products
45-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
• Disable failover while the configuration changes are being made, and then re-enable it (failover will
not occur in the interim).
Note As with any other type of interface assigned as a failover link, the EtherChannel interface cannot be
named. Further, none of the EtherChannel’s member interfaces can be named.
Defining EtherChannels on an ASA
Follow these steps to configure multiple physical interfaces as a single logical EtherChannel interface in
the ASA Add Interface or Edit Interface dialog boxes, which are accessed from the device Interfaces
page (see Managing Device Interfaces, Hardware Ports, and Bridge Groups, page 45-14).
Step 1 Choose EtherChannel as the interface Type.
The EtherChannel ID and interface-selection options appear on the General panel of the dialog box; the
Load Balancing, LACP Mode, and Active Physical Interfaces: Minimum and Maximum fields appear on
the Advanced panel.
Step 2 Provide an identifier for this EtherChannel in the EtherChannel ID field; valid IDs are the integers from
1 to 48. This number is appended to “Port-channel” to identify the EtherChannel in the Interface column
of the table on the device’s Interfaces page.
Step 3 Available Interfaces – Specify the members of this port-channel group by select one or more interfaces
in this list of available interfaces, and then click the >> button to add them to the member list on the right.
Note All interfaces in the channel group must be the same type and speed. The first interface added
to the channel group determines the correct type and speed.
You can assign up to 16 interfaces to a channel group. In a standard EtherChannel, up to eight of these
interfaces can be active, while the remaining interfaces act as stand-by links in case of individual
interface failure. Alternatively, you can create a static EtherChannel by setting LACP Mode to On (on
the Advanced panel, as described below), which means all interfaces in the group can pass traffic.
Note After assigning interfaces to this EtherChannel group, you can edit the LACP Port parameters
for each member interface, as described in Editing LACP Parameters for an Interface Assigned
to an EtherChannel, page 45-11.
Step 4 Click the Advanced tab to display that panel.
Step 5 Choose a Load Balancing option in the EtherChannel section. See About EtherChannel Load Balancing,
page 45-12, for more information about this option.
Step 6 Select the desired LACP Mode; the default is Active, which means up to eight interfaces are active,
while up to eight are in stand-by mode, as determined by the Minimum and Maximum values under
Active Physical Interfaces.
If you select On, a static port-channel is created in which all member interfaces are all “on,” meaning
you can have up to 16 ports passing traffic, with no stand-by ports. When you select this option, the Mode
for all interfaces assigned to this EtherChannel group is switched to On (if the Mode for each is not
already On). See Editing LACP Parameters for an Interface Assigned to an EtherChannel, page 45-11,
for more information about this mode.
Step 7 Specify the Minimum and Maximum number of Active Physical Interfaces for this EtherChannel.