Thursday, December 5, 2013

ASA failover using a port-channel

For the cisco ASA,  you can achieve a better  redundant failover link configuration  in a  single or multi context mode by using a port-channel.

By aggregating 2 links together, you  provide redundancy and  helps ensure the  failover link is always up and not disturb

In this post, we will look at the basic configuration;

1: Here's the ports that was used on a ASA5558
Notice we are using LACP active mode.

2: The ASA will create the virtual port-channel automatically so you have nothing todo here ;

3rd: We create the  failover cfg for both the primary and secondary units;

note: the secondary unit has the same above cfg but with the wording "failover lan unit secondary"

Finally we validate the cfg and port-channel status and lacp

And the failover state;

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   $   $  )=
       /     \

No comments:

Post a Comment