Hi Mike, Also each ASA should be in a different port-channel group on the switch. Even though the ASAs are in failover, they are still 2 physically separate boxes therefore one should be in Po1 and the other in Po2 on the switch. If you put both ASAs in the same Po1 on the switch, I would assume the one that responds faster becomes UP and the other ports are suspended by the switch (which is totally normal)... As far as I know, across devices etherchannels are supported on switch stacks (2960S, 3750), switches in VSS (4500E, 6500), Nexus in vPC but not on ASAs...
Hope that helps, Patrick From: [email protected] [mailto:[email protected]] On Behalf Of Samarth Chidanand Sent: May-15-13 12:49 AM To: 'Mike Rojas'; [email protected] Subject: Re: [OSL | CCIE_Security] LACP question Lab 9 WB1 Hi Mike, The task does not state what mode the ether channel should be in. Hence choose any method, best is LACP active mode. What the task is referring to is Active/Active Failover. This essentially means both the primary unit and secondary unit in the failover pair will be active/forwarding for a particular context (T1 on ASA3 is forwarding traffic and in standby mode on ASA4 while T2 on ASA4 is forwarding traffic/active and in standby mode on ASA3). Active/Standby with multi-context would mean that all the contexts will be in active/forwarding state on just one of the ASA. When configuring etherchannel as a failover interface, make sure both the units are manually configured for etherchannel and then configure the failover. Make sure speed and duplex are the same on ASA and the switch. Samarth Chidanand Sr Instructor / Developer - IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mike Rojas Sent: Wednesday, May 15, 2013 9:53 AM To: [email protected]<mailto:[email protected]> Subject: [OSL | CCIE_Security] LACP question Lab 9 WB1 Hello, I have a quick question, and I think most of you know it but I am quite new with Etherchannels and I need guidance on an issue that I am having. On Lab 9 which is the one with BVI Active/Active and BVI interfaces, there is a task that we need to configure the etherchannel for the Failover link. I did that however, I confused the term of Active/ with On in the type of mode which we need to configure on the port channel, so it came up fine, but it was not using LACP. Unfortunately, i dont have two switches that I can play with so my two ASAs are plugged into the same switch. When I changed the mode to Active on the switch as well on the ASAs, 3 ports were on the port channel, however, the other 3 that belonged to the Secondary Unit stayed on a "suspended" state. What I did to correct this issue was to create a port-channel 2, and I put the same config and it was working fine. I know that If I dont use LACP, the 6 ports can be functional, however, if I use LACP, 3 ports always stay on Suspended. Quite sure this is an easy one, just cant find the root cause. Thanks! Mike.
*** Notice de confidentialité*** Ce message ainsi que les éventuelles pièces jointes constituent une correspondance privée et confidentielle à l'attention exclusive du destinataire désigné ci-dessus. Si vous n'êtes pas le destinataire du présent message ou une personne susceptible de pouvoir le lui délivrer, il vous est signifié que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez reçu ce message par erreur, nous vous remercions d'en informer l'expéditeur par téléphone ou de lui retourner le présent message, puis d'effacer immédiatement ce message de votre système. Merci! ***Disclaimer*** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying to this message, and then please delete this message from your system. Thank You!
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
