Cisco – 2-stacked switches with 2 uplinks to each ASA

ciscocisco-asafailoverstackingswitch

My current single uplink from 2-stacked switches to ASA is not enough to cater the link utilization (upload traffic from the 2-stacked switches to ASA). So, I have thought of using 2 uplinks. If I use Etherchannel for the 2-uplinks, then only one link will run in case that one link down instead of failover to standby ASA using 2 standby-uplinks.

Please advise if there is better way of using the 2 uplinks to each ASA and failover to standby ASA in case that one uplink is down.

Please refer the current and new planned diagrams below.

enter image description here

Best Answer

Using a 2nd Uplink and using link aggregation (etherchannel) is the right way to go. Keep in mind that your throughput problems might be due to the ASAs limitations (which model do you use?)

Another thing to keep in mind is the load balancing algorithm you use for etherchannel (src-mac, src-dst-mac, src-dst-ip, src-dst-mac-ip). Based on your traffic patterns the default algorithm src-mac might not be the right choice.

Let me know if you need any configuration examples.

ASA

interface gi0/0
channel-group 1 mode passive

interface gi0/1
channgel-group 1 mode passive

Switch

interface gi1/0/1
channel-group 1 mode active

interface gi2/0/1
channgel-group 1 mode active

To verify the status of the link aggregation use the following commands

ASA

show port-channel summary

Switch

show etherchannel summary

both devices should display your configured ports with status P (bundled)

Related Topic