Cisco ASA vPC configuration issue

ciscocisco-asacisco-nexusswitchvpc

I have this scenario and trying to configure vPC for Cisco ASA 5585 (Active-Standby)

enter image description here

Nexus vPC config:

interface port-channel1
  switchport mode trunk
  switchport trunk allowed vlan 10
  speed 10000
  mtu 9216
  vpc 1

Nexus vPC output

# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 3
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled, timer is off.(timeout = 240s)
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1    Po999  up     10,100

vPC status
----------------------------------------------------------------------
id   Port   Status Consistency Reason                     Active vlans
--   ----   ------ ----------- ------                     ------------
1    Po1    up     success     success                    10

Cisco ASA config:

# sh run int po1
!
interface Port-channel1
 lacp max-bundle 8
 no nameif
 no security-level
 no ip address
!
interface TenGigabitEthernet0/8
 channel-group 1 mode active
 no nameif
 no security-level
 no ip address
!
interface TenGigabitEthernet0/9
 channel-group 1 mode active
 no nameif
 no security-level
 no ip address
!

Port-channel summary 

# show port-channel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        U - in use      N - not in use, no aggregation/nameif
        M - not in use, no aggregation due to minimum links not met
        w - waiting to be aggregated
Number of channel-groups in use: 1
Group  Port-channel  Protocol  Span-cluster  Ports
------+-------------+---------+------------+------------------------------------
1      Po1(N)            LACP          No     Te0/8(P)   Te0/9(P)

Question:

  • Why port channel showing Po1(N) N - not in use, no aggregation/nameif?

  • How vPC work in Active-Standby mode?

  • I haven't see any document related vPC with ASA so far so does this solution going to work or i am wasting my time?

I found link here but not useful: https://www.fir3net.com/Switches/Cisco/design-caveats-active-standby-network-devices-connected-via-vpc.html

Best Answer

This should work as long as you configure them properly.

Below captures are from Best Practices for vPC on Cisco Nexus 7000 Series Switches

enter image description here

enter image description here

enter image description here

Related Topic