Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsSecurity CameraCisco Systems CL-28826-01
1651165216531654165516561657165816591660
45-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
As mentioned, an EtherChannel can consist of between one and eight active links, with up to 16 assigned
to the group (on the General panel). Use these fields to indicate the minimum and maximum number of
interfaces that can be active in this channel group at any given time.
Step 8 Continue configuring this interface, as described in Add/Edit Interface Dialog Box (PIX
7.0+/ASA/FWSM), page 45-19.
Note The EtherChannel LACP System Priority for this device is specified in the Advanced Interface
Settings (PIX/ASA/FWSM), page 45-42 dialog box.
Editing LACP Parameters for an Interface Assigned to an EtherChannel
After assigning interfaces to an EtherChannel (port-channel) group, you can edit the LACP Port
parameters for each member interface, as described here.
Note This feature is available only on ASA 8.4.1+ devices.
The Link Aggregation Control Protocol (LACP) directs aggregation of physical Fast Ethernet, Gigabit
Ethernet, or Ten-Gigabit Ethernet interfaces into an EtherChannel group, and updating the remote
partner device with current information after it finds a compatible set of ports and assigns a unique value
called an “operational key” to the group. Note that operational key assignment is automatic; you cannot
configure it.
Caution These LCAP parameters are not available when the EtherChannel is assigned as a failover link.
LACP System Priority
Every LACP-enabled device has a unique system ID that is formed by combining a System Priority
identifier and the system’s MAC address. In certain situations, two EtherChannel-linked systems may
need to change the operational key assigned to a set of ports to allow optimal aggregation. In such a
situation, the system with higher priority is allowed to dynamically modify the operational key value
assigned to the ports to achieve better aggregation. The system with the lower priority is not allowed to
change the operational keys. The System Priority identifier is user-configurable, as described in
Advanced Interface Settings (PIX/ASA/FWSM), page 45-42.
LACP Port Parameters
Port identification is provided by a unique number assigned to every group interface; this identifier is
formed by combining a configurable Port Priority number and the port number assigned to the interface.
The port identifier provides port aggregation priority. Ports are considered for active use in an
aggregation starting with the port that has highest aggregation priority in the system, and working down
through an ordered list of port identifiers. The use of this port aggregation priority makes aggregation
predictable and reproducible by selecting the links for aggregation in the same manner when all links
are running LACP concurrently.
In addition, you can configure the priority of each port to administratively control the set of stand-by
ports. For example, the port with the lowest priority will be considered last for group aggregation and
will be become a stand-by port (assuming enough members are assigned to the group to allow stand-by
ports).