Some may say that bandwidth is king. This is true in many cases, especially with higher end video applications becoming more prevalent in network environments. In this post I'll show you how to get more bandwidth with your Cisco ASA, as well as an added bonus of high availability.
The solution is Etherchannel and it became available on the ASA in version 8.4. Essentially what you are accomplishing is a bundle relationship between two interfaces that are looked at as one in the ASA. So a 1-GBps interface can be EtherChanneled with another to become a 2-GBps bundle. There's the bandwidth increase that some may be looking for. What about the high availability? That comes with the bundle. The ASA load balances traffic over the two interfaces in the bundle. If one interface goes down the traffic still travels over the other interface. How's that for a bit of redundancy?
Lets look at how to configure EtherChannels on the ASA. There are basically two methods:
- Use ASDM and configure via a GUI interface
- Use the CLI
First let's examine the GUI interface.In the Figure A, I've navigated to Configuration>Device Settings>Interfaces and I've selected the Add button. This presents an option to create an EtherChannel Interface.
(Click to enlarge screenshots)The next step is to provide the parameters for the EtherChannel. In Figure B, you can see the need to provide a Port Channel ID, an interface name, and a security level. Additionally you must add available physical interfaces as group members. You select them and use the add button to move them into the group. You'll notice that the GigabitEthernet0/0 as well as GigabitEthernet0/1 interfaces are not present. This is because they are already configured. At the bottom of the configuration page you must determine how the IP address of the interface is to be configured. In this case we have statically assigned the IP address.
For this sample connection, I'm using source and destination IP and layer 4 port number.
Overall, the configuration of the ASA is very simple. ASDM makes sure of that, but again, if you've configured EtherChannels on Cisco switches it's pretty easy still. One additional note would be to make sure that the switch side has a mirror configuration. He following would work on the connected switch.
Interface PortChannel 1
ip address 172.16.99.2 255.255.255.0
interface range g0/7-8
Brandon Carroll has been in the industry since the late 90s specializing in data networking and network security in the enterprise and data center. Brandon holds the CCIE in security and is a published author in network security.