Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco ASA 5515-X Adaptive Security Appliance
  5. Hoja De Datos

Cisco Cisco ASA 5515-X Adaptive Security Appliance Hoja De Datos

Descargar
Página de 4
 
 
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 
Page 2 of 4 
with large number of asymmetric flows, it is recommended to assign an equal number of interfaces for the data link 
and the cluster control link. It is also another reason why all the nodes in the cluster must be identical, because 
different models have a different number of interfaces and capabilities. 
A maximum of 16 nodes is supported in a single cluster. All these nodes are managed as a single logical firewall. 
However the ability to look at the statistics of the individual nodes in a cluster is also available. The cluster upgrade 
is achieved without any disruption in traffic because the nodes in the cluster are allowed to be at different minor 
versions during the upgrade. 
In clustering, load-balancing of traffic across multiple ASA nodes is done in two ways. One is by configuring 
the data interfaces as spanned EtherChannel interfaces, and the other by configuring the data interfaces as 
individual interfaces. 
Spanned EtherChannel Interfaces 
In this type of deployment the EtherChannel does the job of load-balancing data traffic across the nodes of the 
cluster (see Figure 1). 
Figure 1.    Load Balancing by Spanned EtherChannel Interfaces 
 
 
An EtherChannel aggregates multiple links between two devices to increase throughput. An added benefit is 
the high availability provided by redistributing traffic between the two devices if one interface were to fail. Link 
Aggregation Control Protocol (LACP) allows dynamic negotiation and the establishment of an EtherChannel 
between two devices. Cluster LACP (cLACP) implemented on the ASA makes multiple ASA nodes in the cluster 
appear as one logical firewall to the switch they are connected to. This is achieved by bundling multiple interfaces 
on different nodes into a single big EtherChannel on the Cisco ASA side. 
A virtual port channel (vPC) allows links that are physically connected to two Cisco Nexus
®
 7000 Series Switches 
to appear as a single EtherChannel to a Cisco ASA. A vPC also allows all links to actively forward traffic, resulting 
in maximum use of the hardware.