ASA5580 port channel to 6509 VSS

Similar Messages

• Nexus 1010v interfaces, port-channel, Catalyst 6500E VSS

  I'm installing a pair of 1010v-X appliances using flexible network option 5 on version 4.2(1)SP1(5.1).
  I have all interfaces grouped into a single port channel 6.  All interfaces uplink to a pair of Catalyst 6506Es in a VSS (Sup2T).
  My question relates to the VSS configuration.
  For example, do I set up one port-channel on the VSS and put all 12 interfaces in it? Or, do I set up two port-channels on the VSS and put the active 1010v-X in one port-channel and the standby into another port-channel?
  Do I set dot1q trunking up on the port-channel(s) on the VSS?
  Thanks.

  Hi,
  What version of IOS are you running on the ASAs?
  see table-12-3 in this link:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start.html
  Also, since the 4500x are in VSS mode, you need to bundle one link from each switch and use LACP.
  HTH

• LACP port channel between 6509 and Nexus 7K

  We are in the process of migrating from dual 6509's to dual 7010's.  We have moved our 5k/2K's behind the 7K and have layer 2 up between the 6509 and 7K.  This link is configured as a port channel with 2 1gig links using LACP.  The port channel is up and working and traffic is passing but it doesn't appear the load it equally distributed between the links.  Both the 7K and 6K are setup for src-dst-ip for the load balancing.  The links have been in place for over 12 hours and I would have expected them to "equal" out.  Has anyone had this issue in or is this to be expected?  For clarification there is not VPC inolved in this configuration it is simply a port-channel between one 6509 and a 7010.
  Thanks,
  Joe

  We are in the process of migrating from dual 6509's to dual 7010's.  We have moved our 5k/2K's behind the 7K and have layer 2 up between the 6509 and 7K.  This link is configured as a port channel with 2 1gig links using LACP.  The port channel is up and working and traffic is passing but it doesn't appear the load it equally distributed between the links.  Both the 7K and 6K are setup for src-dst-ip for the load balancing.  The links have been in place for over 12 hours and I would have expected them to "equal" out.  Has anyone had this issue in or is this to be expected?  For clarification there is not VPC inolved in this configuration it is simply a port-channel between one 6509 and a 7010.
  Thanks,
  Joe

• Why don't channel-group numbers match on a VSS port-channel link?

  Hi All,
  I have two 6509's that are VSS'd together via four 10gig links on each side. The configuration was done before I started this job, but in reviewing the configs I see that the 10gbps VSS heartbeat links are port-channeled together on each side, but one side is channel-group 2, while the other end of the bundle is channel-group 1.
  I thought that channel-group numbers needed to match on both ends of the port-channel for it to form correctly?
  I'm guessing that this has to happen because the switches are virtually one, so you can't put all 8 links into the same channel-group number or there would be nothing to connect to on the other side. Therefore, the "switch virtual link #" command is the real code that tells the switch where the other end of the link is, regardless of channel-group number, correct?

  Dean,
  The channel-group number does not have to be the same on each end. The four ports on switch A have to be in the same channel-group, and the four ports on switch B have to be in the same channel-group, but there's no communication across that line about what the channel-group is called. It's just a name. From a design standpoint it is nice to have them the same on both sides, but it's not always simple to allow for that in the design of a network.
  -Jameson

• Vss 1440 Link aggregation in the port-channel

  We are setting up a vss 1440 with 2 6509.  I have 2 supervisor blades per chassis.  I have 4 tengig ports on each switch in each port channel.  we followed the configuration guide from CISCO.  In a SH IP INT BR we only see one port on each switch in the port-channel as up.  We want all ports up, after doing some research on the web I am still stuck.  Does anyone have any ideas?

  HI,
  Can you please share a couple of output:
  show ether-channel summary
  show module
  show version
  Also can you let me know which port-channel you are talking about and which line-card is the port-channel is?
  Is it the VSL link you are concerned and if yes on which module is the VSL link connected to?
  Regards,
  Seemab

• VSS port channel options

  Hi,
  I am converting 2 6500 chassis to VSS, currently they are configured as primary & backup. Downstream switch have 4 uplinks,  2 to each chassis with port channels. After I convert to VSS I will have all 4 ports connecting to downstream switch in a port channel, can I keep 2 separate port channels on downstream switch or will it cause issues ?
  thanks
  hasrat

  Hi Hazrat,
  I agree with Reza. By the way what is at your mind in keeping 2 seperate port-channels to one device?(please note after VSS logically it is one switch). One of the Port-channel will not be used at all since spanning tree will block it. So as Reza said bundle them in all one.
  Thanks,
  Madhu

• 6880X VSS Port-Channel

  Hi
  I was trying to configure two 6800x switches as a VSS pair, Ive done this on 4500x switches before and worked a treat. when setting up a L2 port-channel, for some reason it puts the ports into routed mode and does not allow me to build a L2 port-channel.
  So I add the following config for the port-channel
  Interface port-channel 10
  Description VSL_Link
  switchport
  switch virtual link 2
  no shut
  Interface range Tengig 1/1 – 1/2
  Description VSL_Link
  switchport mode trunk
  channel-group 10 mode on
  Now as soon as I type the channel-group 10 mode on, it gives an error
  "Command rejected  (Port-channel10): Either port is L2 and port-channel is L3, or vice-versa"
  I managed to create a L2 port-channel on a 4500x, will the 6800x only allow me to create a l3 port channel. 

  Hi 
  I tried this config on the 4500x and it worked, now I have also added the switchport mode trunk command to both the port-channel and interface and still getting the same error. 
  When I do sh int status, the ports are showing as routed
  I cleared the config and first set both interface as trunks, then when I do the channel-group 10 mode on command, it accepts the command an automatically creates the port-channel, but the interfaces show as routed.
  This is my first time using a 6880x, when i logged into it, the default hostname is set to Router. I was expecting it to be named Switch, not that the hostname affects the config but makes me wonder, is the config different for the 6880x as opposed to other L3 switches

• 8Gig Port Channel between two 6509s

  Hey all,
  I have two 6509s that I'm trying to configure an 8 Gig trunk/port channel. I have an 8 port fiber module in slot 3 on both switches. When I use the following command: "set port channel 3/1-8" on it seems to take the command, but if I do "show port channel" it shows two groups:
  3/1-4
  3/5-8
  Is there a limit as to how many gigs a port channel can be? If not, why does it split it like this?
  I should also note I'm using dot1q for the trunks using Auto mode on one switch and Desirable on the other.
  Thanks,
  Scott

  I did a show port cap on the interfaces and I didn't see any sort of restriction. I decided to run the command again 'set port channel 3/1-8 on' and for some reason it seemed to work this time. Not sure what changed, but it's working now.
  Thanks for your help!

• Port Channel 5548 with 6509

  My company just purchased a Nexus 5548.  I've been fooling around with the configurations and just getting familiar with this equipment.  I've already configured a port channel using 2 10gig ports on our 3850 and its working fine.
  Now, I'm trying to configure a second port channel with our 6509 1gig ports. Ports comes up. But I cannot communicate between these 2 devices.
  Show CDP Neigh shows the other devices. Show Etherchannel summary is blank
  This is the config on the 6509
  interface Port-channel22
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface GigabitEthernet9/7
    switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-group 22 mode on (I also tried using Active and desirable)
  Config on 5548
  Inteface Port-Channel 2
  switchport
   switchport mode trunk
   speed 1000
  interface ethernet1/32
   switchport mode trunk
   speed 1000
   channel-group 22 mode on
  I also have feature Lacp , interface vlan and vlan dot1q tag native enabled
  Any ideas why I cannot communicate between these devices? 

  This is what is showing on the 5548
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-SPEED: Interface Ethernet1/32, operat
  ional speed changed to 1 Gbps
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/32, op
  erational duplex mode changed to Full
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Etherne
  t1/32, operational Receive Flow Control state changed to off
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Etherne
  t1/32, operational Transmit Flow Control state changed to off
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-SPEED: Interface port-channel2, opera
  tional speed changed to 1 Gbps
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_DUPLEX: Interface port-channel2, o
  perational duplex mode changed to Full
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-ch
  annel2, operational Receive Flow Control state changed to off
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-ch
  annel2, operational Transmit Flow Control state changed to off
  2015 Mar 18 08:18:09 DC-5548-01 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel2: Ethe
  rnet1/32 is up
  2015 Mar 18 08:18:09 DC-5548-01 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel2:
  first operational port changed from none to Ethernet1/32
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_UP: Interface Ethernet1/32 is up i
  n mode trunk
  2015 Mar 18 08:18:09 DC-5548-01 %ETHPORT-5-IF_UP: Interface port-channel2 is up
  in mode trunk
  My 6509 does not show anything. Now when I do  a show etherchannel summary on the 6509, the protocol is lacp.

• Wlc 5508 get error when use port-channel

  We have two wlc in the system 5508 and 4402.
  we config HA for 2 wlc, both wlc enable LAG
  When I connect 2 interface  of 5508 to 2 interface (in a port channel mode on, trunk, dot1q) of a
  couple of VSS switch, I cant management 5508 through web any more, and I still can do with 4402.
  If I  shutdown 1 port int the port-channel, it work well.
  Do you know what happen ?
  Thanks
  Duyen

  hi Scott,
  We have VSS ( 2 x 6509) trunk with (2 switch 4506).  one port of wlc4402 connect to one port of one swith 4506.
  2 ports of wlc 5508 conect to 6509, each port connect to one switch 6509.
  the config in VSS switch like this:
  interface gig1/1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 500 mode on
  interface gig2/1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 500 mode on
  etherchannel load-balancer src-dst-ip
  ( I dont see this command in running config)

• Port channels across slots on a 6500

  Hi experts,
  we have 2 x 6509-E chassis NOT doing VSS, having a 10g module ( WS-X6708-10GE ) in each chassis. We plan to get another 10g module (same as existing) for each chassis. I was planning to move some ports from the existing module to the new module. 
  Question - Is a port channel supported across 2 modules on the same switch? 
  thnx

  Hey,
  Cross module etherchannel is supported as long as physical characteristics of ports match. Do check the QoS properties as well.
  Also check the restrictions section as well:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/channel.html#wp1020420
  HTH.
  Regards,
  RS

• WLC 4402 LAG connection to 2 different chassis of 6509 VSS switch system

  Hi,
  I have inherited a 6509 VSS switch system as the network core and have the task of ensuring proper redundancy and redesign of the directly connected data center devices.  One of the connected devices (WLC 4402) physically appears to be connected to both switches - the WLC is in the same rack as VSS-Chassis1 so I can trace the fiber from WLC port 1 to gi1/1/22, the other fiber from the WLC port 2 goes into the floor and presumably over to VSS-Chassis2 gi2/1/22 (there is fiber connected there, I have link lights on both sides, and the port channel, Po200, on the VSS switch which is configured on gi1/1/22 is also configured on gi2/1/22).  My question pertains to the CDP neighbor output I get on the VSS switch: (truncated to include just the WLC)
  NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/2
  NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 LAGInterface0/3/1
  NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/1
  It looks like both WLC ports are physically connected to Gi1/1/22, which they are quite obviously not.
  This is confirmed on the WLC's sho cdp entry all output:
  (Cisco Controller) >show cdp entry all
  Device ID: ncmec-vsscoresw1.ncmec.org
  Entry address(es): 100.1.0.254
  Platform: cisco WS-C6509-E,  Capabilities: Router Switch IGMP
  Interface: LAGInterface0/3/1,  Port ID (outgoing port): GigabitEthernet1/1/22
  Holdtime : 160 sec
  I believe that the multi chassis etherchannel is set up correctly on the VSS:
  vsscoresw1#sho run int gi1/1/22             
  interface GigabitEthernet1/1/22
  description WLC-Management
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  channel-group 200 mode on
  end
  vsscoresw1#sho run int gi2/1/22
  interface GigabitEthernet2/1/22
  description WLC-Management
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  channel-group 200 mode on
  end
  vsscoresw1#sho run int po200
  interface Port-channel200
  description WLC-Management
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  end
  And yet when I show the details of port channel 200, I expect to see "mode on" but get instead see LACP which is unsupported on the WLC:
  vsscoresw1#sho etherchannel 200 detail
  Group state = L2
  Ports: 2   Maxports = 8
  Port-channels: 1 Max Port-channels = 1
  Protocol:    -
  Minimum Links: 0
                  Ports in the group:
  Port: Gi1/1/22
  Port state    = Up Mstr In-Bndl
  Channel group = 200         Mode = On      Gcchange = -
  Port-channel  = Po200       GC   =   -         Pseudo port-channel = Po200
  Port index    = 0           Load = 0xFF        Protocol =    -
  Mode = LACP
  Age of the port in the current state: 180d:19h:47m:01s
  Port: Gi2/1/22
  Port state    = Up Mstr In-Bndl
  Channel group = 200         Mode = On      Gcchange = -
  Port-channel  = Po200       GC   =   -         Pseudo port-channel = Po200
  Port index    = 1           Load = 0xFF        Protocol =    -
  Mode = LACP
  Age of the port in the current state: 180d:19h:47m:02s
                  Port-channels in the group:
  Port-channel: Po200
  Age of the Port-channel   = 354d:12h:47m:27s
  Logical slot/port   = 46/19          Number of ports = 2
  GC                  = 0x00000000      HotStandBy port = null
  Port state          = Port-channel Ag-Inuse
  Protocol            =    -
  Fast-switchover     = disabled
  Load share deferral = disabled  
  Ports in the Port-channel:
  Index   Load      Port          EC state       No of bits
  ------+------+------------+------------------+-----------
  0      FF       Gi1/1/22                 On   8
  1      FF       Gi2/1/22                 On   8
  Time since last port bundled:    173d:17h:06m:34s    Gi2/1/22
  Time since last port Un-bundled: 173d:17h:06m:34s    Gi2/1/22
  Last applied Hash Distribution Algorithm: Fixed
  >>>  So my question, arising at least partly from the apparently misleading CDP information, is this:  How can I confirm that the WLC is correctly dual homed to both core switches? (short of tracing the cable)  I ask because there are several other devices (not WLCs) that need to have the dual homed connections confirmed.
  I tried a layer 2 trace route but for all macs associated with the WLC, the trace abborts with the error "Device has Multiple CDP neighbours on destination port."
  Thanks in advance!
  Sue

  PS:  It is critical that I confirm the redundancy, since as a part of the data center redesign we will be moving the second VSS chassis to the same rack with the first to simplify the dual connections.  I need to verify all the redundant connections before I take it offline and move it.  Thanks!

• Host Flapping Between Port Channel

  Hi,
  I have 2 VSS Pair (4X6509E) Switch. First VSS Pair is configured as Server Core and Second VSS Pair is configured as LAN Core. There is a port channel Port 10 with 4Port configured between Server and LAN Core.  We have also couple Wireless LAN Controllers (5508) Connected to Server Core. PortChannel 25 from Wireless LAN Controller 1 and Portchannel 26 from Wireless LAN  Controller 2. (Only 1 controller will be acitve at a time)
  My issue is that am getting a MAC Flapping error between Port Channel 25  and Port Channel 10.  I tried cleard the  MAC entry and from ARP found the IP is LAN Core SVI.
  "%MAC_MOVE-SW1_SP-4-NOTIF: Host ec30.91e1.2f80 in vlan 80 is flapping between port Po26 and port Po10"
  show arp#
  Internet  10.50.200.254          23   ec30.91e1.2f80  ARPA   Vlan50
  VLAN 80 is WIreless Guest VLAN.
  Please guide me in isolating the issue.
  Toplolgy file is attached and also 6509-E is ruuning IOS "s72033-ipservicesk9_wan-mz.122-33.SXI3.bin"

  SERVER-CORE
  interface Port-channel10
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 2-4094
  switchport mode trunk
  no mls qos channel-consistency
  interface TenGigabitEthernet1/6/1
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 2-4094
  switchport mode trunk
  channel-protocol pagp
  channel-group 10 mode desirable non-silent
  nterface TenGigabitEthernet1/6/3
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 2-4094
  switchport mode trunk
  shutdown
  channel-protocol pagp
  channel-group 10 mode desirable non-silent
  interface TenGigabitEthernet2/6/1
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 2-4094
  switchport mode trunk
  channel-protocol pagp
  channel-group 10 mode desirable non-silent
  interface TenGigabitEthernet2/6/3
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 2-4094
  switchport mode trunk
  channel-protocol pagp
  channel-group 10 mode desirable non-silent
  interface Port-channel25
  description *****Connected to QOC-WLC1*****
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet1/1/3
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 25 mode on
  interface GigabitEthernet1/1/4
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 25 mode on
  interface Port-channel26
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  interface GigabitEthernet2/1/3
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 26 mode on
  interface GigabitEthernet2/1/4
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  channel-group 26 mode on
  SERVER-CORE#show etherchannel summary
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  1      Po1(RU)          -        Te1/5/4(D)     Te1/5/5(P)    
  2      Po2(RU)          -        Te2/5/4(D)     Te2/5/5(P)    
  10     Po10(SU)        PAgP      Te1/6/1(P)     Te1/6/3(D)     Te2/6/1(P)     Te2/6/3(P)    
  25     Po25(SU)         -        Gi1/1/3(P)     Gi1/1/4(P)    
  26     Po26(SU)         -        Gi2/1/3(P)     Gi2/1/4(P)    

• FWSM Default port channel?

  I'm doing some L2 cleanups across mutliple 6509E environments and I've found something consistent that I can't find in documentation.
  On all my pairs of 6509s where I have FWSMs bundled (6509-A has FWSM-1 is Slot 1 and 6509-B has FWSM-2 in Slot 1) I also have a port channel 305. Obviously when I do a "show run" or "show int desc" I don't see anything in slot one. It's a service module. But the port channel is referencing ports 1/1-6. And it's all in service/up. I was about to delete this as I thought it was some leftover config (TEST 6509s) until I went and saw the same things on our PROD 6509s. Can anyone explain this or provide some documentation on it? Is it cosmetic? Necessary? Can I delete it as part of my audit cleanup? Don't want to mess with it even in TEST without some information. Nothing on google that's clear and I can't find anything on CCO.
  6509-1#sho etherch 305 summ
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 11
  Number of aggregators:           11
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  305    Po305(SU)        -        Gi1/1(P)       Gi1/2(P)       Gi1/3(P)      
                                   Gi1/4(P)       Gi1/5(P)       Gi1/6(P)      
  Last applied Hash Distribution Algorithm:   -
  6509-1#sho etherch 305 det 
  Group state = L2
  Ports: 6   Maxports = 8
  Port-channels: 1 Max Port-channels = 1
  Protocol:    -
  Minimum Links: 0
                  Ports in the group:
  Port: Gi1/1
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 0           Load = 0x41        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:39s
  Port: Gi1/2
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 1           Load = 0x02        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:39s
  Port: Gi1/3
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 2           Load = 0x04        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/4
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 3           Load = 0x88        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/5
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 4           Load = 0x10        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/6
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 5           Load = 0x20        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
                  Port-channels in the group:
  Port-channel: Po305
  Age of the Port-channel   = 46d:06h:55m:56s
  Logical slot/port   = 14/11          Number of ports = 6
  GC                  = 0x00000000      HotStandBy port = null
  Port state          = Port-channel Ag-Inuse
  Protocol            =    -
  Fast-switchover     = disabled
  Load share deferral = disabled  
  Ports in the Port-channel:
  Index   Load   Port     EC state        No of bits
  ------+------+------+------------------+-----------
    0     41     Gi1/1    On    2
    1     02     Gi1/2    On    1
    2     04     Gi1/3    On    1
    3     88     Gi1/4    On    2
    4     10     Gi1/5    On    1
    5     20     Gi1/6    On    1
  Time since last port bundled:    46d:06h:53m:41s    Gi1/6
  Last applied Hash Distribution Algorithm:   -
  NOC-SW-ITEST-AGG1#

  The connection between the FWSM and the switch is a 6-GB 802.1Q trunking EtherChannel. This EtherChannel is automatically created when you install the FWSM.
  http://cisconetwork.org.ua/1587051893/ch04lev1sec1.html
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/switch.pdf
  Thanks
  Ajay

• ACE - Port-channel High Availability

  We have configured two ACEs with high Availability. ACEs link with our cores, switches cat6500, through a port-channel, ACE’s ports G1/1 and G1/2. High availability works fine if some vlan down but it doesn’t work if an interface down, only if both interfaces get down because then, all vlans of the channel port get down two.
  If possible get an interface port-channel high availability?
  Thanks for your help in advance.

  Thanks for your answer. I have two Cat6500, no VSS possibility. I have two ACEs so each one has configured a port-channel with one Cat6500 (two ports). It works fine. Any problem with that. My issue is when one port-channel of both port is down, failover doesn’t works then, only if both ports are down or vlans are down. I think high availability is only possible in vlan interfaces, not in physical interfaces.
  Regards my friend.