45-12
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
Related Topics
Configuring EtherChannels, page 45-8
Editing LACP Port Parameters for an Existing EtherChannel Interface
Follow these steps to edit an existing EtherChannel-assigned interface:
Step 1 In the table on the device’s Interfaces page, select an interface that is a Member of a Port-channel group.
(See Managing Device Interfaces, Hardware Ports, and Bridge Groups, page 45-14 for information about
accessing and using this table.)
Step 2 Click Edit Row to open the Edit Interface dialog box for that interface.
Only the Enable Interface check box, the LACP Port parameters, and the Description field can be altered.
Step 3 Edit the LACP Port parameters as necessary:
Priority – This number is combined with the port number assigned to the interface to produce a
unique port identification number. This value can be 1 to 65535, with higher numbers signifying
lower priorities. The default is 32768. This parameter applies only when the port is in Active or
Passive mode.
Mode – Choose one of these LACP modes:
Active – In Active mode, a port initiates LACP exchanges with the partner device and
periodically sends updates to the partner. Active LACP reflects the port’s preference to
participate in the protocol regardless of the partner’s control mode.
Passive – A Passive-mode port does not initiate LACP exchanges, but upon receiving a request
from the partner, the port will start exchanging LACP information with the partner. Passive
mode is useful when it is not clear if the remote port supports LACP.
Some devices may show undesired behavior when they do not have LACP enabled and they
receive periodic LACP updates. However, for channeling to operate correctly, at least one port
must be configured in Active mode.
On – Use this mode to configure a static port-channel in which all member interfaces are “on,”
meaning up to 16 ports are passing traffic, with no stand-by ports. No negotiation takes place
and most restrictions associated with the other two modes do not apply; for example, the speed
and duplex settings do not have to be the same for all member ports, and all member ports (up
to 16) remain Active. Note that the remote ports also must be On.
VSS or vPC Switch ID – Identifies the Virtual Switching System (VSS) or Virtual Port Channel
(vPC) switch ID to which the interface is connected.
Step 4 Continue editing this interface, as described in Add/Edit Interface Dialog Box (PIX 7.0+/ASA/FWSM),
page 45-19.
About EtherChannel Load Balancing
Traffic in an EtherChannel is distributed across the individual bundled links in a deterministic fashion;
however, the load is not necessarily balanced equally across all the links. Instead, frames are forwarded
on a specific link as a result of a hashing algorithm. This algorithm uses a specific field or combination
of fields in the packet header to produce a fixed Result Bundle Hash (RBH) value that indicates which
link to use.