Guidelines And Limitations - Cisco ASA Series Cli Configuration Manual
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Guidelines and Limitations
To view a matrix of hardware and software compatibility for the ASASM and Cisco IOS versions, see
the Cisco ASA 5500 Series Hardware and Software Compatibility:
http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html
Some ASASM features interact with Cisco IOS features. The following features involve Cisco IOS
software:
•
•
•
•
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
VLAN Guidelines and Limitations
•
•
•
•
•
•
•
SPAN Reflector Guidelines
In Cisco IOS software Version 12.2SXJ1 and earlier, for each ASASM in a switch, the SPAN reflector
feature is enabled. This feature allows multicast traffic (and other traffic that requires a central rewrite
engine) to be switched when coming from the ASASM. The SPAN reflector feature uses one SPAN
session. To disable this feature, enter the following command:
Router(config)# no monitor session servicemodule
Cisco ASA Series ASDM Configuration Guide
1-2
Virtual Switching System (VSS)—No ASASM configuration is required.
Autostate—The supervisor informs the ASASM when the last interface on a given VLAN has gone
down, which assists in determining whether or not a failover switch is required.
Clearing entries in the supervisor MAC address table on a failover switch—No ASASM
configuration is required.
Version compatibility—The ASASM will be automatically powered down if the supervisor/ASASM
version compatibility matrix check fails.
Use VLAN IDs 2 to 1000 and from 1025 to 4094.
Routed ports and WAN ports consume internal VLANs, so it is possible that VLANs in the
1020-1100 range might already be in use.
You cannot use reserved VLANs.
You cannot use VLAN 1.
If you are using ASASM failover within the same switch chassis, do not assign the VLAN(s) that
you are reserving for failover and stateful communications to a switch port. However, if you are
using failover between chassis, you must include the VLANs in the trunk port between the chassis.
If you do not add the VLANs to the switch before you assign them to the ASASM, the VLANs are
stored in the supervisor engine database and are sent to the ASASM as soon as they are added to the
switch.
You can configure a VLAN in the ASASM configuration before it has been assigned on the switch.
Note that when the switch sends the VLAN to the ASASM, the VLAN defaults to be
administratively up on the ASASM, regardless of whether the you shut them down in the ASASM
configuration. You need to shut them down again in this case.
Chapter 1
Configuring the Switch for Use with the ASA Services Module
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
