Less than a year after changing the rules with ASA version 8.3, Cisco has released a new OS version 8.4. Since I won’t be covering the release notes word for word, you can find them here… I just wanted to go over the highlights.
- EtherChannel support – Lets start with he most exciting feature first. ASA version 8.4 now supports up to 48 802.3ad EtherChannels of eight active interfaces each. Note: You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel. New commands include: channel-group, lacp port-priority, interface port-channel, lacp max-bundle, port-channel min-bundle, port-channel load-balance, lacp system-priority, clear lacp counters, show lacp, show port-channel.
- Stateful Failover with Dynamic Routing Protocols – Routes that are learned through dynamic routing protocols (like OSPF or EIGRP) on the active unit are now maintained in a Routing Information Base (RIB) table on the standby unit. Updated commands: show failover, show route, show route failover.
- Show Top CPU Processes – You can now monitor the processes that run on the CPU to obtain information related to the percentage of the CPU used by any given process. New command: show process cpu-usage sorted
- TCP Ping Enhancement – you can specify a source IP address and a port and source interface to send pings to a hostname or an IPv4 address. New command: ping tcp
- IKEv2 – Internet Key Exchange version 2 (IKEv2) is the latest key exchange protocol used to establish and control Internet Protocol Security (IPsec) tunnels. The ASA now supports IPsec with IKEv2 for the AnyConnect Secure Mobility Client, Version 3.0(1), for all client operating systems. Updated commands: vpn-tunnel-protocol, crypto ikev2 policy, crypto ikev2 enable, crypto ipsec ikev2, crypto dynamic-map, crypto map.
Notes
- ASA 5500 Version 8.4 requires ASDM Version 6.4 or later.
- Still using 8.3 NAT…
- v8.4 also increases some scalability features (such as number of Vlans, connections, contexts, Anyconnect VPN sessions etc) mainly on higher end models such as 5580, 5585-X.
- If you’re using ASA <8.3(x) you'll need a memory upgrade. ( see table below )
Network engineer turned management currently servicing the enterprise data center market. I started working on networks in the ’90s and still feel like that was just a few years ago. Jack of all trades, master of none; I love to learn about everything. Feel free to ask me about photography, woodworking, nhra, watches, or even networking! — For feedback, please leave a comment on the article in question, and I’ll respond as soon as I can. For everything else including fan mail or death threats, contact me via twitter.
