Catalyst 3750G and WLC 440x - Port Channel - Configuration - Best Pactice

Similar Messages

• WAAS Port Channel Configuration

  In the recent weeks we got some reports that CIFS writing performance to NETAPP OnTap 7.3 filer was degraded for WAAS accelerated connections.  NETAPP OnTAP 7.2  and native Microsoft filers were running fine. In our Testlab we could correlate this issue with the port channel setup on  our WAAS devices. With round robin (standard setting) the CIFS writing perforamce was poor. By switching  the port channel loadbalancing to src-dst-ip-port the performance was excellent.
  Is there any known best practices recommendation for port channel configuration on WAAS  devices?
  Many thanks in advance, Peter.

  The best practice depends on your network. Most deployments are fine with the default round robin configuration for port channel on the WAE. But I have encountered some installations where the configuration had to be changed in order to avoid out of order packets causing slow performance (like, if there is a firewall between the WAE and the server).
  Sent from Cisco Technical Support iPhone App

• Port-channel configuration 3560X and 2960S

  Hello,
  I am trying to connect a 2960 swith to 3560X using port channel. I have configred the switches with the following configratuion and connected them with straight ethernet cable, the link came up and then it went int err-disable state. I re-enabled the links and connected them using one cross over cable it connected and remained connected for a whole day in my lab. When I shut down both switches and took them the server room and connected both ports using cross over cable it came up and then went into err-disable state. Bellow is my configuration, can you please point out to me what I am missing: (no VTP domain configured on any of the switches)
  ------------------2960 configuration----------------------
  interface Port-channel1
  switchport trunk native vlan 999
  switchport mode trunk
  interface GigabitEthernet1/0/51
  switchport trunk native vlan 999
  switchport mode trunk
  channel-group 1 mode on
  interface GigabitEthernet1/0/52
  switchport trunk native vlan 999
  switchport mode trunk
  channel-group 1 mode on
  ------------------3560X configuration-------------------------------
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 999
  switchport mode trunk
  interface GigabitEthernet0/23
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 999
  switchport mode trunk
  channel-group 1 mode
  interface GigabitEthernet0/24
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 999
  switchport mode trunk
  channel-group 1 mode on
  Thank you.

  Hi,
  Your condig looks good and straightthrough cable should work just fine.  Can you do the following:
  take the interfaces out of the portchannel
  shut the portchannel
  shut the interfaces
  add the interfaces to the portchannel
  "no sh" the PO and test again?
  This should bring up the interface and the portchannel
  HTH

• Port channel configuration with VMware

  Hi everyone, I have dual 6120 interconnects, each of which have two uplink ports. I also have two Catalyst 4900M switches to uplink to. So I plan to configure both 802.1q and 802.3ad on each of the 6120 uplink pairs. My question relates to the physical cabling, bearing in mind ESX will be running on the blades.
  Would you cable both the uplink ports on interconnect 1 to switch 1? Or would you cross-connect them to both switch 1 and switch 2?
  As per this article I see ESX does not support splitting a port channel across two switches, but I am unsure how the presence of the 6120s affects this. Can anyone suggest the best way of doing the cabling based on the kit I have? Thanks.
  http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1001938&sliceId=1&docTypeID=DT_KB_1_1&dialogID=14912551&stateId=1%200%2014916516

  Hey Simon, let's address this is two parts because there are two layers: server-bound (ESX-6120) and north-bound (6120-Cat4900).
  At the ESX end, use the default srcPort in the vSwitch / port group with both 10GbE uplink ports (vmnic0 and vmnic1) set to active (not active/passive).  There are no loops in this configuration.  On the VNIC (in UCSM) you select trunk port and allow all the VLANs that your vSwitch port groups needs.  If you don't use a VLAN for the Service Console/ESXi Management, then make sure you set Native to the correct VLAN in the VNIC to allow untagged traffic down the right path.
  At the 6120 you can't explicitly configure a trunk for border ports, they are already set so and when you add VLANs they are added to every border port trunk configuration.  You, of course, need to make sure the Cat4900 ports at the other end of the cable have the same trunkport VLAN configuration.
  So in summary - set VLANs in vSwitch port groups, VNIC in UCSM and northbound switch. 
  Now when it comes to port channels, you can only configure two or more border ports as a port channel if they are cabled to the same Cat4900.  If you had Nexus 5k/7k northbound then you could use vPC on them to allow "mesh" cabling (ie. one 6120 connects to both Nexus switches).  But as you aren't using Nexus you will end up with a configuration as Jeremy explained:
  ESX --> vSwitch0 --> srcPort load balancing --> 2 active uplinks --> many port groups
  6120-a --> Cat4900-a
  6120-b --> Cat4900-b
  However, I would still recommend using a couple of border ports in a port channel on each fabric to each Cat4900 because, if you pull out a cable/lose a port, then when that port is re-enabled the existing live traffic is redistributed whereas without the port channel only new traffic will be spread across both links.
  Cheers
  Steve
  Cisco UCS Team

• Clearing port channel configurations

  In one of my 6509s I've got a lot of old port channel configs listed that I can't remove. How do I remove them short of clearing the config entirely?
  Here's an example...
  set port channel 3/41-42 64
  set port channel 3/43-44 65
  set port channel 6/47-48 67
  set port channel 3/13-14 68
  set port channel 9/5-6 86
  set port channel 9/9-11 87
  set port channel 2/2 93
  set port channel 7/1-4 100
  set port channel 7/25-28 106
  set port channel 7/37-40 109
  set port channel 7/41-44 110
  set port channel 7/45-48 111
  set port channel 4/5-8 112
  set port lacp-channel 5/22,5/45 126
  set port channel 6/29-30 127
  set port channel 9/13-14 128
  set port channel 9/12 129
  set port channel 9/15-16 161
  set port channel 4/41 537
  set port channel 6/31-32 538
  set port channel 8/1-4 661
  set port channel 9/1-4 665
  set port channel 1/1,2/1 719
  set port channel 8/11-12 720
  set port channel 8/13-16 721
  set port channel 8/9-10 722
  set port channel 8/7-8 723
  set port channel 8/5-6 725
  set port channel 4/9-12 726
  set port channel 3/5-8 731
  set port channel 3/1-4 732
  set port channel 4/1-4 733
  set port channel 9/7-8 734
  set port channel 3/15-16 828
  I can't do a "clear port channel" or anything like that.

  Hi Friend,
  I don't think you can remove this commands from configuration till the time you reuse this ports with etherchannel configuration.
  The best idea will be copy the configuration from switch and paste it on a notepad and delete these lines and copy from notepad again and paste it on switch and I think this will take care of your issue.
  HTH, if yes please rate the post.
  Ankur

• ASA5550 port channel configuration ERROR: nameif not allowed on empty etherchannel interface

  Hi All,
  I am having problem when configure port channel on asa5550 
  IOS ver asa914-k8.bin also in ver 9.02   and 8.47.
  Please let me know how can I solve this problem.
  UK-LON-FW(config)# int port-channel 3
  UK-LON-FW(config-if)# vlan 245
                         ^
  ERROR: % Invalid input detected at '^' marker.
  UK-LON-FW(config-if)# nameif secure
  ERROR: nameif not allowed on empty etherchannel interface.
  UK-LON-FW(config-if)#
  here is my interfaces configuration:
  interface GigabitEthernet0/0
  description fw1:G0/0 to uk-lon-gw1:e1/8 fw2:G0/0 to uk-lon-gw2:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/1
  description fw1:G0/1 to uk-lon-gw2:e1/8 fw2:G0/1 to uk-lon-gw1:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/2
  description fw1:G0/2 to uk-lon-sw1a:1 fw2:G0/2 to uk-lon-sw1a:2 dmz
  channel-group 2 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  description fw1:G0/3 to uk-lon-sw1b: fw2:G0/3 to uk-lon-sw1b:2 dmz
  channel-group 2 mode on
  no nameif   
  no security-level
  no ip address
  interface Management0/0
  management-only
  nameif management
  security-level 0
  ip address 10.10.51.18 255.255.254.0
  interface GigabitEthernet1/0
  description fw1:G1/0 to uk-lon-sw1a:3 fw2:G1/0 to uk-lon-sw1a:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/1
  description fw1:G1/1 to uk-lon-sw1b:3 fw2:G1/1 to uk-lon-sw1b:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/2
  description LAN Failover Interface
  no nameif   
  no security-level
  no ip address
  interface GigabitEthernet1/3
  description STATE Failover Interface
  no nameif
  no security-level
  no ip address
  interface Port-channel1
  description outside zone
  no nameif
  no security-level
  no ip address
  interface Port-channel1.5
  description outside zone Bundle FW:G0/0-G0/1 connect to GW1:e1/8-GW2:e1/8
  vlan 5
  nameif outside
  security-level 0
  ip address 216.239.105.5 255.255.255.128 standby 216.239.105.6
  interface Port-channel2
  description dmz Bunlde uk-lon-fw:G0/2-3 to sw1a:1-2 sw1b:1-2
  no nameif
  no security-level
  no ip address
  interface Port-channel2.105
  description dmz
  vlan 105
  nameif dmz
  security-level 50
  ip address 216.239.105.193 255.255.255.192 standby 216.239.105.194
  interface Port-channel3
  description secure zone Bunlde uk-lon-fw:G1/0-1 to sw1a:3-3 sw1b:3-4
  no nameif
  security-level 100
  ip address 10.254.105.1 255.255.255.0 standby 10.254.105.2
  UK-LON-FW(config-if)# 

  Hi Marvin,
  Thank you for your answer.  I did everything but it did not work. Turn out it is a bug ver 8.45 will let you created the sub logical interface but actually it did not work right.  Verson 9.x  doesn't let you create more than 2 port channel (limitation of ASA5550 hardware).
  https://tools.cisco.com/bugsearch/bug/CSCtq62715/?reffering_site=dumpcr 
  Also, you can see the 8.4 release notes were you can see that it is not supported:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#pgfId-522232
  Interface Features
  EtherChannel support (ASA 5510 and higher)
  You can configure up to 48 802.3ad EtherChannels of eight active interfaces each.
  Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
  We introduced the following commands: channel-group , lacp port-priority , interface port-channel , lacp max-bundle , port-channel min-bundle , port-channel load-balance , lacp system-priority , clear lacp counters , show lacp , show port-channel .

• SG300 Port-Channel Configuration

  We have an SG300 52P and a SG300 28P that we need to LAG/Trunk together, but have had a hell of a time doing it.  Both switches are updated to 1.3.0.62.  The 52 port switch is configured in layer 3, the 28 port switch in layer 2.  All connectivity that is directly connected to the 52 port works as intended, but no traffic on the 28 port over the port channel to VLANs outside the native VLAN are working.  Strangely too, it is possible to ping the 28 port from a serial connection on the 52 port on the native vlan address, but cannot access the management interface over ethernet.  The last 4 ports of each switch are part of the port channel.
  Here are the two configurations:
  52 Port:
  vlan database
  vlan 2,4,6,8,10,100
  ip dhcp relay address 10.0.4.10
  ip dhcp relay address 10.0.4.14
  ip dhcp relay enable
  ip name-server  10.0.4.10 10.0.4.14
  hostname CORE-SW1
  ip ssh server
  ip ssh pubkey-auth
  snmp-server server
  snmp-server community public ro 10.0.4.5 view Default
  interface vlan 1
  Name ReserverdDefault
  ip address 192.168.0.1 255.255.255.0
  no ip address dhcp
  interface vlan 2
  ip address 10.0.2.1 255.255.255.0
  ip dhcp relay enable
  interface vlan 4
  ip address 10.0.4.1 255.255.255.0
  ip dhcp relay enable
  interface vlan 6
  ip address 10.0.6.1 255.255.255.0
  ip dhcp relay enable
  interface vlan 8
  ip address 10.0.8.1 255.255.255.0
  ip dhcp relay enable
  interface vlan 10
  ip address 10.0.10.1 255.255.255.0
  ip dhcp relay enable
  interface vlan 100
  name Network
  ip address 10.0.0.1 255.255.255.0
  ip dhcp relay enable
  interface gigabitethernet1
  switchport mode access
  switchport access vlan 100
  interface gigabitethernet2
  switchport mode access
  switchport access vlan 100
  (all ports between are configured like ports 1 & 2)
  interface gigabitethernet49
  channel-group 1 mode on
  interface gigabitethernet50
  channel-group 1 mode on
  interface gigabitethernet51
  channel-group 1 mode on
  interface gigabitethernet52
  channel-group 1 mode on
  interface Port-channel1
  description CORELINK
  speed 1000
  no negotiation
  switchport trunk allowed vlan add 2,4,6,8,10
  switchport trunk native vlan 100
  ip default-gateway 10.0.0.254
  28 Port:
  vlan database
  vlan 2,4,6,8,10,100
  ip dhcp relay address 10.0.4.10
  ip dhcp relay address 10.0.4.14
  ip dhcp relay enable
  ip name-server  10.0.4.10 10.0.4.14
  hostname ACC-SW1
  ip ssh server
  ip ssh pubkey-auth
  snmp-server server
  snmp-server community public ro 10.0.4.5 view Default
  interface vlan 1
  Name ReserverdDefault
  no ip address dhcp
  interface vlan 2
  ip dhcp relay enable
  interface vlan 4
  ip dhcp relay enable
  interface vlan 6
  ip dhcp relay enable
  interface vlan 8
  ip dhcp relay enable
  interface vlan 10
  ip dhcp relay enable
  interface vlan 100
  name Network
  ip address 10.0.0.2 255.255.255.0
  ip dhcp relay enable
  interface gigabitethernet1
  switchport mode access
  switchport access vlan 100
  interface gigabitethernet2
  switchport mode access
  switchport access vlan 100
  (all ports between are configured like ports 1 & 2)
  interface gigabitethernet25
  channel-group 1 mode on
  interface gigabitethernet26
  channel-group 1 mode on
  interface gigabitethernet27
  channel-group 1 mode on
  interface gigabitethernet28
  channel-group 1 mode on
  interface Port-channel1
  description CORELINK
  speed 1000
  no negotiation
  switchport trunk allowed vlan add 2,4,6,8,10
  switchport trunk native vlan 100
  Thank you in advance for any assistance that you can provide, I have been tearing my hair out on this
  -Drew       

  The LAG is back up and working on native VLAN 100, but I am still not able to pass other vlan traffic from the L2 to L3 switch.  The switch also took out my switchport trunk native vlan 100 configs on both switches when they were connected.  After I manually put the configuration back the switches were able to communicate.  Here is the current port channel and LAG configurations:
  52:
  interface gigabitethernet51
  description "LAG 3"
  channel-group 1 mode on
  no macro auto smartport
  interface gigabitethernet52
  description "LAG 4"
  channel-group 1 mode on
  no macro auto smartport
  interface Port-channel1
  negotiation 1000f
  description CORELINK
  spanning-tree link-type point-to-point
  switchport trunk allowed vlan add 2,4,10,14
  switchport trunk native vlan 100
  macro description switch
  !next command is internal.
  macro auto smartport dynamic_type switch
  28:
  interface gigabitethernet27
  description "LAG 3"
  channel-group 1 mode on
  interface gigabitethernet28
  description "LAG 4"
  channel-group 1 mode on
  interface Port-channel1
  negotiation 1000f
  description CORELINK
  spanning-tree link-type point-to-point
  switchport trunk allowed vlan add 2,4,10,14
  switchport trunk native vlan 100
  macro description switch
  !next command is internal.
  macro auto smartport dynamic_type switch
  When I try to ping 10.0.4.1 from the 28 port, here is the output:
  Pinging 10.0.4.1 with 18 bytes of data:
  PING: net-unreachable
  PING: net-unreachable
  PING: net-unreachable
  PING: net-unreachable
  ----10.0.4.1 PING Statistics----
  4 packets transmitted, 0 packets received, 100% packet loss
  Thank you again for any assistance you can provide.
  -Drew

• Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

  Hello,
  I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
  building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
  well as the Wireless solution.
  At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
  the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
  are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
  from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
  Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
  large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
  the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
  the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
  connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
  support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
  Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
  i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
  between the two switches and their integrated controller.
  Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
  feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
  existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
  This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
  already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
  focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
  state of their connections to the WLAN infrastructure.
  To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
  to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
  subnets need to be assigned to the SSIDs.
  As such, I have the following questions:
  Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
  that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
  as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
  the solution as per the next question. Please advise which is a better option?
  Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
  then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
  Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
  Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
  Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
  clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
  Regards,
  Amir

  Hi Amir,
  Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
  I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
  Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
  MO is not required (it is only for very large scale deployments)
  Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
  Yes, documents are hard to find :(
  These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
  http://mrncciew.com/2014/05/06/configuring-new-mobility/
  http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
  HTH
  Rasika
  *** Pls rate all useful responses ****

• How to configure a port channel with VLAN trunking (and make it work..)

  We're trying to configure a port channel group with trunked ports to connect a NetApp HA pair. We want to create two data LIFs and connect them to the switch stack.  We are trying to create 2 data lifs, one for cifs and one for nfs that are on different vlans.
  We want the same ports to be able to allow multiple vlans to communicate. (trunked)
  These data lifs should be able to fail over to different nodes in the HA pair and still be able to communicate on the network.
  What this means is that we have to connect 4 ports each for each node in the NetApp HA Pair to the switches and create a port channel of some type that allows for trunked vlans. When we configure the ports, the configuration is as follows (below):
  We are only able to configure an IP on one of the vlans.
  When we configure an IP from another vlan for the data lif, it does not respond to a ping.
  Does anyone have any idea what I'm doing wrong on the Cisco switch?
  interface GigabitEthernet4/0/12
  description Netapp2-e0a
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet4/0/13
  description Netapp2-e0c
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/12
  description Netapp2-e0b
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/13
  description Netapp2-e0d
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  spanning-tree portfast
  spanning-tree bpduguard enable
  end

  Our problem was fixed by the storage people.  They changed the server end to trunk, and the encapsulation / etherchannel.
  I like all the suggestions, and they probably helped out with the configuration getting this to work.
  Thanks!
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  interface GigabitEthernet4/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet4/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active

• Configuring port-channel on N7K

  Hi there,
  I am trying to build a port-channel from N7K-01 to N7K-02 using a breakout cables (40G interface from N7K-01 to 4x10G interfaces on N7K-02). it didn't work
  is this require a special configuration??? because I have done port-channel configuration between two 40G interfaces and it works.
  appreciate your valuable support if possible to share the needed configuration to accomplish this.
  thanks,
  regards,
  Haitham.

  Hi,
  when I do it directly between cisco ASR9k, the 10g interfaces are up with lights but 40G side is red not up.
  between cisco N7Ks, no lights from both sides. between N7Ks cable is going to patch-panel and then to other nexus.
  thanks,

• SGE2010 port-channel and trunking config question

  I have port-channels configured and working for the native VLAN on multiple SGE2010s. I now want to add multiple VLANs and enable trunking for the port-channel. I am not clear on the appropriate way to enable trunking as it can be enabled on the port and on the port-channel. The ports and port-channel are currently in access mode. If anyone can provide the correct configuration, I would appreciate the guidance. I also need to get the port-channels and trunking working with 3Com 4500 & 4200s. If you know of any configuration issues, again any guidance would be appreciated

  Hi Jacqueline,
  Sorry Juans answer needs some correction, but I am grateful for Juans participation.
  The SGE2010 does not support a CLI.
  There is a unsupported CLI,  that someone plastered somehwere on this community, but i must admit i still like to use the GUI.
  The software on the SGE2XXX was recently updated so you can find that on the cisco.com website.
  I have created a link below  to a recording i just made,  regarding Link aggregation on the SGE2XXXX, i thnk if you see the 11 minute recording a couple of times, maybe pause it, play with your switch, it  will start to make sense.
  you can't breat the switch by configuring it
  click here to see a recording of me creating a Link aggregation between two switches
  regards Dave

• Do I configure spanning-tree port type ed trunk on LACP port-channels

  Hello,
  Can't seem to see a clear answer and wondering if something could offer some advice please?
  We are using LACP aggregation across all our 10 gig attached servers and also trunking them.  We're running a VPC pair of 5596 Nexus.
  For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
  However I think I should be adding this to the overiding port-channel config.  At present a colleague has configured the VPC below omitting the spanning-tree port type config.
  interface port-channel100
    description a-server
    switchport mode trunk
    switchport trunk allowed vlan 100
    vpc 100
  The port member configs are these which do contain the spanning tree port type:
  interface Ethernet1/1
    description a-server(1)
    switchport mode trunk
    switchport trunk allowed vlan 100
    spanning-tree port type edge trunk
    channel-group 100 mode active
  I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
  However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
  However I have this issue with STP:
  Switch1# show spanning-tree interface po100
  Vlan             Role Sts Cost      Prio.Nbr Type
  VLAN0100         Desg BKN*200       128.4996 (vPC) Network P2p *BA_Inc
  Is this due to the inconsistency with my port channel to member configs?
  Any advice would be gratefully accepted.
  Thanks!

  Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
  There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
  Evren

• Port-channel L2 problem with Fabric Interconnect and Nexus 7010

  Hi,
  i using port-channel from both fabric interconnect to N7k with 3 cables per Fabric Interconnect.
  but, my problem is when i creating port-channel, Fabric Interconnect don't support mode ON dan rate-mode share in Interface 10G Nexus 7010.
  I was trying :
  1. I using non dedicated port in Nexus 7010.
        - rate-mode share
        - channel-group 1 mode active
        - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  2. I using non dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode on
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up, but in Fabric interconnect was failed.
  3. I using dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  4. I using dedicated port in Nexus 7010
       - rate-mode dedicated
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up and running well.
  but, the problem is my costumer do not want using a dedicated rate-mode. if i using dedicated mode the only available port is 8 interfaces instead of 32 ports. i want to using rate-mode share in nexus 7010.
  is there any way to configuring port-channel using mode on in fabric interconnect ? i was trying using CLI to create port-channel in Fabric interconect but i cannot configure the channel group protocol.
  i attach the topology of N7K with Fabric interconnect.
  regards,
  Berwin H

  Hi Manish,
  the issue was solved, i was fix it last week.
  the solution is:
  i enable the license grace-priode (since my license is Enterprise so cannot create VDC) then i create a VDC (ex: VDC 2)  so i allocate the interface on all module
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  N7K-M132XP-12 to VDC 2. after that i delete VDC 2 then all interface back to VDC 1 (default vdc). then i enable the rate-mode share in dedicated port and bundle into port-channel and its working.
  i dont know why it must move to VDC first then it will working, maybe cisco can explain the reasons.
  So here the result of my port-channel :
  SVRN7KFARM-HO-01# show port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
  Group Port-       Type     Protocol  Member Ports
        Channel
  1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)    Eth1/3(P)
                                       Eth1/4(P)    Eth1/25(P)  
  2     Po2(SU)     Eth      LACP      Eth1/9(P)    Eth1/10(P)   Eth1/11(P)
                                       Eth1/12(P)   Eth1/26(P)  
  3     Po3(SU)     Eth      LACP      Eth1/17(P)   Eth1/18(P)  
  4     Po4(SU)     Eth      NONE      Eth10/32(P)  Eth10/34(P)  Eth10/35(P)
                                       Eth10/36(P)
  Thanks.
  Berwin H

• Port-Channel issue between UCS FI and MDS 9222i switch

  Hi
  I have a problem between UCS FI and MDS switch port-channel. When MDS-A is powered down the port-channel fails but UCS blade vHBA does not detect the failure of the port-chanel on UCS-FI and leaves the vHBA online. However, if there is no port-channel between FI-->MDS it works fine.
  UCS version   
  System version: 2.0(2q)
  FI - Cisco UCS 6248 Series Fabric Interconnect ("O2 32X10GE/Modular Universal Platform Supervisor")
  Software
    BIOS:      version 3.5.0
    loader:    version N/A
    kickstart: version 5.0(3)N2(2.02q)
    system:    version 5.0(3)N2(2.02q)
    power-seq: Module 1: version v1.0
               Module 3: version v2.0
    uC:        version v1.2.0.1
    SFP uC:    Module 1: v1.0.0.0
  MDS 9222i
  Software
    BIOS:      version 1.0.19
    loader:    version N/A
    kickstart: version 5.0(8)
    system:    version 5.0(8)
  Here is the config from MDS switch
  Interface  Vsan   Admin  Admin   Status          SFP    Oper  Oper   Port
                    Mode   Trunk                          Mode  Speed  Channel
                           Mode                                 (Gbps)
  fc1/1      103    auto   on      trunking         swl    TF      4    10
  fc1/2      103    auto   on      trunking         swl    TF      4    10
  fc1/9      103    auto   on      trunking         swl    TF      4    10
  fc1/10     103    auto   on      trunking         swl    TF      4    10
  This is from FI.
  Interface  Vsan   Admin  Admin   Status          SFP    Oper  Oper   Port
                    Mode   Trunk                          Mode  Speed  Channel
                           Mode                                 (Gbps)
  fc1/29     103    NP     on      trunking         swl    TNP     4    103
  fc1/30     103    NP     on      trunking         swl    TNP     4    103
  fc1/31     103    NP     on      trunking         swl    TNP     4    103
  fc1/32     103    NP     on      trunking         swl    TNP     4    103
  Any thoughts on this?

  Sultan,
  This is a recently found issue and is fixed in UCSM 2.0.3a version .
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCua88227
  which got duped to  CSCtz21585
  It happens only when following conditions are met
  FI in End host mode
  FC uplinks are configured for portchannel + trunking
  Certain link event failures ( such abrupt power loss by upstream MDS switch )
  Padma

• Interface port-channel btw N2K and Brocade VDX

  Dear all,
  I tried to configure a port-channel between a nexus 2K (2FEX) and a brocade VDX (VDX6710).
  As you seen below, my configuration :
  N2K
  Po10
  switchport access vlan 200
  Eth101/1/6
  switchport access vlan 200
  channel-group 10 mode active (used LACP)
  Eth102/1/6
  switchport access vlan 200
  channel-group 10 mode active (used LACP)
  VDX
  interface Port-channel 27
  vlag ignore-split
  speed 1000
  switchport
  switchport mode access
  switchport access vlan 200
  spanning-tree shutdown
  no shutdown
  interface GigabitEthernet 21/0/31
  channel-group 27 mode active type standard
  lacp timeout long
  no shutdown
  interface GigabitEthernet 22/0/31
  channel-group 27 mode active type standard
  lacp timeout long
  no shutdown
  Unfortunately, we can't up the link for interfaces and so the port-channel.
  We have the next message from the N5K for FEX :
  %ETHPORT-5-IF_ADMIN_UP: Interface Ethernet101/1/6 is admin up .
  %ETHPORT-5-SPEED: Interface Ethernet101/1/6, operational speed changed to 1 Gbps
  %ETHPORT-5-IF_DUPLEX: Interface Ethernet101/1/6, operational duplex mode changed to Full
  %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet101/1/6, operational Receive Flow Control state changed to off
  %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet101/1/6, operational Transmit Flow Control state changed to on
  %ETHPORT-5-IF_UP: Interface Ethernet101/1/6 is up in mode access
  %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet101/1/6 is down (None)
  %ETHPORT-5-IF_DOWN_ERROR_DISABLED: Interface Ethernet101/1/6 is down (Error disabled. Reason:BPDUGuard)
  Any idea about the configuration ?
  Thanks for your help.
  Matthieu

  Fexes are really made to connect hosts and not switches .  So the ports should not see bpdu's so bpduguard is err-disabling the ports.          
  Spanning Tree Protocol
  HIFs go down with the BPDUGuard errDisable message
  HIFs go down accompanied with the message, BPDUGuard errDisable.
  Possible Cause
  By default, the HIFs are in STP edge mode with the BPDU guard enabled.  This means that the HIFs are supposed to be connected to hosts or  non-switching devices. If they are connected to a non-host device/switch  that is sending BPDUs, the HIFs become error-disabled upon receiving a  BPDU.
  Solution
  Enable the BPDU filter on the HIF and on the peer connecting device.  With the filter enabled, the HIFs do not send or receive any BPDUs. Use  the following commands to confirm the details of the STP port state for  the port: