Etherchannel config
When configuring an etherchannel one a switch as a layer 2 channel. Does on configure the logical interface using "interface port-channel 1" command?
As a layer 3 channel its necessary to use the command to bind the logical interface to the physical using the "channel-group 1 mode auto" command. Are they configured differently?
Just need help with the difference.
Thanx.
Hi Friend,
You don't need to configure "interface port-channel" command for layer 2 etherchannels.
Once you configure "channel-group mode" command under interface configuration mode , interface port-channel will automatically be created with same number which you will used to configure channel-group.
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swethchl.htm#wp1033981
HTH
Ankur
Similar Messages
-
Etherchannel - Config Question
First time configuring etherchannel. I have followed the documentation, watched videos, etc. The channel is up, but wanted to verify I did it right - and have not missed something.
Scenario:
Connecting a brand new 3650X into a 3750. The 3750 is the "Core" and does the layer 3 routing, etc. The 3650 is going to become a new Server Backbone - should participate on VLAN 10 only. All servers in our data farm will connect into it (eventually).
Normally we just create one trunk port on each switch and call it done (we do not have a big data farm/and or IT team) but I wanted to start looking at Etherchannel, etc.
Config - Core:
interface GigabitEthernet2/0/12
description ***Trunk to 203 - Server Backbone***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
Server Backbone:
interface GigabitEthernet1/0/1
description ***Server Backbone - Switch 3 - Trunk***
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
(Does not have the encapsulation command, as not available in that IOS - assuming it is automatic?).
Basically I am looking to improve throughput and redundancy. Is there anything else I should add and/or change about what was configured?
(NOTE: I know these may or may not be the best switches to use - but they are what we can afford on our budget).Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Well, of course, you want more than one link in your port-channel, both for additional aggregate bandwidth and additional redundancy.
You may want to review whether you're using the optimal hashing algorithm for your port-channel. -
CatOS: Remove a etherchannel config
Hi,
I have a 6509 running CatOS 6.4. I want to remove those unnecessary port channel configuration entries from the configuration file or set them to default, so those entries wont show up in my configure file. Especially there are some port channel configure entries having only one port in it. It doesnt make sense to have the port channel configure staying there.
I know its easy in IOS. However in CatOS, I couldnt achieve this goal. Setting port channel mode to off wont help. I dont want to delete the port channel entry from the configure file then upload again. Are there any other commands I could use to achieve this? Any comments are welcomed!
Thanks,
KenHi Ken,
Unfortunately, there is no elegant way to remove the superfluous 'set port channel' commands from the
config, so better leave it in.
If you really want to remove these unused port channels, you'll have to clear the config for the module, which is like trying to kill ants with a machine gun... :-)
HTH,
Bobby -
Cross switch etherchannel config between two 6500 and 3750
Dear All,
I would like to design the network and got some problem, my network have one 3750 and two 6500, I would like to setup the etherchannel from 3750 (total two uplink port together), one link to the first 6500 and the other link to second 6500, one trunk between 6500 for redundance.
I tried to use PAgP (auto/desirable, on/on), but the channel misconfig error occurred, the etherchannel keep in suspected or standalone state.
Anybody can suggest/recommend some method for this case.
ThanksUnfortunately, you cannot create an etherchannel from one device to two different devices. for example, from 3750 you have gig 1/0/1 and gig 1/0/2. gig 1/0/1 of 3750 connects to port 1/1 of switch A and gig 1/0/2 of that same 3750 connects to port 1/2 of switch B. You can NOT create an etherchannel on 3750 to combine gig 1/0/1 and gig 1/0/2 to create a bigger pipe. That is not how etherchannel is designed to do.
However, if you have gig 1/0/1 and gig 1/0/2 on 3750 connecting to port 1/1 and 1/2 of switch A, you can create a channel on bith devices to create a bigger pipe (4 GBPS @ full duplex) and let's say that on that same 3750, you have an additional gig 1/0/3 and gig 1/0/4 that connects to ports 1/1 and 1/2 of switch B, you can create another separate channel that combines gig 1/0/3 and gig 1/0/4 and switch B's port 1/1 and 1/2, this scenarion is totally acceptable.
I hope that helps clear up channeling.
In your described scenario, channeling is not what you are asking, it's STP and you really do not need to do anything as STP is enabled by default, maybe you just need to make sure that the root is where you wnat it to be and that is configureable. With your looped physical topology, STP will prevent loop from forming and will give you the redundancy you seek as when one link fails, the ones blocked by STP would go forwarding once STP detects that it should forward that port.
Please rate helpful posts. -
Dot 1q trunk on gigabit etherchannel
I will appreciate any help about the below subject.
there are two catalyst 2960 switches with two fixed 1000 Base T uplink ports.
- Both switches have 3 VLANs: VLAN 1, VLAN 2 and VLAN 3 (VLAN 1 is only for management purposes).
- I will bundle two fixed gigabit uplink ports and get an ether channel with two gigabit bandwidth.
Can I configure this ether channel as 802.1q trunk port? So computers on same VLANs on different switches can communicate each other? (ether channel and trunk at the same time)
Before buying the equipment, I feel myself more comfortable if you guys confirm it works.
Thank you very much in advance.HI Friend,
Yes you can ofcourse do it. You can configure the 2 interfaces first with trunk config and then you configure the 2 interfaces for etherchannel config.
Check this link it will help you to configure dot1q trunk and etherchannel together on ports.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/12225sed/scg1/swethchl.htm#wp1154336
HTH, if yes please rate the post.
Ankur -
Hey Folks,
I'm trying to etherchannel ports Fa0/1 and Fa0/2 on two 3550's. Here's my etherchannel config:
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport trunk allowed vlan 99-1005
no ip address
no shutdown
interface FastEthernet0/1
no spanning-tree portfast
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport trunk allowed vlan 1,199-800
no ip address
duplex full
speed 100
channel-group 1 mode desirable
logging event link-status
snmp trap link-status
cdp enable
no shutdown
interface FastEthernet0/2
no spanning-tree portfast
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport trunk allowed vlan 1,199-800
no ip address
duplex full
speed 100
channel-group 1 mode desirable
logging event link-status
snmp trap link-status
cdp enable
no shutdown
Problem: The ports are not bundling and therefore not forming an etherchannel. The etherchannel is in the "suspend" mode and reports this error: Probable reason: vlan mask is different.
Anyone see's what's wrong?
-RERHello,
I think the problem comes from the fact that you are allowing differnt VLANs on your port channel interface than on your member interfaces. mae sure your config looks like this:
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
--> switchport trunk allowed vlan 1,199-800
no ip address
no shutdown
interface FastEthernet0/1
no spanning-tree portfast
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport trunk allowed vlan 1,199-800
no ip address
duplex full
speed 100
channel-group 1 mode desirable
logging event link-status
snmp trap link-status
cdp enable
no shutdown
interface FastEthernet0/2
no spanning-tree portfast
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport trunk allowed vlan 1,199-800
no ip address
duplex full
speed 100
channel-group 1 mode desirable
logging event link-status
snmp trap link-status
cdp enable
no shutdown
HTH,
GP -
WLC 5508 issue with 4 ports in portchannel
Hi,
We have one WLC 5508 and LAG is enabled on it but when we connect 4 cables to a distribution switch only 3 links are sending and receiving traffic and the 4th one is up with outgoing traffic from the distribution switch to WLC but nothing incoming.
Some APs went down and refuse to be registered back to the WLC. when we shut down the 4th port everything is back to normal.
the etherchannel config is identical and I can see all ports are active and not suspended :
interface GigabitEthernet2/2/1
description PortChannel-WLC1-Port1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/2
description PortChannel-WLC1-Port2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/3
description PortChannel-WLC1-Port3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode on
interface GigabitEthernet2/2/4
description PortChannel-WLC1-Port4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 60-67,2808,2922,2923,2932
switchport mode trunk
channel-group 99 mode onsh etherchannel 99 sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
d - default port
w - waiting to be aggregated
Number of channel-groups in use: 38
Number of aggregators: 38
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
99 Po99(SU) - Gi2/2/1(P) Gi2/2/2(P) Gi2/2/3(D)
Gi2/2/4(P)
Last applied Hash Distribution Algorithm: Fixed
Gi2/2/3 is down becasue we had to shut down the interface because when it is up many APs refuse to register. -
Switching Best Practice - Spanning Tree andEtherchannel
Dear All,
Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
1. Manually configure STP Root Bridge.
2. On end ports, enable portfast and bpduguard.
3. On ports connecting to other switches enable root guard.
In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
Thank You,
Abhisar.Hi Abhisar,
Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
My $0.02...
Best regards,
Peter -
Hi Experts,
I am implementing 5760 controllers and I have already configured the controller with 500 licenses. My question is, do I have to configure the controller with HA sku before connecting the stack cables or no need to configure the HA sku controller since it will be considered as 1 box. Please advise.
Regards,Hi Joseph,
Will there be any issue if I have configured the HA controller and then connecting it to the primary via stack cable? What will happen to the config parameters I have entered in the HA controller?
The client has 2 cat 4500 and considered as 1 box. Will the etherchannel config be the same for the 2 controllers or different etherchannel config when connected by stack?
As of this moment, the controller stack cable is missing, so I put the primary controller to po11 and the HA controller to po12. Is that okay?
Regards, -
NFS and ISCSI using ip hash load balance policy
As i know all these days that the best practice for iscsi is to use single nic and one standby with " route based port id" ButI have seen in a client placethat NFS and iscsi are configured to use"route based ip hash" and multiple nic and it has been working all these days. i can not see that iscsi does multi path there.I was told by the sys admin that it is ok to use that since the both protocol are configured in same storage and it does not make sense to separate it ,his explanation that if we want separate policy then use separate storage that is one for nfs and other for iscsi, i do not buy that, i might be wrong.He pointed his link below saying that you can use ip hash.http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalI....Is it ok to use " route based ip hash for iscsi as on the link?
This topic first appeared in the Spiceworks CommunityWhen you create your uplink port profile you simply use the auto channel command in your config:
channel-group auto mode on
This will create a static etherchannel when two or more ports are added to the uplink port profile from the same host. Assuming your upstream switch config is still set to "mode on" for the etherchannel config, there's nothing to change.
Regards,
Robert -
Config etherchannel for point to point link
for point to pint network i use privateip and i use two link thus the config for etherchannel works
My requirement there are 2 link so can i bundled with etherchaanel
0n l3 switch(switch1)
int po1
no switchport
ip address 172.18.2.1 255.255.255.0
no shutdown
int range fa0/1-2
no switchport
switchport access valn 199
channel-group 1 mode on
on fa0/1--isp1 link
on fa0/1---isp2 link
ip route 0.0.0.0 0.0.0.0 172.18.2.2
on l3 switch(switch2)
int p01
no switchport
ip address 172.18.2.2 255.255.255.0
no shutdown
int range fa0/1-2
no switchport
switchport access vlan 22
channel-group 1 mode on
on fa0/1-isp1 link
on fa0/2-isp2 link
ip route 0.0.0.0 0.0.0.0 172.18.2.1Hello Prashant,
I recommend to use LACP instead of unconditional bundling it provides the capability to detect the neighbor and that is the same system connected to the other link.
You have ISP connections in the middle and so it is important to bundle in a safe way.
So I would use
channel-group 1 mode active
in order to use LACP. LACP messages are sent over every member link.
Another point of attention is that you are configuring each multilayer switch with a static default route to the other device and this is not good practice.
If you know that one site is more important you can configure the static default route on the other router, but on the main site you should configure specific static routes describing the IP subnets that are reachable at the other site.
Hope to help
Giuseppe -
Need ASA 9.x Etherchannel example w/ layer 2 switch config
Hello there:
Could anyone please point me to example configurations of Etherchannel on an ASA 9.x, connecting to a layer 2 switch? I need to see how the switch is configured as well.
Thank you.Hi,
I have configured Port channel with Cisco 2960S switch. Here is the below configuration example. If the answer is correct please Comments.
fw-01# sho port-channel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
U - in use N - not in use, no aggregation/nameif
M - not in use, no aggregation due to minimum links not met
w - waiting to be aggregated
Number of channel-groups in use: 1
Group Port-channel Protocol Span-cluster Ports
------+-------------+---------+------------+------------------------------------
11 Po11(U) LACP No Gi0/1(P) Gi0/0(P)
interface GigabitEthernet0/0
description *** Connected to CORE-SW-01 ***
channel-group 11 mode passive
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
description *** Connected to CORE-SW-01 ***
channel-group 11 mode passive
no nameif
no security-level
no ip address
interface Port-channel11
description *** Connected to CORE-SW ***
nameif outside
security-level 100
ip address 10.98.8.90 255.255.255.248 standby 10.98.8.91
================Switch====================
interface Port-channel12
description *** Port-Channel Used for DC-INSIDE-FW-1-IPS***
switchport access vlan 912
interface GigabitEthernet1/0/21
description **** inside Firewall 01 ***
switchport access vlan 912
channel-protocol lacp
channel-group 12 mode active
Please let me know your topology. -
Etherchannel Simultaneous Primary and Sub-Interface Config
Hello Cisco Experts:
Question: Can I run layer 2 traffic across EtherChannel and layer 3 traffic simultaneously across the same etherchannel on a subinterface? If not, and considering the background information below, is there an advisable alternative? The documentation I've been reading isn't clear on the subject.
Background
I'd like to split my VLans across (2x) L3 3560 switches interconnected by EtherChannel. I'll use SVI's for the routing - but if Switch #1 SVI must route to another SVI on Switch #2, I'd like this traffic to cross the EtherChannel instead of heading to another L3 Device before continuing its route to the destination switch. (I.E. I prefer direct switch to switch routing.)
Design Preference:
I don't want my etherchannel to become a 100% routed channel.
I don't want to add another connection between the switches - ports are at a premium and budget is tapped.
No access level switches are being used at this time.
Physical Topology
Thank you for your time,
MikeHi Jon:
First, I didn't begin to think you were criticizing my design. I just wanted to relieve your confusion.
I tested your ideas this morning, and everything checked out and worked fine. After some more investigation, I remembered why I was asking the question about using EtherChannel with an encapsulated Subinterface & IP Addr. for switch-to-switch routing.
Regrettably it had nothing to do with Intervlan routing, which was working fine. But it does have something to do with routing between the two switches.
Link Failure and High Availability
When I began to consider each case of link failure, I discovered 4 cases of link failure that created problematic results. Two of the cases led to an extra hop, and two of the cases result in a black hole. These ideas were tested with packet tracer to verify I had a problem.
These instances occur because I'm routing 3 vlans out of each switch. Each problem could be resolved by a complete HSRP fail-over to the other switch. But maybe the more elegant decision is a switch-to-switch route with an appropriate administrative distance (preferably using the EtherChannel)?
Note: Primary is the primary WAN connection and Backup is the backup WAN connection.
Scenario 1: Extra Hop
Scenario 2: Extra Hop
Scenario 3: Black Hole
Scenario 4: Black Hole
Let me know what you think the ideal solution is: 1) use HSRP tracking to failover to the other switch, 2) create a direct switch to switch route using EtherChannel Subinterface with IP, or 3) some third option.
Thank you for your time,
Mike -
Link outage in Etherchannel causes interface down and failover Secondary Faild
Hi,
I have configured port-channel Firewall ASA5515-X and stacking switch WS-3750X. Also firewall configured as failover mode. Problem is that my active firewall connected switch port show green and working but standby firewall connected switch port shows orange color. When i inpute show failover command on firewall, secondary is faild. Please assist. Here is the below show command.
mdbl-int-fw-01# sho port-channel 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho interface port-channel 10
Interface Port-channel10 "inside", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Description: *** Connected to CORE-SW ***
MAC address 4c00.821d.511f, MTU 1500
IP address 10.98.8.97, subnet mask 255.255.255.248
Traffic Statistics for "inside":
56859 packets input, 3419130 bytes
148709 packets output, 16063580 bytes
56858 packets dropped
1 minute input rate 0 pkts/sec, 46 bytes/sec
1 minute output rate 2 pkts/sec, 216 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 46 bytes/sec
5 minute output rate 2 pkts/sec, 216 bytes/sec
5 minute drop rate, 0 pkts/sec
Members in this channel:
Active: Gi0/1 Gi0/2
mdbl-int-fw-01# sho port
mdbl-int-fw-01# sho port-channel sum
mdbl-int-fw-01# sho port-channel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
U - in use N - not in use, no aggregation/nameif
M - not in use, no aggregation due to minimum links not met
w - waiting to be aggregated
Number of channel-groups in use: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(U) LACP Gi0/1(P) Gi0/2(P)
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel bri
mdbl-int-fw-01# sho port-channel brief
Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel pro
mdbl-int-fw-01# sho port-channel protocol
Channel-group listing:
Group: 10
Protocol: LACP
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel det
mdbl-int-fw-01# sho port-channel detail
Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
Ports in the group:
Port: Gi0/1
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/1 SA bndl 32768 0xa 0xa 0x2 0x3d
Partner's information:
Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/1 SA bndl 32768 0x0 0xa 0x118 0x3d
Port: Gi0/2
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/2 SA bndl 32768 0xa 0xa 0x3 0x3d
Partner's information:
Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/2 SA bndl 32768 0x0 0xa 0x119 0x3d
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho fail
mdbl-int-fw-01# sho failover st
mdbl-int-fw-01# sho failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Ifc Failure 22:03:03 UTC Jan 8 2014
outside: No Link
dmz: No Link
mgt: No Link
inside: No Link
====Configuration State===
Sync Done
====Communication State===
Mac set
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
This host: Primary - Active
Active time: 74479 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.4): No Link (Waiting)
Interface dmz (10.98.56.3): No Link (Waiting)
Interface mgt (10.10.11.1): Unknown (Waiting)
Interface inside (10.98.8.97): Normal (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.6): No Link (Waiting)
Interface dmz (10.98.56.2): No Link (Waiting)
Interface mgt (0.0.0.0): No Link (Waiting)
Interface inside (10.98.8.98): No Link (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 12665 0 9929 0
sys cmd 9929 0 9929 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2735 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 7 9930
Xmit Q: 0 30 99581
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Ifc Failure 22:03:03 UTC Jan 8 2014
outside: No Link
dmz: No Link
mgt: No Link
inside: No Link
====Configuration State===
Sync Done
====Communication State===
Mac set
mdbl-int-fw-01# sho failover ?
descriptor Show failover interface descriptors. Two numbers are shown for
each interface. When exchanging information regarding a
particular interface, this unit uses the first number in messages
it sends to its peer. And it expects the second number in
messages it receives from its peer. For trouble shooting, collect
the show output from both units and verify that the numbers
match.
exec Show failover command execution information
history Show failover switching history
interface Show failover command interface information
state Show failover internal state information
statistics Show failover command interface statistics information
| Output modifiers
<cr>
mdbl-int-fw-01# sho failover inter
mdbl-int-fw-01# sho failover interface
interface failover GigabitEthernet0/3
System IP Address: 10.98.8.89 255.255.255.248
My IP Address : 10.98.8.89
Other IP Address : 10.98.8.90
mdbl-int-fw-01# sho failover stati
mdbl-int-fw-01# sho failover statistics
tx:995725
rx:980617
mdbl-int-fw-01# sho failover hi
mdbl-int-fw-01# sho failover history
==========================================================================
From State To State Reason
==========================================================================
02:16:40 UTC Jan 8 2014
Not Detected Negotiation No Error
02:16:48 UTC Jan 8 2014
Negotiation Just Active No Active unit found
02:16:48 UTC Jan 8 2014
Just Active Active Drain No Active unit found
02:16:48 UTC Jan 8 2014
Active Drain Active Applying Config No Active unit found
02:16:48 UTC Jan 8 2014
Active Applying Config Active Config Applied No Active unit found
02:16:48 UTC Jan 8 2014
Active Config Applied Active No Active unit found
==========================================================================
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
This host: Primary - Active
Active time: 74554 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.4): No Link (Waiting)
Interface dmz (10.98.56.3): No Link (Waiting)
Interface mgt (10.10.11.1): Unknown (Waiting)
Interface inside (10.98.8.97): Normal (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
Interface outside (118.179.139.6): No Link (Waiting)
Interface dmz (10.98.56.2): No Link (Waiting)
Interface mgt (0.0.0.0): No Link (Waiting)
Interface inside (10.98.8.98): No Link (Waiting)
slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 12676 0 9938 0
sys cmd 9938 0 9938 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 2737 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
Route Session 0 0 0 0
User-Identity 1 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 7 9940
Xmit Q: 0 30 99677Hi Ganesan,
I am proposing a design like this. You can have the STP in pvst mode and have a different priority set for the core switch to make it core a as root bridge. There is nothing wrong with your design you have made you core switch which will be physically down to your firewall... but in real it comes on the top of your firewall as well... But spanning tree conf should be done properly to achieve this... I have proposed my design which is pretty simple but easy for troubleshoot....
You can have your firewalls connected to core switch on the down and can directly connected to router on outside... always core a -->py fw--rtra will be the primary path... if anything goes wrong then secondary line will come in to picture....
make sure that your hsrp will have high priority to ur core a vlan conf for the access switches.....
Please do rate for the helpful posts.
By
Karthik -
Etherchannel showing down (SD) and ports are in "I" stand alone state
Hi,
Netapp server is connected to switch 6500 via trunk.
I configured a portchannel but it showing as down.take a look ar below output..
interface Port-channel248
description Netapp-server-1 po248
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 903
switchport mode trunk
switchport nonegotiate
no ip address
no shut
interface GigabitEthernet3/33
description server-1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 903
switchport mode trunk
switchport nonegotiate
no ip address
speed 1000
udld port aggressive
spanning-tree portfast
channel-group 248 mode active
no shut
interface GigabitEthernet4/33
description cnndcfasp002a-e5d
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 903
switchport mode trunk
switchport nonegotiate
no ip address
speed 1000
udld port aggressive
spanning-tree portfast
channel-group 248 mode active
no shut
Switch-6500#sh etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
Number of channel-groups in use: 5
Number of aggregators: 5
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
248 Po248(SD) LACP Gi3/33(I) Gi4/33(I)
#sh etherchannel detail
Group: 248
Group state = L2
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 16
Protocol: LACP
Minimum Links: 0
Ports in the group:
Port: Gi3/33
Port state = Up Sngl-port-Bndl Mstr Not-in-Bndl
Channel group = 248 Mode = Active Gcchange = -
Port-channel = null GC = - Pseudo port-channel = Po248
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi3/33 SA indep 32768 0xF8 0xF8 0x321 0x7D
Age of the port in the current state: 0d:02h:04m:58s
Port: Gi4/33
Port state = Up Sngl-port-Bndl Mstr Not-in-Bndl
Channel group = 248 Mode = Active Gcchange = -
Port-channel = null GC = - Pseudo port-channel = Po248
Port index = 0 Load = 0x00 Protocol = LACP
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
A - Device is in active mode. P - Device is in passive mode.
Local information:
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi4/33 SA indep 32768 0xF8 0xF8 0x421 0x7D
Age of the port in the current state: 0d:02h:04m:58s
Port-channels in the group:
Port-channel: Po248 (Primary Aggregator)
Age of the Port-channel = 7d:16h:30m:16s
Logical slot/port = 14/3 Number of ports = 0
Port state = Port-channel Ag-Not-Inuse
Protocol = LACP
Any one please let me know what is the issue here...
Thanks
GauthamExactly, the 6500 config is fine, probably the NETAPP is not active or passive and it's just ON that won't work
show lacp 248 neighbor will show if you have a neighbor and if the LACP id is the same on both ports
Core1#sh lacp 2 neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 2 neighbors
Partner's information:
Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi1/7/10 SA bndl 32768 0x0 0x1 0x11A 0x3D
Gi2/7/10 SA bndl 32768 0x0 0x1 0x31D 0x3D
cheers
Maybe you are looking for
-
IPhoto 9.4.3 will not open in OSX 10.8.4
I have tried several times to delete and reload iPhoto through the App Store. I even followed Terence Devlin's reply to earlier post with the same issue. Here is the log: Process: iPhoto [699] Path: /Applications/iPhoto.app/Content
-
Hello, I'm trying aperture, it's good for me, but I'd like also to continue using Iphoto for easy works. I've read that the libary can't be shared. Can you help me. I''ve 20000 photo on iphoto, but I like to use both the 2 programs, how it's possible
-
AR - How to Combine the AR Aging Reports of 2 companies in one SQL?
Hi! I just completed a query which mimics the Official Aged Analysis of Debtors in SAP B1 8.8, and it works well. Now I want to combine 2 companies in a single Query. Is this possible, and how can this be done? Why do I need this? I work for 2 relate
-
Cannot create a file using UTL_FILE.FOPEN
Dear All, I am using this syntax for creating a file in window i have declare this like this l_file_id UTL_FILE.file_type; l_file_name := 'DHL_'||110570284||'_'||TO_CHAR(SYSDATE,'ddmmyyyy')||'.txt' l_file_id :=UTL_FILE.FOPEN('C:\D2R',l_file_name,'W')
-
Replacing multiple spaces with another character
i need to replace multiple spaces with another char in a string my code is Dim text as String="a bit much a little much" Dim arr As String() = text.Split({" "c}, StringSplitOptions.RemoveEmptyEntries)Dim newtext As String = String.Join("