Interfaces in port-channel keep err-disabling because of keepalives

Similar Messages

• WAPs connected ports are becoming err-disabled.

  Hi All,
  I'm facing a strange issue. WAPs connected ports are becomming err-disabled with an attached error message. Not only a single WAP, All the WAPs connected to the 3750 are having the same issue. I have tried to identify which WAP is sending the BPDU and that inturn causing other WAP connected ports to be down.
  I have 5 WAPs in that site; if I enable any WAPs connected port below logs messages are coming and that port is becomming err-disable.
  Can anyone shed some light to troubleshoot this issue. Any help would be appreciated.
  Dec  1 03:32:59.397 UTC: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/12 with BPDU Guard enabled. Disabling port.
  Dec  1 03:32:59.397 UTC: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/12, putting Gi1/0/12 in err-disable state
  Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/12, changed state to down
  Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan5, changed state to down
  Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state to down
  Dec  1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan51, changed state to down
  Dec  1 03:33:01.427 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/12, changed state to down
  Regards,
  T.K

  Can you please furnish the command output of the following:
  1.  sh version
  2.  sh run int g 1/0/12
  3.  sh interface status err

• Gig port down/down (err-disabled) Reason: diagnostics

  Hello,
  Today I had a 2 ports on Cisco 6509 go into err-disabled state. Both ports show reason "diagnostics". I tried bouncing the interfaces and defaulting the interfaces. Any ideas? Thank you!
  Show int status err-disabled:
  Port    Name                        Status       Reason
  Gi1/4                                err-disabled diagnostics
  Gi1/6   In Patient First F err-disabled diagnostics
  Show Version:
  Cisco Internetwork Operating System Software
  IOS (tm) s3223_rp Software (s3223_rp-IPBASE_WAN-M), Version 12.2(18)SXF16, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2009 by cisco Systems, Inc.
  Compiled Tue 03-Mar-09 19:00 by kellythw
  Image text-base: 0x40101040, data-base: 0x42A48810
  ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
  BOOTLDR: s3223_rp Software (s3223_rp-IPBASE_WAN-M), Version 12.2(18)SXF16, RELEASE SOFTWARE (fc2)
  NOMA17UA01A uptime is 4 years, 34 weeks, 4 days, 23 hours, 36 minutes
  Time since NOMA17UA01A switched to active is 4 years, 34 weeks, 4 days, 23 hours, 48 minutes
  System returned to ROM by  power cycle (SP by power on)
  System restarted at 11:49:53 extende Tue Sep 8 2009
  System image file is "sup-bootdisk:s3223-ipbase_wan-mz.122-18.SXF16.bin"
  cisco WS-C6509-E (R7000) processor (revision 1.4) with 458752K/65536K bytes of memory.
  Processor board ID SMG1229N0DT
  R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
  Last reset from power-on
  SuperLAT software (copyright 1990 by Meridian Technology Corp).
  X.25 software, Version 3.0.0.
  Bridging software.
  TN3270 Emulation software.
  2 Virtual Ethernet/IEEE 802.3 interfaces
  345 Gigabit Ethernet/IEEE 802.3 interfaces
  1915K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  Thank you,
  -Nick Chenault

  I think Diagnostics means Hardware related issue not Config related, I would contact Cisco as this could a sign of ASIC failure.
  Manish

• WS-C6509-V-E VSS Pair: Random ports going into err-disabled due to udld error

  We recently (a few months ago) put two 6509s into VSS mode and had many teething problems. One of the problems we had was random ports on switch 2 of the pair came up in err-disabled mode after a reboot. We somehow fixed them by combinations of shut/no shut, reseating or changing SFPs, etc.
  Two days ago we saw half of the ports on one card were in err-disabled mode due to udld errors. We cannot find a way to bring them back up (tried udld resets, etc) and think it's really strange that it's a block of ports on the same card. Also it's strange since last time we had this problem it was on different cards (switch 2 as well though).
  See below Te2/3/5-12 are in err-disabled mode. All other ports are fine. We highly doubt a physical problem with fibre and SFPs. Initially suspected the line card, but happened on different cards last time.
  Is there some bug anyone is aware of? Software or physical issue?
  Thanks in advance,
  Paolo.
  Hardware: WS-C6509-V-E
  Version 15.1(2)SY3
  XD#sh mod
  Mod Ports Card Type                              Model              Serial No.
    1   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMC3
    2   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMCH
    3   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1737CMCQ
    4   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8NA
    5    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL1737CU10
    6    5  Supervisor Engine 2T 10GE w/ CTS (CSSO VS-SUP2T-10G       SAL1737CU0L
    7   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8PF
    8   20  DCEF2T 4 port 40GE / 16 port 10GE      WS-X6904-40G       SAL1739D8R2
    9   48  CEF720 48 port 1000mb SFP              WS-X6848-SFP       SAL1746GBR7
  XD#sh int status | i Te2/3
  Te2/3/5       Mmbr HS-10G-XA-1   err-disabled 999          full    10G 10Gbase-LR
  Te2/3/6       Mmbr HS-400B2-XA-1 err-disabled 999          full    10G 10Gbase-LR
  Te2/3/7       Mmbr HS-AD1-XA-1   err-disabled 999          full    10G 10Gbase-LR
  Te2/3/8       Mmbr HS-AD211-XA-1 err-disabled 999          full    10G 10Gbase-LR
  Te2/3/9       Mmbr HS-AR101B-XA- err-disabled 999          full    10G 10Gbase-SR
  Te2/3/10      Mmbr HS-AS1-XA-1   err-disabled 999          full    10G 10Gbase-LR
  Te2/3/11      Mmbr HS-AS4-XA-1   err-disabled 999          full    10G 10Gbase-LR
  Te2/3/12      Mmbr HS-AV-XA-1    err-disabled 999          full    10G 10Gbase-LR
  Te2/3/13      Mmbr HS-BA107-XA-1 connected    trunk        full    10G 10Gbase-LR
  Te2/3/14      Mmbr HS-BA4-XA-1   connected    trunk        full    10G 10Gbase-LR
  Te2/3/15      Mmbr HS-BA4-XA-2   connected    trunk        full    10G 10Gbase-LR
  Te2/3/16      Mmbr HS-BA7-XA-1   connected    trunk        full    10G 10Gbase-LR
  Te2/3/17      Mmbr HS-BA9-XA-1   connected    trunk        full    10G 10Gbase-LR
  Te2/3/18      Mmbr HS-BA12-XA-1  connected    trunk        full    10G 10Gbase-LR
  Te2/3/19      Mmbr HS-BAHUB-XA-1 disabled     999          full    10G No Connector
  Te2/3/20      Mmbr HS-BOOKSHOP-X connected    trunk        full    10G 10Gbase-LR

  What do these err-disabled ports connect to?

• Maximum number of interfaces in Port Channel on Nexus 5596

  Let me preface this by saying I am not a network expert....
  I noticed that our customer had configured a port channel on their Nexus 5596 comprised of 16 interfaces. I thought the maximum number of interfaces in a port channel was 8 interfaces? I see in the Nexus 7000 documentation that if you configure 16 interfaces, the remaining 8 will be in "hot standby." Is this the same behavior on the Nexus 5000 series?
  Thank you.

  Same behavior on the 5500 series and other Cisco switches like 3750, 3850 , etc..
  HTH

• LMS 4.2 - Err-disable port state

  Hello,
  I'm trying to figure it out how exactly LMS learns about ports in err-disable state? Which MIB or command is used?
  I have two ME3400 switches with err-disabled ports but LMS shows only the ports of one of the them. Both switches are ME-3400-24TS-A
  and have the same IOS version (12.2(53)SE). I'm sure data collection is running fine because it updates the other discrepancies.
  What i have tried by now:
  - did an SNMP walk from LMS on CISCO-ERR-DISABLED-MIB - no info found there on port status
  - did an SNMP walk from LMS on CISCO-STACK-MIB - I know that this MIB contains object portAdditionalOperStatus (1.3.6.1.4.1.9.5.1.4.1.1.23) which shows the operational status of the ports, but it seems that ME3400 does not support it (although it supports CISCO-STACK-MIB), because I cannot see the SNMP reponse in the trace:
  ========================================================================
  The following is a SNMP walk of device 192.168.6.89 starting from .1.3.6.1.4.1.9.5.1.4.1.1.23
  SNMP Walk Output
  .1.3.6.1.4.1.9.5.1.4.1.1.23
  CISCO-STACK-MIB::portAdditionalOperStatus = No Such Object available on this agent at this OID
  ========================================================================
  So how does LMS knows which ports are in err-disable state?
  Kind regards,
  Velin

  Hello,
  The OID that LMS uses for detecting the err-disabled state of the ports is 1.3.6.1.4.1.9.9.548.1.3.1.1.2 (cErrDisableIfStatusCause) from CISCO-ERR-DISABLE-MIB 
  Velin

• WLC 5508 reboot cause switch port link flap error disable

  Hi All
  today my customer call me saied after reboot WLC , the switch port was err-disable , the cause is link flap
  after we reboot 3 times , the switch port link flap err-disable every time
  does anyone to meet the same problem??
  we don't know why the WLC rebboot will cause it , it just normal action on device
  the WLC version is 7.4.100.0
  link switch with access port , no port channel , no portfast
  Asa Hung          2013/05/30

  Hello Asa,
  As per your query i can suggest you the following solution-
  Complete these steps to reset the WLC to factory default settings using the CLI:
  Enter reset system at the command prompt.
  At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.
  When you are prompted for a username, enter recover-config to restore the factory default configuration.
  The WLC reboots and displays the  Welcome to the Cisco WLAN Solution Wizard Configuration Tool message.
  Use the configuration wizard to enter configuration settings.
  Note: Once the WLC is reset to defaults, you need a serial connection to the WLC in order to use the configuration wizard.
  Hope this will help you.

• BPDU Guard without ERR-Disable

  Hi Everyone, 
  I recently had an instance in one of my networks where a user plugged in a home router to our network. The router then started handing out incorrect IP addresses to clients. 
  I know I can use DHCP Snooping or BPDU guard to stop this happening again and we do have BPDU Guard running at other sites successfully. The problem has always been if we enable it in a new production network we might disable ports that have legitimate devices on the other end. For example someone is using a small switch to share a port between a PC and a printer.
  Is there a way of turning on BPDU guard but without it putting ports into an Err-Disabled mode and just alerting in the logs instead?
  Regards, Daniel

  Hi Leo, 
  Thanks for your input in the discussion. However I think you are misunderstanding why I am asking this question.
  I WANT to enable BPDU guard on this network, I know its not a PIA and I am well aware of what it does and why it would be implemented.
  The reason I am asking this question is because I need to transition from a network that doesn't have BPDU guard enabled to one that does. If i turn the feature on it will start disabling ports on switches and stop peoples workflow until it is resolved. The reason people have unidentified switches plugged into the network might be legitimate, but the way they got around their problem wasn't the best. 
  My goal is to find out where these rogue switches are, find out why they are there. Find an alternative way to connect these devices to the network by either purchasing new switches or running more cabling.  This network does not have any onsite IT and therefor all this needs to be figured out remotely.
  So the crux of the problem is. How to find STP devices that are plugged into my switches.
  Thoughts?

• MDS configuration for port channel

  I've tried to set up the new FC port channel upload to a pair of MDS 9124s, but as I don't know enough about the MDS side I can't get the link to come up. Are there any references available anywhere that tell you blow by blow exactly how to configure the MDS side of the port channel? Or perhaps a sample working config?
  Thanks

  Simon,
  A few items:
  1) You are on 1.4.1i Balboa code
  2) FI's are in FC switch mode as MDS 9124's don't support F-port channel (NPV/NPIV)
  3) It's a lot easier the first time if you have matched speed sfp+ all around. Although, with the correct configs, unmatched speeds can be made to work.
  If the FIs are in switch mode and your MDS is running a minimum 3.3 here are some configs that may help:
  MDS side interfaces 4/11 and 4/12 are plugged into the UCS fc ports. First setup and ensure ISLs are working properly between UCS and MDS, then configure the port-channels
  interface fc4/11
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    no shutdown
  interface fc4/12
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    no shutdown
  The UCS GUI Equipment -> Fabric Interconnects -> FI-A -> Set FC Switching Mode. This will cause both FI's to reboot into FC switch mode. This is VERY DISRUPTIVE, both FI's will reboot.
  On the UCS CLI you should see this on the UCS fc ports connected to the MDS
  cae-sj-ca3-A(nxos)# show running-config interface fc 2/1-2
  !Command: show running-config interface fc2/1-2
  !Time: Wed Oct 20 16:49:39 2010
  version 4.2(1)N1(1.4)
  interface fc2/1
    switchport mode E
    no shutdown
  interface fc2/2
    switchport mode E
    no shutdown
  Until you have VSAN trunks enabled, make sure the ports on the UCS and MDS are in the same VSAN. VSAN 1 for example.
  Once you have working ISLs, then proceed to turn them into port-channels and enable VSAN trunking. Start with the MDS
  Create a channel group, it should look like this
  cae-sj-9506-1# show run interface port-channel 3
  !Command: show running-config interface port-channel 3
  !Time: Wed Oct 20 17:06:01 2010
  version 5.0(1a)
  interface port-channel 3
    channel mode active
    switchport mode E
    switchport rate-mode dedicated
    switchport trunk mode auto  <-- VSAN trunking
  Enable VSAN trunking on the MDS ISL interfaces, it'll look like this:
  cae-sj-9506-1# show run interface fc 4/11-12
  !Command: show running-config interface fc4/11-12
  !Time: Wed Oct 20 17:07:05 2010
  version 5.0(1a)
  interface fc4/11
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    no shutdown
  interface fc4/12
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    no shutdown
  Add the channel group information to the MDS ISL interfaces:
  Enter configuration commands, one per line.  End with CNTL/Z.
  cae-sj-9506-1(config)# interface fc 4/11-12
  cae-sj-9506-1(config-if)# channel-group 3 force
  fc4/11 fc4/12 added to port-channel 3 and disabled
  please do the same operation on the switch at the other end of the port-channel,
  then do "no shutdown" at both ends to bring it up
  cae-sj-9506-1(config-if)# show run interface fc 4/11-12
  !Command: show running-config interface fc4/11-12
  !Time: Wed Oct 20 17:07:39 2010
  version 5.0(1a)
  interface fc4/11
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    channel-group 3 force
    no shutdown
  interface fc4/12
    switchport rate-mode dedicated
    switchport mode E
    switchport trunk mode auto
    channel-group 3 force
    no shutdown
  Create the SAN port channel on the UCS side
  SAN -> SAN Cloud -> Fabric A -> FC Port Channels -> Create Port Channel
  After you create the SAN port channel in UCS, make sure and enable it. I also bounce the MDS port channel at this point.
  If all is correct, in a few agonizing minutes, the port-channel will be formed and passing data.
  cae-sj-ca3-A(nxos)# show interface san-port-channel 1
  san-port-channel 1 is trunking
      Hardware is Fibre Channel
      Port WWN is 24:01:00:0d:ec:d3:5d:c0
      Admin port mode is E, trunk mode is on
      snmp link state traps are enabled
      Port mode is TE
      Port vsan is 1
      Speed is 8 Gbps
      Trunk vsans (admin allowed and active) (1,10,26,50,66,100-101,103,123,222,24
  0)
      Trunk vsans (up)                       (1,10,50,100,103)
      Trunk vsans (isolated)                 (26,66,101,123,222,240)
      Trunk vsans (initializing)             ()
      5 minute input rate 2312 bits/sec, 289 bytes/sec, 2 frames/sec
      5 minute output rate 1440 bits/sec, 180 bytes/sec, 2 frames/sec
        2669 frames input, 194760 bytes
          0 discards, 0 errors
          0 CRC,  0 unknown class
          0 too long, 0 too short
        2677 frames output, 158316 bytes
          0 discards, 0 errors
        0 input OLS, 1 LRR, 0 NOS, 0 loop inits
  Again, make sure you have the ISLs up an running first before configuring the port-channels. It makes troubleshooting much easier.
  Let me know if you need any help.

• Multiple vsan traffic over single port-channel

  Hi -
  Scenario - 2 interface uplink (port-channel - Po10 ) from NetApp FAS-A to N5548-A & B. Po10 is currently configured with vPC10 and vFC10 at N5k end. single vfc currently mapped with a single vsan (vfc10 with vsan 1011).
  Q - Is it possible to make the Port-channel to pass multiple vsan (vsan 1011 & 1012). If yes, then how (over same vfc or by separate vfc on same port-channel)
  Subhankar      

  This router’s capability is only limited and dependent on the services that your ISP has given or allowed for you to use. I think it really has to be a one is to one configuration, not only with this router because I haven’t noticed any router that has this feature so far. This is really another idea for Linksys can work on.

• Creating san-port-channel on 6248 using CLI

  I can create the san port channel using UCS manager. But I would like to know the syntax using CLI. So far I was able to figure out the following. One thing missing was moving the port channel from the default VSAN(1) to a different VSAN i.e VSAN 10 in my case. I have looked at the CLI guide, but have not found the commands syntax. Appreciate if anyone can post the syntax
  ### Create Port Channel ###
  scope fc-uplink
  scope fabric a
  create port-channel 1
  enable
  set name port-channel-1
  set adminspeed auto
  commit-buffer
  end
  ### Add interfaces to Port Channel ###
  scope fc-uplink
  scope fabric a
  scope port-channel 1
  create member-port 1 29
  exit
  create member-port 1 30
  commit-buffer
  end

  Thanx Wdey. That's exactly what I was looking for. Here is the syntax which works for me.
  scope fc-uplink
      scope fabric a
          create port-channel 1
          enable
          set name port-channel-1
          set adminspeed auto
      commit-buffer
  end
  scope fc-uplink
      scope fabric a
          enter port-channel 1
              enable
              enter member-port 1 29
              enable
              exit
              enter member-port 1 30
              enable
              exit
              set adminspeed auto
          exit
          enter vsan VSAN10 10 10
              set fc-zoning disabled
              set fcoe-vlan 10
              set id 10
              enter member-port-channel a 1
              exit
              localize
           exit
       end
  commit-buffer

• SG500x Port-channel limited bandwidth

  Good Day All,
  I have 2 Cisco SG500X-48 setup as Master/Slave using SFP-H10GB-CU1M (10GB Twinax cable).
  First question is with the twinax cables
  Since on the SG500x's you can not configure the 2*10GE Stacking Combo ports. If I put two cables in for redundancy will this cause a network loop, or will STP/RSTP catch this?
  Next question is limited bandwidth.
  I setup 4 Interfaces to Port channel with LACP. On the Server(HP Proliant Gen8 server(s)) end have the NIC Team with 4 NICs. When I run a network stress tool, it seems to cap at around 68MBs. Each port should being 1Gb, shouldn't I be getting closer to 4 GB?
  My Configuration would read much like this:
  VLANs setup:
  ##1-RF System
  ##2-VOIP
  ##3-LAN
  interface Port-channel 3
  spanning-tree portfast
  switchport trunk allowed vlan add ##1,##2
  switchport trunk native vlan ##3
  interface gigabitethernet2/1/5
  spanning-tree portfast
  channel-group 3 mode auto
  switchport mode access
  interface gigabitethernet2/1/6
  spanning-tree portfast
  channel-group 3 mode auto
  switchport mode access
  interface gigabitethernet2/1/7
  spanning-tree portfast
  channel-group 3 mode auto
  switchport mode access
  interface gigabitethernet2/1/8
  spanning-tree portfast
  channel-group 3 mode auto
  switchport mode access
  I dont have much under standing on QOS yet, I assuming this would be based on setting up this?
  Any direction or help would be greatly appreciated
  Chris,

  Hello Chris,
  The way the stacking cables works is it detects when you are using two of them and switches over to what is called 'ring' mode.  It doesn't use both links at once, but if one of those links fails it will immediately use the second one, usually not even dropping one packet.  STP isn't an issue on the stack ports because it doesn't really use it, the stacking is a proprietary protocol that handles all of this for you.  So go ahead and plug up your second set of cables, you should see a log message saying you have moved from 'chain' to 'ring'.
  As for LAGs, this is a common misconception with link aggregation.  I understand the logic, you have 4 gig links, why can't you get 4 gigs of throughput?  It has to do with how LAGs actually work.
  When a packet arrives at the switch and needs to go out the LAG the switch runs a calculation on the source and destination IP (or source and destiantion MAC depending on your settings).  From this calculation it comes up with a number, in your case from 1-4.  That determines the link that it uses to get across that LAG.  There is no way to make one conversation use more than one link, it just isn't how it works.  So when you run a speed test from one IP to one other IP, the result of the switch's calculation will always be the same number, hence all the traffic for that stream goes down the same link in the LAG.
  There isn't any spillover, so even if one link is much busier then the rest it doesn't move them over to one of the other links.
  On some enterprise switches you can use a load balancing algorithm that uses source and destination port, which can result in multiple conversations between the same two clients to use multiple links, but on the Small Business switches we only have IP or MAC.
  Basically any one conversation will always be limited to whatever the speed of 1 link in the LAG is.
  It is possible to utilize the link more, but you would need several different computers talking to the server to really see that.  QoS would not change this.
  As for your speed, it is a bit low, the max for a gigabit link is about 118MB/s (lab max, your mileage may vary) if you are using normal sized frames.  This is assuming two devices directly connected to the with no routing required.  How are you testing the speed?  I like to use a program called Tamosoft throughput tester for this, which is available free on the web.
  Hope that helps a bit,
  Christopher Ebert - Advanced Network Support Engineer
  Cisco Small Business Support Center
  *please rate helpful posts*

• Port-channel disoblige

  Hi Folks,
  We have a trouble in port-channel for an interface with point-point link, assigning ip to that interface possibly can make a ping,, whereas bringing the same interface to port channel assigning those same IP and try pinging to each other, unfortunately can't ping.
  switch 1#
  interface Ethernet2/20
    speed 1000
    duplex full
    bandwidth 1000000
    udld disable
    channel-group 2
    no shutdown
  switch 2#
  interface Ethernet2/37
    speed 1000
    duplex full
    bandwidth 1000000
    channel-group 2
    no shutdown
  switch 1#
  Command: show running-config interface port-channel2
  Time: Fri Dec 27 09:49:3 2013
  version 6.0(1)
  interface port-channel2
    speed 1000
    duplex full
    ip address 1.2.3.1/30  --> altered ip
  switch 2#
  Command: show running-config interface port-channel2
  Time: Fri Dec 27 09:50:48 2013
  version 6.2(2)
  interface port-channel2
    speed 1000
    duplex full
    ip address 1.2.3.2/30 --> altered ip
  Please review and suggest us some valuable recommendation to overcome this issue.

  What switch is this? Generally, to create a L3 etherchannel, you'll need to configure "no switchport" on the physical interfaces before you can use an address on the port channel interface.
  HTH,
  John
  *** Please rate all useful posts ***

• Sg300-28 port-channel options

  i have an sg300-28 running the latest firmware, and would like some insight on port-channel options.  below are the port configs i have for a LAG to my router.  i am currently using 802.3ad with LACP.  my router is a linux machine pulling duty as a basic (no dynamic routing) router, firewall and internet gateway.  the bonding options on the routers side explained at
  http://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sec-Using_Channel_Bonding.html.  the mode is 4 or 802.3ad and the xmit_hash_policy is 2 or layer2+3.  i also have 2 servers setup in a similar fashion with 2 interfaces in a LAG.
  when i run a bandwidth test, iperf, between the two servers, i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG.  is the sg300 capable of creating a LAG that will combine the throughput of all the members of the LAG?  for example, create a 2 GB pipe when 2 interfaces are port-channeled?  is the balance-xor mode what would do this (regardless of the sg300's ability to do this)
  interface gigabitethernet25
  description "Port Channel to Router"                
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet26
  description "Port Channel to Router"
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet27
  description "Port Channel to Router"
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet28
  description "Port Channel to Router"
  channel-group 1 mode auto                           
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface Port-channel1
  description "Port Channel to Router"
  switchport mode general
  switchport general allowed vlan add 2-3,25,37,50,52,253-255 tagged
  switchport general pvid 255

  Hi Brendan,
  You said "i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG."
  As the Admin guide says on page 130, http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
  Load Balancing
  Traffic forwarded to a LAG is load-balanced across the active member ports, thus achieving an effective bandwidth close to the aggregate bandwidth of all the active member ports of the LAG.
  Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information.
  The switch supports two modes of load balancing:
  By MAC Addresses—Based on the destination and source MAC addresses of all packets.
  By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for
  non-IP packets.
     So,  an IP host running running IPERF maybe checking unicast throughput between the two IP hosts.  There will be a Source and Desination IP address in that test.  The switch will direct the traffic over one of the LAG port members .  It wont Round robin the unicast traffic over multiple LAG ports, if the Source and Desination IP address of the traffic is the same.  .
  If the  PC  running IPerf,  had  another concurrent IPerf session to another or different IP host, the hash algorithm on the switch may direct that stream , maybe, over a different physical LAG interface.
  So your comment about  achieving  900+mbps  sounds normal   Yes LAG spreads the load, the benefit comes when lots of hosts on  both sides of the switches.
  You hay find with just two hosts on either side of a LAG, that the switch may run the traffic between two hosts over just one member of the LAG group.
  regards Dave

• ASA EIGRP Port Channel Bug?

  Hi All
  I have EIGRP configured on an ASA5512-X code version 9.1(4). When I do a "show eigrp interfaces" the Port Channel linking to the adjacent router is not listed. It is not a passive interface (even did a "no passive-interface outside" to double check). Other interfaces are listed. Debugging EIGRP shows no hellos arriving on that interface either, even though a debug on the adjacent router confirms they are being sent. Am I missing something or is this a bug?
  Thanks for looking!
  - James

  Hello,
  It does... Thanks for the explanation
  Now if you are behind the inside interface you should be able to ping it.
  Can you share the show run icmp
  Also do the following on the ASA
  cap capin interface inside match icmp any host 172.17.120.254
  cap asp type asp-drop all circular-buffer
  Then try to ping the ASA inside interface and provide me:
  show cap capin
  show cap asp | include 172.17.120.254
  Regards,
  We are here to help, Remember to rate all the post that help ( If you do not know how to rate a post, just let me know, I will let you know how )
  Julio