Port channel issue in ASA

Similar Messages

• Port Channel Issue on Cisco 2960s-24ts

  Hi All
  Last week at a customer site we installed a 2nd 2960s 24 port switch to form a stack using flexstack cables, and the switch stack is working as expected as I can see a master switch and 2nd switch as a member.
  For redundancy / resilience we decided to use port 24 on each switch over copper for trunk uplinks to our core switch. The issue that we're having is I can't ping the switch management address. I can however see the address in the arp table and the edge switch is visible when I run show cdp nei. As a work around I've shutdown one of the ports to the downlink from core to edge in order to ping the management address of the switch which is in vlan 1. I'd like to get the port-channel working on both sides for resilience.
  ANY HELP IS APPRECIATED...
  Core switch is a WS-C3750G-24TS-1U running software version  C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, C3750 Software (C3750-IPBASE-M)
  Edge switch is a WS-C2960S-24TS-L running software version C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(53r)SE,C2960S Software (C2960S-UNIVERSALK9-M)
  The config on the edge switch which goes to the core is :
  interface GigabitEthernet1/0/24
   description *****
   switchport mode trunk
   channel-group 6 mode on
  end
  interface GigabitEthernet2/0/24
   description *****
   switchport mode trunk
   channel-group 6 mode on
  end
  interface Port-channel6
   description ******
   switchport mode trunk
  end
  The config on the downlink ports from the core to the edge:
  interface GigabitEthernet1/0/20
   description Edge
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-group 20 mode on
  end
  interface GigabitEthernet2/0/20
   description Edge
   switchport trunk encapsulation dot1q
   switchport mode trunk
   shutdown
   channel-group 20 mode on
  end
  interface Port-channel20
   description Edge
   switchport trunk encapsulation dot1q
   switchport mode trunk
  end

  when using channel-group # on mode you must make sure the ports are on same duplex and speed setting
  what happens when you use active mode?

• Port-channel issue over Ciena DWDM

  Hi all, 
  I'm currently working on an issue encountered on a DC. 
  We currently use 2 3750 stacks (1 in each DC), connected with a Po. 
  We use dark fiber between each DC, so we have a Ciena DWDM transponder on each side. 
  The problem is that, if we have an issue on the inter-DC fiber, the Ciena interface on the 3750 side is still up. Using LACP on the Po, the issue can be detected in about 3 X 30 sec = 90 sec. 
  Before the issue is detected by LACP, the impacted port-channel interface is still used by the Po, which can cause big issues. 
  I thought use an EEM applet in order to monitor the CDP neighbor on each interface, and exclude the interface from the Po till the CDP neighbor is down, but the CDP timers are even bigger (180 sec hold-time). 
  Is there any way to address this problem, other than UDLD ? 
  In our others DC, we have two NX7K on each side, and we are able to use LACP with fast-rate, but this is not available on 3750... 
  Thank you very much ! 

  the best way to use pair of transponders on each side in protection group.

• Port-Channel Issue: SP-5-CANNOT_BUNDLE_LACP

  I'm having an issue with the port-channel coming up. Right now it's "down down". I'm not really sure why. All other port-channels on the 6500's in VSS work fine. This one seems to be giving me an issue though.
  -Both interfaces that are using this port-channel are "up up".
  -I've done "shut's, no shut's" on all interfaces involved.
  sh etherchannel summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
  Po4(SD)         LACP      Gi1/1/4(I)     Gi2/1/4(I)  
  interface Port-channel4
  switchport
  switchport access vlan (vlan number)
  switchport mode access
  load-interval 30
  flowcontrol receive desired
  spanning-tree portfast edge
  end
  interface GigabitEthernet1/1/4
  switchport
  switchport access vlan   (vlan number)
  switchport mode access
  load-interval 30
  flowcontrol receive desired
  spanning-tree portfast edge
  channel-protocol lacp
  channel-group 4 mode active
  end
  interface GigabitEthernet2/1/4
  switchport
  switchport access vlan  (vlan number)
  switchport mode access
  load-interval 30
  flowcontrol receive desired
  spanning-tree portfast edge
  channel-protocol lacp
  channel-group 4 mode active
  end
  sh log
  149886: Jul  3 15:20:34 CDT: %EC-SW1_SP-5-CANNOT_BUNDLE_LACP: Gi2/1/4 is not compatible with aggregators in channel 4 and cannot attach to them (flow control receive of Gi2/1/4 is desired, Gi1/1/4 is on)
  149887: Jul  3 15:20:35 CDT: %EC-SW2_SPSTBY-5-CANNOT_BUNDLE_LACP: Gi2/1/4 is not compatible with aggregators in channel 4 and cannot attach to them (flow control receive of Gi2/1/4 is desired, Gi1/1/4 is on)
  Thank you for your help.

  HI Mark,
  1. Can you please check your ethernet card ...where this port channel connected..on the server.
      may be there are 2 different card.
  2. from cisco websites:
  Error Message
  Explanation
  This port has different port attributes than other ports within the port channel.
  Recommended Action
  Match the port attributes to that of the port channel.
  Regards
  Please rate if it helps.
  Match the port attributes to that of the port channel.This port has different port attributes than other ports within the port channel.
  EC-5-CANNOT_BUNDLE_LACP: [char] is not compatible with aggregators in
  channel [dec] and cannot attach to them ([char])

• Port-Channel issue between UCS FI and MDS 9222i switch

  Hi
  I have a problem between UCS FI and MDS switch port-channel. When MDS-A is powered down the port-channel fails but UCS blade vHBA does not detect the failure of the port-chanel on UCS-FI and leaves the vHBA online. However, if there is no port-channel between FI-->MDS it works fine.
  UCS version   
  System version: 2.0(2q)
  FI - Cisco UCS 6248 Series Fabric Interconnect ("O2 32X10GE/Modular Universal Platform Supervisor")
  Software
    BIOS:      version 3.5.0
    loader:    version N/A
    kickstart: version 5.0(3)N2(2.02q)
    system:    version 5.0(3)N2(2.02q)
    power-seq: Module 1: version v1.0
               Module 3: version v2.0
    uC:        version v1.2.0.1
    SFP uC:    Module 1: v1.0.0.0
  MDS 9222i
  Software
    BIOS:      version 1.0.19
    loader:    version N/A
    kickstart: version 5.0(8)
    system:    version 5.0(8)
  Here is the config from MDS switch
  Interface  Vsan   Admin  Admin   Status          SFP    Oper  Oper   Port
                    Mode   Trunk                          Mode  Speed  Channel
                           Mode                                 (Gbps)
  fc1/1      103    auto   on      trunking         swl    TF      4    10
  fc1/2      103    auto   on      trunking         swl    TF      4    10
  fc1/9      103    auto   on      trunking         swl    TF      4    10
  fc1/10     103    auto   on      trunking         swl    TF      4    10
  This is from FI.
  Interface  Vsan   Admin  Admin   Status          SFP    Oper  Oper   Port
                    Mode   Trunk                          Mode  Speed  Channel
                           Mode                                 (Gbps)
  fc1/29     103    NP     on      trunking         swl    TNP     4    103
  fc1/30     103    NP     on      trunking         swl    TNP     4    103
  fc1/31     103    NP     on      trunking         swl    TNP     4    103
  fc1/32     103    NP     on      trunking         swl    TNP     4    103
  Any thoughts on this?

  Sultan,
  This is a recently found issue and is fixed in UCSM 2.0.3a version .
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCua88227
  which got duped to  CSCtz21585
  It happens only when following conditions are met
  FI in End host mode
  FC uplinks are configured for portchannel + trunking
  Certain link event failures ( such abrupt power loss by upstream MDS switch )
  Padma

• Port channel issue

  Hello 
  I need help plz , i have 2X stacking Cisco core switch 3850 and access switches 2960X over the floors. I did the configuration but port channel still down , kindly check the below config:-
  3850
  interface Port-channel1
   switchport mode trunk
  inter gi1/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  inter gi1/0/2
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  2960
  interface Port-channel1
   switchport mode trunk
  inter Tengi1/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  inter Tengi2/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  The goal that i have access switch should connect to my two core switches using two uplinks and i need to merge the uplinks speed.
  Any idea

  Hello
  Kindly find the below 
  Core_switch#show etherchannel summary
  Number of channel-groups in use: 6
  Number of aggregators:           6
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  3      Po3(SD)         LACP      Gi1/0/5(I)  Gi2/0/5(I)
  ACCESS_Floor_3#show etherchannel summary
  Number of channel-groups in use: 1
  Number of aggregators:           1
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  3      Po3(SD)         LACP      Te1/0/1(D)  Te2/0/1(D)
  I need to connect my stack switches which located on 1st floor to core switch using two uplinks one uplink teng1/0/1 to 1st core port 1/0/5 in stack and other uplink 2/0/1 to 2nd core on the stack port. 2/0/5.
  thanks

• Port-channel issue with FI-N7k using rate-mode share

  Hi Dears,
  I'm trying to using port-channel between Fabric Interconnect (FI) and N7K. in N7K use rate-mode share and LACP but the port-channel in N7K was suspended.
  I was trying :
  1. I using non dedicated port in Nexus 7010.
        - rate-mode share
        - channel-group 1 mode active
        - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  2. I using non dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode on
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up, but in Fabric interconnect was failed.
  3. I using dedicated port in Nexus 7010
       - rate-mode share
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was suspended
  4. I using dedicated port in Nexus 7010
       - rate-mode dedicated
       - channel group 1 mode active
       - switchport mode trunk
  when i using this option, the port-channel in Nexus 7010 was came up and running well.
  is any other way to configure port-channel in N7K with rate-mode share and LACP ?
  or it's some of limitation in port-channel when using rate-mode share at N7K ?
  nb: fabric interconnect only support LACP and cannot be configurable.
  regards,
  Berwin H

  HI Mark,
  1. Can you please check your ethernet card ...where this port channel connected..on the server.
      may be there are 2 different card.
  2. from cisco websites:
  Error Message
  Explanation
  This port has different port attributes than other ports within the port channel.
  Recommended Action
  Match the port attributes to that of the port channel.
  Regards
  Please rate if it helps.
  Match the port attributes to that of the port channel.This port has different port attributes than other ports within the port channel.
  EC-5-CANNOT_BUNDLE_LACP: [char] is not compatible with aggregators in
  channel [dec] and cannot attach to them ([char])

• Port-channel issues

  We installed a CISCO 6509e with 2 Sup 720 blades in one building that is about 600m from our corporate HQs.  We have a CISC 4507 with 2 Sup 6-E with 10G.  We have them connected with fiber using 10g gbic LMR optics in the 10g ports of the sup blades.  The link comes up.  We moved it to a trunk and set up port channeling.  The link will come up as a trunk but the port channel is not coming up.  We are at a bit of a loss, we have several closets through the 2 buildings and we utilize port channeling on all of our switches.  Below are the interfaces for the 2 interfaces and port channels, we had hoped to add more interfaces to this port channel but we are on hold until we can determine the reason for the port channel not coming up.
  6509E
  interface Port-channel4
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface TenGigabitEthernet5/4
   description B2B 10G
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   channel-group 4 mode auto
  GigabitEthernet5/3     unassigned      YES manual down                  down    
  TenGigabitEthernet5/4  unassigned      YES unset  up                    up  
   Port-channel4          unassigned      YES unset  down                  down 
  4507
  interface Port-channel8
   switchport
   switchport mode trunk
  interface TenGigabitEthernet1/1
   description CORE-TO-CORE
   switchport mode trunk
   channel-group 8 mode desirable
  TenGigabitEthernet1/1  unassigned      YES unset  up                    up  
  Port-channel8          unassigned      YES unset  down                  down 

  The physical port-channel configuration don't match.  4500 is "desirable" while the 6500 is "auto".

• Port channel failure / lacp_switch_get_new_agg_id: secondary l3 agg are not supported

  hi,
  hope that someone can help.
  I ran into port channel issue when trying to add 4 port Quantum Dxi server into a port channel in 3750 stack.
  Configs looks ok:
  interface Port-channel6
  description qdx-server
  switchport access vlan 3
  switchport mode access
  spanning-tree portfast
  spanning-tree bpduguard enable
  end
  all four ports configured as follows
  interface GigabitEthernet1/0/7 , 1/0/5 , 2/0/7 and 2/0/8
  description qdx-server-ethx
  switchport access vlan 3
  switchport mode access
  spanning-tree portfast
  spanning-tree bpduguard enable
  channel-protocol lacp
  channel-group 6 mode active
  end
  all ports joined the channel except Gi 1/0/5 - it got suspended once joined the port channel
  From the debug I got the following:
  Dec 16 13:36:43.082 GMT: FEC: lacp_switch_get_new_agg_id: secondary l3 agg are not supported Po6
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_restart_if_needed(1): Gi1/0/5 in list
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_invoke_port_down: Gi1/0/5
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_invoke_port_up: Gi1/0/5
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:36:46.823 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:36:46.823 GMT: FEC: lacp_switch_calculate_oper_key: oper_key for port Gi1/0/5 is 0x6
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_get_first_agg_id_from_admin_oper_keys: found aggregator Po6 for admin_key [0x6] and oper_key [0x6]
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_is_aggregator_valid: aggregator Po6 is still valid
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Gi2/0/8 associated to Po6
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_is_aggregator_valid: aggregator Po6 is still valid
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_get_next_agg_id_from_admin_oper_keys: aggregator next to Po6 not found for admin_key [0x6] and oper_key [0x6]
  Dec 16 13:36:46.982 GMT: FEC: lacp_switch_get_new_agg_id: secondary l3 agg are not supported Po6
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_restart_if_needed(1): Gi1/0/5 in list
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_invoke_port_down: Gi1/0/5
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_invoke_port_up: Gi1/0/5
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:36:56.830 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:36:56.838 GMT: FEC: lacp_switch_calculate_oper_key: oper_key for port Gi1/0/5 is 0x6
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_get_first_agg_id_from_admin_oper_keys: found aggregator Po6 for admin_key [0x6] and oper_key [0x6]
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_is_aggregator_valid: aggregator Po6 is still valid
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_get_first_associated_port_from_agg_id: found port Gi2/0/8 associated to Po6
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_is_aggregator_valid: aggregator Po6 is still valid
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_get_next_agg_id_from_admin_oper_keys: aggregator next to Po6 not found for admin_key [0x6] and oper_key [0x6]
  Dec 16 13:36:56.880 GMT: FEC: lacp_switch_get_new_agg_id: secondary l3 agg are not supported Po6
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_restart_if_needed(1): Gi1/0/5 in list
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_invoke_port_down: Gi1/0/5
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_invoke_port_up: Gi1/0/5
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_agc_compatable: comparing GC values of Gi1/0/5 Gi1/0/7 flag = 1 1
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_port_attrib_diff: compare LACP modes for Gi1/0/5
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_port_attrib_diff: Gi1/0/5 Gi1/0/7 same
  Dec 16 13:37:06.837 GMT: FEC: pagp_switch_agc_compatable: GC values are compatable
  Dec 16 13:37:06.837 GMT: FEC: lacp_switch_calculate_oper_key: oper_key for port Gi1/0/5 is 0x6
  Dec 16 13:37:07.080 GMT: FEC: lacp_switch_get_first_agg_id_from_admin_oper_keys: found aggregator Po6 for admin_key [0x6] and oper_key [0x6]
  Dec 16 13:37:07.080 GMT: FEC: lacp_switch_is_aggregator_valid: aggregator Po6 is still valid
  Checked and compared the config from another server, all looks OK.. I tried to search the error message in bold, but can't find any.
  Can anyone shed a light?
  Many thanks.

  we have the same issue with asa5525 and 3750E etherchannel.
  The same error
  lacp_switch_get_new_agg_id: secondary l3 agg are not supported on the SWITCH side
  we are using LACP active from noth sides

• Disappointed: ASA 8.4 Redundant using Port-channels

  So I finally got all our ASAs upgrade to version 8.4 and was all sorts of excited to configure port-channels to our 6500 + SUP7203B switches.  I was severally disappointed to discover that I cannot configure two port-channels and have them be members of a redundant interface pair.  It would seem like a logical topology.
  Port-channel1 = Gig0/0 & Gig0/1
  Port-channel2 = Gig0/2 & Gig0/3
  Redundant1 = Port-channel1 & Port-channel2
  Port-channel1 would connect to the primary 6500
  Port-channel2 would connect to the backup 6500
  What would it take to make this work?  Am I going to have to wait for 8.5?  Will we finally get BGP then too? (Had to get that in there)
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329357
  EtherChannel Guidelines
  •You can configure up to 48 EtherChannels.
  •Each channel group can have eight active interfaces. Note that you can assign up to 16 interfaces to a channel group. While only eight interfaces can be active, the remaining interfaces can act as standby links in case of interface failure.
  •All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed.
  •The device to which you connect the ASA 5500 EtherChannel must also support 802.3ad EtherChannels; for example, you can connect to the Catalyst 6500 switch.
  •All ASA configuration refers to the logical EtherChannel interface instead of the member physical interfaces.
  •You cannot use a redundant interface as part of an EtherChannel, nor can you use an EtherChannel as part of a redundant interface. You cannot use the same physical interfaces in a redundant interface and an EtherChannel interface. You can, however, configure both types on the ASA if they do not use the same physical interfaces.

  Hello Yaplej,
  Agree with you but unfortunetly this is not supported yet,
  We migh need to wait some time before this desing can be accomplish,
  Regards,
  If you do not have any other question please mark the question as answered

• ASA 5585 port-channels

  I want to create a port-channel with 2 10Gbs interfaces on 2 ASA 5585 firewalls, and set them up in a failover pair.
  In order to do this, do I simply put two 10Gbs interfaces into a channel and then configure the IP addressing and failover address on the logical port-channel interface? (aka interface po1).
  Any limitations with this?

  Yes, that is exactly what you do..
  Create portchannel on switch and ASA
  Trunk the vlan on switch side
  Create logical interfaces on ASA

• ASA port-channel command on IOS v. 9.0(4)

  I have configured 2 of ASA 5550 on a port channel as follows:
  =======================================
  router# show version
  Cisco Adaptive Security Appliance Software Version 8.4(2)
  router# show module
    0 ASA 5550 Adaptive Security Appliance         ASA5550            JMX1226L1S9
    1 SSM-4GE Included with ASA 5550 System        SSM-4GE-INC        JAF1224ATNS
  router# show interface Port-channel48
  Interface Port-channel48 "", is up, line protocol is up
    Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
      Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
      Input flow control is unsupported, output flow control is off
      Media-type configured as RJ45 connector
      Available but not configured via nameif
      MAC address 001f.ca97.44e2, MTU not set
      IP address unassigned
    Members in this channel:
        Active:   Gi1/2 Gi1/3
  router# show startup-config
  interface GigabitEthernet1/2
   channel-group 48 mode on
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet1/3
   channel-group 48 mode on
   no nameif
   no security-level
   no ip address
  interface Port-channel48
   no nameif
   no security-level
   no ip address
  interface Port-channel48.4
   vlan 4
  interface Port-channel48.5
   vlan 5
  After migrating to version 9.0(4) I could not configure channel group on int g 1/2.
  =======================================
  router# show version
  Cisco Adaptive Security Appliance Software Version 9.0(4)
  router# show module
    0 ASA 5550 Adaptive Security Appliance         ASA5550            JMX1421L333
    1 SSM-4GE Included with ASA 5550 System        SSM-4GE-INC        JAF1419ALAK
  router# configure terminal
  router(config)# interface GigabitEthernet1/2
  router(config-if)#  channel-group 48 mode on
                        ^
  ERROR: % Invalid input detected at '^' marker.
  router(config-if)# ?
  So I have the following questions about verion 9:
  1. Can I still use port-channels on a sigle ASA?
  2. Should I replace port-channel by lacp command on a sigle ASA?
  3. Does lacp command can be used only on clusters ?
  Att.,
  Rosa

  The following is documented in the config guide for both 8.4 and 9.0:
  •You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel. 
  So, even with 8.4 it was probably never meant to work.

• 7200/7301 MTU issue on Port-Channel

  Hi guys,
  I have an issue with MTU on port-channel :
  When I create a port-channel interface, I can set MTU to 1530 max
  When I configure an interface in this port-channel, I can set port-channel MTU to 9216 max.
  But when I reload, "mtu 9216" command is rejected and port-channel MTU is set to 1500 :
   mtu 9216
          ^
  % Invalid input detected at '^' marker.
  %Interface MTU set to channel-group MTU 1500.
  IOS version is 12.4(25g)
  Thank you so much.

  Hi guys,
  I have an issue with MTU on port-channel :
  When I create a port-channel interface, I can set MTU to 1530 max
  When I configure an interface in this port-channel, I can set port-channel MTU to 9216 max.
  But when I reload, "mtu 9216" command is rejected and port-channel MTU is set to 1500 :
   mtu 9216
          ^
  % Invalid input detected at '^' marker.
  %Interface MTU set to channel-group MTU 1500.
  IOS version is 12.4(25g)
  Thank you so much.

• ASA EIGRP Port Channel Bug?

  Hi All
  I have EIGRP configured on an ASA5512-X code version 9.1(4). When I do a "show eigrp interfaces" the Port Channel linking to the adjacent router is not listed. It is not a passive interface (even did a "no passive-interface outside" to double check). Other interfaces are listed. Debugging EIGRP shows no hellos arriving on that interface either, even though a debug on the adjacent router confirms they are being sent. Am I missing something or is this a bug?
  Thanks for looking!
  - James

  Hello,
  It does... Thanks for the explanation
  Now if you are behind the inside interface you should be able to ping it.
  Can you share the show run icmp
  Also do the following on the ASA
  cap capin interface inside match icmp any host 172.17.120.254
  cap asp type asp-drop all circular-buffer
  Then try to ping the ASA inside interface and provide me:
  show cap capin
  show cap asp | include 172.17.120.254
  Regards,
  We are here to help, Remember to rate all the post that help ( If you do not know how to rate a post, just let me know, I will let you know how )
  Julio

• Port channel asa

  Hi!
  Is it possible to configure etherchannel on Cisco ASA 5580 (ASA5580-4GE-CU card) ?
  Thanks for your help,

  Hi , 
   Yes its supports etherchannel , traffic among your port-channel will be as below 
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start.html
  Table 12-2 Load Distribution per Interface 
  # of Active Interfaces
  % Distribution Per Interface
  1
  2
  3
  4
  5
  6
  7
  8
  1
  100%
  2
  50%
  50%
  3
  37.5%
  37.5%
  25%
  4
  25%
  25%
  25%
  25%
  5
  25%
  25%
  25%
  12.5%
  12.5%
  6
  25%
  25%
  12.5%
  12.5%
  12.5%
  12.5%
  7
  25%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  8
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  HTH
  Sandy