Re: LACP Port-channel Failure on FPR-2140 - Page 2

ida71 · ‎12-15-2023

I have a pair of 2140's running v7.2.5+Hotfix code, setup as HA Pair. 10Gbps Cisco SFP's to Cisco switch (same setup in 3 other locations on v7.0.5 with no issues).

My switch reports no LACP on remote end when shut/no shut issued on the etherchannel connected ports, but FMC says FTD setup is correct. The Primary 1st interface in port-channel is up, but second interface down/down on switch, same for both on Standby unit ! Been waiting days for TAC to come up with something useful

Any info from previous experience, appreciated.

Chris

MHM Cisco World · ‎12-15-2023

Sw and FW

Show lacp neighbor

Share this please

MHM

MHM Cisco World · ‎12-16-2023

Port-channel3 Data Enabled Up Up
FTD-1 /eth-uplink/fabric #
FTD-1 /eth-uplink/fabric/port-channel # show member-port detail

Member Port:
Port Name: Ethernet1/13
Membership: Up
Admin State: Enabled
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current Task:

Port Name: Ethernet1/14
Membership: Down
Admin State: Enabled
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current :

From FRP2k eth-uplinknscope it seem that the admin state is enable ? But the port member done have any admin state' the admin state is for port channel you can make it up or down

So again friend can you re add new port channel (after remove old one) and when you edit port channel make state enable.

MHM

ida71 · ‎12-18-2023

This system is live & in service I can't just delete & create new PC's. Will chase TAC again.

MHM Cisco World · ‎12-18-2023

only check other site with this site
are other sites show port with admin status or NOT
I think you can do that
thanks alot
MHM

ida71 · ‎12-18-2023

So from the partner region site FTD running v7.0.5 with exactly the same hardware (FTD+SW) and exactly the same configuration on FTD+SW I get this. Looks identical in diff compare. Admin status is enabled.

>>>

Working-FTD-1# connect local-mgmt
Working-FTD-1(local-mgmt)# show portchannel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
-------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
3 Po3(U) Eth LACP Eth1/13(P) Eth1/14(P)

LACP KeepAlive Timer:
--------------------------------------------------------------------------------
Channel PeerKeepAliveTimerFast
--------------------------------------------------------------------------------
3 Po3(U) False

Cluster LACP Status:
--------------------------------------------------------------------------------
Channel ClusterSpanned ClusterDetach ClusterUnitID ClusterSysID
--------------------------------------------------------------------------------
3 Po3(U) False False 0
Working-FTD-1(local-mgmt)#
Working-FTD-1(local-mgmt)# exit
Working-FTD-1# scope eth-uplink
Working-FTD-1 /eth-uplink # scope fabric a
Working-FTD-1 /eth-uplink/fabric # show port-channel

Port Channel:
Port Channel Id Name Port Type Admin State Oper State State Reason
--------------- ---------------- ------------------ ----------- ---------------- ------------
3 Port-channel3 Data Enabled Up Up
Working-FTD-1 /eth-uplink/fabric #
Working-FTD-1 /eth-uplink/fabric # scope port-channel 3
Working-FTD-1 /eth-uplink/fabric/port-channel # show member-port detail

Member Port:
Port Name: Ethernet1/13
Membership: Up
Admin State: Enabled
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current Task:

Port Name: Ethernet1/14
Membership: Up
Admin State: Enabled
Oper State: Up
State Reason: Up
Ethernet Link Profile name: default
Oper Ethernet Link Profile name: fabric/lan/eth-link-prof-default
Udld Oper State: Unknown
Current Task:
Working-FTD-1 /eth-uplink/fabric/port-channel #

<<<

ida71 · ‎12-18-2023

Show LACP Neighbor from FTD Working + NOT-working

Working-FTD-1# connect local-mgmt
Working-FTD-1(local-mgmt)# Show lacp neighbor

Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode

Channel group: 3

Cluster Spanned: False
Cluster SystemID:
Cluster UnitID: 0
Cluster Detached: False
LACP Peer KeepAlive Timer Fast: False

Partner (internal) information:

Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/13 32768,0200.0000.005a 0xb 11 s SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0xa 0x3d

Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes

Collecting: Distributing: Defaulted: Expired:
Yes Yes No No

Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/14 32768,0200.0000.005a 0x2b 27 s SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0xa 0x3d

Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes

Collecting: Distributing: Defaulted: Expired:
Yes Yes No No
Working-FTD-1(local-mgmt)#
-------------------------------------------------------------------------------------------------
NOT-Working-FTD-1# connect loc
NOT-Working-FTD-1(local-mgmt)# Show lacp neighbor

Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode

Channel group: 3

Cluster Spanned: False
Cluster SystemID:
Cluster UnitID: 0
Cluster Detached: False
LACP Peer KeepAlive Timer Fast: False

Partner (internal) information:

Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/13 32768,0200.0000.0050 0xb 5 s SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0xa 0x3d

Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes

Collecting: Distributing: Defaulted: Expired:
Yes Yes No No

Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/14 32768,0200.0000.0050 0xc 2 s SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0xb 0xd

Port State Flags Decode:
Activity: Timeout: Aggregation: Synchronization:
Active Short Yes Yes

Collecting: Distributing: Defaulted: Expired:
No No No No
NOT-Working-FTD-1(local-mgmt)#

MHM Cisco World · ‎12-18-2023

Op state

hex to binary then flapping
1-FTD 11010000 ->00001011 (0xd)
this passive LACP and not Sync and individual link

2-FTD 00111101->10111100 (0xd3)

3-FTD 01010000->00001010 (0x5)
this link is passive LACP and not Sync and individual link

why SW and FTD is passive mode !!!

MHM

ida71 · ‎12-18-2023

So Running sh lacp neighbor gives this on working & not-working switches. The not working shows MAC addresses against the port-channel to be wrong, but if that was due to cabling, then one port on the standby FTD should come to life like it did on the primary.

I've raised a request with remote hands to confirm that cabling, as it was done by a colleague on a visit, but remote hands in this DC have given me trouble in the past

>>>

Working Switch
Working-SW#sh lacp neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/1/11 SA 32768 1859.f5d8.d993 1s 0x0 0x3 0x10E 0x3D
Te2/1/11 SA 32768 1859.f5d8.d993 21s 0x0 0x3 0x10F 0x3D

Channel group 2 neighbors

Partner's information:

LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/1/12 SA 32768 1859.f5d9.3313 22s 0x0 0x3 0x10E 0x3D
Te2/1/12 SA 32768 1859.f5d9.3313 20s 0x0 0x3 0x10F 0x3D
Working-SW#

-------------------------------------------------------------------------------------------------
NOT Working Switch
NOT-Working-SW#sh lacp neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/1/11 SA 32768 acbc.d990.cb13 20s 0x0 0x3 0x10E 0x3D
Te2/1/11 SA 32768 1859.f5d9.2693 28s 0x0 0x3 0x10E 0x5

Channel group 2 neighbors

Partner's information:

LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/1/12 SA 32768 acbc.d990.cb13 13s 0x0 0x3 0x10F 0x5
Te2/1/12 SA 32768 1859.f5d9.2693 27s 0x0 0x3 0x10F 0x5
NOT-Working-SW#

<<<

ida71 · ‎12-18-2023

Thanks to all for your efforts. I just had remote hands confirm that my colleague who put these in for me a year ago, crossed a couple of the 10Gb cables & put them in the wrong ports in the switch ! FFS Just had them swapped to where they should be & both port-channels on the switches have come up & the FTD's now show UP/UP with the correct ports in the correct port-channels.

ida71 · ‎12-18-2023

So both FTD & SW are set to Mode Active, I can only assume it shows a poor code when wrong interface is connected to wrong cable for another Port-channel !? Weird but there ya go.

MHM Cisco World · ‎12-18-2023

Ohh finally

We solve this issue

I am so happy

Have a nice day and good cabling lol..

MHM