topic Re: Error Message for AE1 Aggregate Group in General Topics

Error Message for AE1 Aggregate Group

FarzanaMustafa — Fri, 28 Jun 2019 00:57:14 GMT

Hello,

We are getting below messages on and off for our HA pair.

eth 1/5 and 1/6 are part of the ae1 aggregate group

nego-fail,ethernet1/6,0,0,general,critical,"LACP interface ethernet1/6 moved out of AE-group ae1. Selection state Selected",450025,0x0,0,0,0,0,,FW-1
lacp-up,ethernet1/6,0,0,general,critical,"LACP interface ethernet1/6 moved into AE-group ae1.",450026,0x0,0,0,0,0,,FW-1
nego-fail,ethernet1/5,0,0,general,critical,"LACP interface ethernet1/5 moved out of AE-group ae1. Selection state Selected",161108,0x0,0,0,0,0,,FW-2
lacp-up,ethernet1/5,0,0,general,critical,"LACP interface ethernet1/5 moved into AE-group ae1.",161109,0x0,0,0,0,0,,FW-2

What exactly needs to be checked?

Re: Error Message for AE1 Aggregate Group

BPry — Fri, 28 Jun 2019 03:18:25 GMT

@FarzanaMustafa,

You need to look at the switch configuration and determine why LACP is failing to negotiate correctly. As it appears you are getting errors across both links the switch LACP configuration is likely either severly wrong or the uplinks were never actually configured to utilize LACP on the switch side of things.

Re: Error Message for AE1 Aggregate Group

RobinClayton — Fri, 28 Jun 2019 15:54:44 GMT

Was it working?

Has somone changed something?

Rob

Re: Error Message for AE1 Aggregate Group

Yevgeni — Sun, 30 Jun 2019 13:52:36 GMT

I think the switch is missing LACP mode

Re: Error Message for AE1 Aggregate Group

FarzanaMustafa — Fri, 05 Jul 2019 00:29:14 GMT

Hi @BPry @Yevgeni @RobinClayton

The Dell switch ports are configured as below

Are they not configured correctly?

interface GigabitEthernet 1/21
description member port-channel 21
no ip address
!
port-channel-protocol LACP
port-channel 21 mode active
no shutdown
!
interface GigabitEthernet 1/22
description member port-channel 22
no ip address
!
port-channel-protocol LACP
port-channel 22 mode active
no shutdown

interface Port-channel 21
description Port-Channel to fw-1 lan ae2
no ip address
switchport
vlt-peer-lag port-channel 21
no shutdown
!
interface Port-channel 22
description Port-Channel to fw-2 lan ae2
no ip address
switchport
vlt-peer-lag port-channel 22
no shutdown

Re: Error Message for AE1 Aggregate Group

BPry — Fri, 05 Jul 2019 02:10:48 GMT

@FarzanaMustafa,

Are you running both of these interfaces into the same AE group on the firewall, or is fw-1 and fw-2 utilizing port-channel 21 and port-channel 22 respectivly? From the configuration that you've shared it looks like you are only utilizing a sole interface to each firewall, at that point why are you using an AE at all? The configuration for the port-channel looks perfectly fine from the switch perspective, you could verify the LACP status by doing 'show lacp 21' and 'show lacp 22' to see why your members are dropping out, it should also be showing something within logging.

Re: Error Message for AE1 Aggregate Group

RobinClayton — Fri, 05 Jul 2019 07:22:56 GMT

Yeah, are both ports on the switch connected to the AE1 on the firewall.

If so port Group 22 should not be used, both swithc ports in same group.

interface Port-channel 21
description Port-Channel to fw-1 lan ae2
no ip address
switchport
vlt-peer-lag port-channel 21
no shutdown

Re: Error Message for AE1 Aggregate Group

RobinClayton — Fri, 05 Jul 2019 07:25:18 GMT

Get that stable on the 1st of the HA pair.

Then create the second port group, and associated interfaces for the second firewall.

Rob

Re: Error Message for AE1 Aggregate Group

RobinClayton — Fri, 05 Jul 2019 07:27:43 GMT

Also, from the logs..

Are you running ACTIVE-ACTIVE? It's not the "recomended" configuration.