Error Message for AE1 Aggregate Group

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error Message for AE1 Aggregate Group

L4 Transporter

Hello,

 

We are getting below messages on and off for our HA pair.

eth 1/5 and 1/6 are part of the ae1 aggregate group

 

nego-fail,ethernet1/6,0,0,general,critical,"LACP interface ethernet1/6 moved out of AE-group ae1. Selection state Selected",450025,0x0,0,0,0,0,,FW-1
lacp-up,ethernet1/6,0,0,general,critical,"LACP interface ethernet1/6 moved into AE-group ae1.",450026,0x0,0,0,0,0,,FW-1
nego-fail,ethernet1/5,0,0,general,critical,"LACP interface ethernet1/5 moved out of AE-group ae1. Selection state Selected",161108,0x0,0,0,0,0,,FW-2
lacp-up,ethernet1/5,0,0,general,critical,"LACP interface ethernet1/5 moved into AE-group ae1.",161109,0x0,0,0,0,0,,FW-2

 

What exactly needs to be checked?

8 REPLIES 8

Cyber Elite
Cyber Elite

@FarzanaMustafa,

You need to look at the switch configuration and determine why LACP is failing to negotiate correctly. As it appears you are getting errors across both links the switch LACP configuration is likely either severly wrong or the uplinks were never actually configured to utilize LACP on the switch side of things. 

Was it working?

Has somone changed something?

 

Rob

L1 Bithead
I think the switch is missing LACP mode

 
The Dell switch ports are configured as below
Are they not configured correctly?
 
interface GigabitEthernet 1/21
 description member port-channel 21
 no ip address
!
 port-channel-protocol LACP
  port-channel 21 mode active
 no shutdown
!
interface GigabitEthernet 1/22
 description member port-channel 22
 no ip address
!
 port-channel-protocol LACP
  port-channel 22 mode active
 no shutdown
 
interface Port-channel 21
 description Port-Channel to fw-1 lan ae2
 no ip address
 switchport
 vlt-peer-lag port-channel 21
 no shutdown
!
interface Port-channel 22
 description Port-Channel to fw-2 lan ae2
 no ip address
 switchport
 vlt-peer-lag port-channel 22
 no shutdown

@FarzanaMustafa,

Are you running both of these interfaces into the same AE group on the firewall, or is fw-1 and fw-2 utilizing port-channel 21 and port-channel 22 respectivly? From the configuration that you've shared it looks like you are only utilizing a sole interface to each firewall, at that point why are you using an AE at all? The configuration for the port-channel looks perfectly fine from the switch perspective, you could verify the LACP status by doing 'show lacp 21' and 'show lacp 22' to see why your members are dropping out, it should also be showing something within logging. 

Yeah, are both ports on the switch connected to the AE1 on the firewall.

 

If so port Group 22 should not be used, both swithc ports in same group.

 

 

interface GigabitEthernet 1/21
 description member port-channel 21
 no ip address
!
 port-channel-protocol LACP
  port-channel 21 mode active
 no shutdown
!
interface GigabitEthernet 1/22
 description member port-channel 21
 no ip address

 

interface Port-channel 21
 description Port-Channel to fw-1 lan ae2
 no ip address
 switchport
 vlt-peer-lag port-channel 21
 no shutdown

 

Get that stable on the 1st of the HA pair.

 

Then create the second port group, and associated interfaces for the second firewall.

 

 

Rob

Also, from the logs..

 

Are you running ACTIVE-ACTIVE? It's not the "recomended" configuration.

  • 9175 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!