03-24-2023 02:03 PM
Hey all, I had to RMA one of my PA-3220s and rebuilt my HA just recently. After getting everything up to 9.1.11-h3 my HSCI link just doesn't stay up between the two 3220s. One side has green HSCI links, but the other side is dark.
-Replaced fiber jumper/cable
-Tested fiber jumper/cable and it's functional
-Swapped SFPs. I'm using Cisco 10G SR SFPs and 800nm single mode.
I'm thinking I may have a bad HSCI port as I'm not sure what else to try. Would appreciate any suggestions.
03-24-2023 02:06 PM
@KevinMedeiros wrote:
-Swapped SFPs. I'm using Cisco 10G SR SFPs and 800nm single mode.
You appear to be using the wrong SFP. You need an LR optic with SMF, an SR would be utilized for MMF.
03-25-2023 01:29 PM
Also what is the physical distance between two firewalls?
You need to use right SFP LR example 10k distance with the sfp.
Also use this command to see port issues?
'less mp-log brdagent.log
Regards
Mahesh
03-27-2023 02:20 PM
Okay, I wrote that at a time when I probably should have been napping.
I'm actually using 850nm multi-mode OM4 with the SR SFP. The distance is several miles, but we're going through an MRV fiber optic ring.
I'm including a map that shows kind of how this is set up. As you can see, the only interface that is down is the HSCI on my PA in DC1. I'm arranging for a replacement PA to be sent since I really do think it's the HSCI port as this was working previously before receiving the RMA unit, but I also updated it from 8.1.5 to 9.1.11
03-27-2023 02:36 PM
We also have HSCI 40Gig connection between two PA across the DC.
In our case we have no MRV direct Single Mode connection and distance is around 14k.
Seems in your setup you have Multimode SFP from PA to MRV. Then again Multimode connection between the two MRV.
As MRV can support Multimode upto 10k so if your physical distance is less than 10k it should be fine.
It can be bad port on the PA.
Do you see any logs on the PA when you run this command
'less mp-log brdagent.log?
Also SFP is PA supported one?
I have seen other vendor SFP also can work on PA but id some issue comes then PA support want you to use PA approved vendor
SFP.
Regards
Mahesh
03-28-2023 09:55 AM
Hey Mahesh,
Thank you for the response, I appreciate it!
I did not see any logs when I ran 'less mp-log brdagent.log'
I have tried 2 Cisco official SFPs which I believe are on the list of compatible approved SFPs for the HSCI port. I'm trying to see if I can get a replacement unit sent out because I'm really thinking I may have a bad HSCI port.
03-29-2023 07:21 PM
All these indicates that port on the PA might be bad.
Its HSCI port so their is no other way you can use any other port rather than do the RMA for PA.
Regards
Mahesh
10-25-2023 04:12 PM
FWIW, I thought mine (5420) had bad port(s) as well. However, I moved from the 3m DAC (should be a PAN cable) to a 40Gb AOC cable and all is good. I'm monitoring it for flapping, so I'll update this if it flaps.
I looped the DAC between every other 40Gb port on my 5420s and it lights up every port its put in as long as one of the ports isn't an HSCI port. It also worked on the switches I'm working with.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
