This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

LACP not active, negotiation failed. One member is not happy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

LACP not active, negotiation failed. One member is not happy

Go to solution
myky
L3 Networker

‎02-11-2020 02:24 PM - edited ‎02-11-2020 02:26 PM

Hi All,

 

PA-3060, PAN-OS 7.1.17

 

Please see below:

 

ddd.JPG

 

LACP:

**********************************************************************************
AE group: ae1
Members: Bndl Rx state Mux state Sel state
ethernet1/17 yes Current Tx_Rx Selected
ethernet1/18 no Current Attached Selected
Status: Enabled
Mode: Active
Rate: Fast
Max-port: 2
Fast-failover: Disabled
Pre-negotiation: Disabled
Local: System Priority: 32768
System MAC: 00:1b:17:00:01:01
Key: 48
Partner: System Priority: 10
System MAC: 00:01:00:01:00:01
Key: 3000
Port State
--------------------------------------------------------------------------------
Interface Port
Number Priority Mode Rate Key State
--------------------------------------------------------------------------------
ethernet1/17 32 32768 Active Fast 48 0x3F
Partner 36866 20 Active Fast 3000 0x3F

ethernet1/18 33 32768 Active Fast 48 0x0F
Partner 40962 21 Active Fast 3000 0x07

Port Counters
--------------------------------------------------------------------------------
Interface LACPDUs Marker Marker Response Error
Sent Recv Sent Recv Sent Recv Unknown Illegal
--------------------------------------------------------------------------------
ethernet1/17 11390156 11277328 0 0 0 0 0 0
ethernet1/18 11394781 11281914 0 0 0 0 0 0

 

--------------------------------------------------------------------------------
Name: ethernet1/18, ID: 33
Link status:
Runtime link speed/duplex/state: 10000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address 00:1b:17:00:01:21
Aggregate group : ae1
Operation mode: layer3
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 8685
rx-bytes 10465767928
rx-multicast 11788416
rx-unicast 6900843
tx-broadcast 2313
tx-bytes 10372413228
tx-multicast 11395077
tx-unicast 6893704
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1495677902
bytes transmitted 1412989548
packets received 11664365
packets transmitted 11395077
receive incoming errors 0
receive discarded 0
receive errors 0
packets dropped 0
--------------------------------------------------------------------------------

 

 

I assume the next step is the switch port check?

 

Thanks,

Myky

1 person had this problem.
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎02-26-2020 02:19 PM

@myky,

The fact that one of your ports are simply failing negotiation points to a switch configuration issue, so I would have that verified to actually be configured correctly. If you post the interface configurations here we can likely tell you if something is misconfigured. 

 

I also wanted to point out that it's time to start thinking about a software update on this firewall. 7.1.25 has been out for a long time and is currently the recommended release within that branch, since you have active security vulnerabilities that aren't patched in 7.1.16 I would plan that sooner rather than later. You will also want to update to 8.1 or later before March 29, 2020 when 7.1 goes end of life

View solution in original post

3 REPLIES 3

Go to solution
${userLoginName}
L6 Presenter

‎02-26-2020 05:26 AM

@mykyYes, please cross check ports at switch end.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

Go to solution
BPry
Cyber Elite
Cyber Elite

‎02-26-2020 02:19 PM

@myky,

The fact that one of your ports are simply failing negotiation points to a switch configuration issue, so I would have that verified to actually be configured correctly. If you post the interface configurations here we can likely tell you if something is misconfigured. 

 

I also wanted to point out that it's time to start thinking about a software update on this firewall. 7.1.25 has been out for a long time and is currently the recommended release within that branch, since you have active security vulnerabilities that aren't patched in 7.1.16 I would plan that sooner rather than later. You will also want to update to 8.1 or later before March 29, 2020 when 7.1 goes end of life

Go to solution
myky
L3 Networker
In response to BPry

‎02-27-2020 01:26 AM - edited ‎02-27-2020 01:26 AM

@BPry cheers! Yeas, we are aware of the EoL. We have moved to 8.1.x release for now.

I will check switch, thanks guys 

  • 1 accepted solution
  • 10119 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks