LACP not active, negotiation failed. One member is not happy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LACP not active, negotiation failed. One member is not happy

L3 Networker

Hi All,

 

PA-3060, PAN-OS 7.1.17

 

Please see below:

 

ddd.JPG

 

LACP:

**********************************************************************************
AE group: ae1
Members: Bndl Rx state Mux state Sel state
ethernet1/17 yes Current Tx_Rx Selected
ethernet1/18 no Current Attached Selected
Status: Enabled
Mode: Active
Rate: Fast
Max-port: 2
Fast-failover: Disabled
Pre-negotiation: Disabled
Local: System Priority: 32768
System MAC: 00:1b:17:00:01:01
Key: 48
Partner: System Priority: 10
System MAC: 00:01:00:01:00:01
Key: 3000
Port State
--------------------------------------------------------------------------------
Interface Port
Number Priority Mode Rate Key State
--------------------------------------------------------------------------------
ethernet1/17 32 32768 Active Fast 48 0x3F
Partner 36866 20 Active Fast 3000 0x3F

ethernet1/18 33 32768 Active Fast 48 0x0F
Partner 40962 21 Active Fast 3000 0x07

Port Counters
--------------------------------------------------------------------------------
Interface LACPDUs Marker Marker Response Error
Sent Recv Sent Recv Sent Recv Unknown Illegal
--------------------------------------------------------------------------------
ethernet1/17 11390156 11277328 0 0 0 0 0 0
ethernet1/18 11394781 11281914 0 0 0 0 0 0

 

--------------------------------------------------------------------------------
Name: ethernet1/18, ID: 33
Link status:
Runtime link speed/duplex/state: 10000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address 00:1b:17:00:01:21
Aggregate group : ae1
Operation mode: layer3
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 8685
rx-bytes 10465767928
rx-multicast 11788416
rx-unicast 6900843
tx-broadcast 2313
tx-bytes 10372413228
tx-multicast 11395077
tx-unicast 6893704
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 1495677902
bytes transmitted 1412989548
packets received 11664365
packets transmitted 11395077
receive incoming errors 0
receive discarded 0
receive errors 0
packets dropped 0
--------------------------------------------------------------------------------

 

 

I assume the next step is the switch port check?

 

Thanks,

Myky

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@myky,

The fact that one of your ports are simply failing negotiation points to a switch configuration issue, so I would have that verified to actually be configured correctly. If you post the interface configurations here we can likely tell you if something is misconfigured. 

 

I also wanted to point out that it's time to start thinking about a software update on this firewall. 7.1.25 has been out for a long time and is currently the recommended release within that branch, since you have active security vulnerabilities that aren't patched in 7.1.16 I would plan that sooner rather than later. You will also want to update to 8.1 or later before March 29, 2020 when 7.1 goes end of life

View solution in original post

3 REPLIES 3

L6 Presenter

@mykyYes, please cross check ports at switch end.

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

Cyber Elite
Cyber Elite

@myky,

The fact that one of your ports are simply failing negotiation points to a switch configuration issue, so I would have that verified to actually be configured correctly. If you post the interface configurations here we can likely tell you if something is misconfigured. 

 

I also wanted to point out that it's time to start thinking about a software update on this firewall. 7.1.25 has been out for a long time and is currently the recommended release within that branch, since you have active security vulnerabilities that aren't patched in 7.1.16 I would plan that sooner rather than later. You will also want to update to 8.1 or later before March 29, 2020 when 7.1 goes end of life

@BPry cheers! Yeas, we are aware of the EoL. We have moved to 8.1.x release for now.

I will check switch, thanks guys 

  • 1 accepted solution
  • 10296 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!