This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Single interface failing LACP negotiation after PAN-OS update

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Single interface failing LACP negotiation after PAN-OS update

P.Betts
L0 Member

‎08-05-2025 09:49 AM

I'm having an issue with a single interface in an aggregate bundle failing LACP negotiations after updating one network's firewalls from PAN-OS 10.2.13 to 11.1.6.

I have two separate networks (Network A and Network B) each with two PA firewalls in Active/Passive HA. I have these firewalls cross connected to each other to provide a transit network between the networks for allowed traffic.

From the active firewall in network A, I have one interface connected to the active firewall in network B; I also have a second interface from the active firewall in network A connected to the passive firewall in network B. The link to the passive firewall in network B is the link that is failing.

Network-A(active)
LACP:

**********************************************************************************
AE group: ae6
Members:                Bndl Rx state       Mux state  Sel state
  ethernet1/15          no   Current        Detached   Unselected(Negotiation failed)
  ethernet1/16          yes  Current        Tx_Rx      Selected
Status:           Enabled
Mode:             Active
Rate:             Slow
Max-port:         8
Fast-failover:    Disabled
Pre-negotiation:  Enabled
Local:            System Priority: 32768
                  System MAC:      3c:fa:30:92:6c:01
                  Key:             69
Partner:          System Priority: 32768
                  System MAC:      60:15:2b:7e:82:01
                  Key:             69
Port State
--------------------------------------------------------------------------------
Interface                       Port                                
                    Number Priority  Mode    Rate  Key      State
--------------------------------------------------------------------------------
ethernet1/15         30     32768    Active  Slow  69       0x05
Partner              32     32768    Active  Slow  69       0x0D

ethernet1/16         31     32768    Active  Slow  69       0x3D
Partner              32     32768    Active  Slow  69       0x3D

Port Counters
--------------------------------------------------------------------------------
Interface               LACPDUs         Marker      Marker Response       Error        
                    Sent     Recv     Sent Recv     Sent     Recv     Unknown  Illegal 
--------------------------------------------------------------------------------
ethernet1/15         8542     2965     0    0        0        0        0        0       
ethernet1/16         8538     8504     0    0        0        0        0        0       

Network-A(active)> show lldp neighbors ae6

Local information:
Index 30
Local interface: ethernet1/15
Local Port ID: 15
Neighbor information:

Chassis type: MAC address
Chassis ID: 8c:36:7a:23:5d:66
Port type: Interface name
Port ID: ethernet1/17
Port description: Link to Network-B
TTL: 115
System name: Network-B(Passive)
System description: Palo Alto Networks PA-3400 series firewall
System capabilities:
Supported: O, P, B, R, 
Enabled: O, R, 

Local information:
Index 31
Local interface: ethernet1/16
Local Port ID: 16
Neighbor information:

Chassis type: MAC address
Chassis ID: 8c:36:7a:23:5d:9e
Port type: Interface name
Port ID: ethernet1/17
Port description: Link to Network-B
TTL: 117
System name: Network-B(Active)
System description: Palo Alto Networks PA-3400 series firewall
System capabilities:
Supported: O, P, B, R, 
Enabled: O, R,

 

Network B(Passive)
LACP:

**********************************************************************************
AE group: ae6
Members:          Bndl Rx state       Mux state  Sel state
  ethernet1/17    no   Current        Attached   Selected
  ethernet1/18    no   Current        Detached   Unselected(Negotiation failed)
Status:           Enabled
Mode:             Active
Rate:             Slow
Max-port:         8
Fast-failover:    Disabled
Pre-negotiation:  Enabled
Local:            System Priority: 32768
                  System MAC:      60:15:2b:7e:6d:01
                  Key:             69
Partner:          System Priority: 32768
                  System MAC:      3c:fa:30:92:6c:01
                  Key:             69
Port State
--------------------------------------------------------------------------------
Interface                 Port                                
              Number Priority  Mode    Rate  Key      State
--------------------------------------------------------------------------------
ethernet1/17   32     32768    Active  Slow  69       0x0D
Partner        30     32768    Active  Slow  69       0x05

ethernet1/18   33     32768    Active  Slow  69       0x05
Partner        30     32768    Active  Slow  69       0x0D

Port Counters
--------------------------------------------------------------------------------
Interface         LACPDUs         Marker      Marker Response       Error        
              Sent     Recv     Sent Recv     Sent     Recv     Unknown  Illegal 
--------------------------------------------------------------------------------
ethernet1/17   2903     2900     0    0        0        0        0        0       
ethernet1/18   2903     2899     0    0        0        0        0        0       

Network-B(passive)> show lldp neighbors ae6

Local information:
Index 32
Local interface: ethernet1/17
Local Port ID: 17
Neighbor information:

Chassis type: MAC address
Chassis ID: 8c:36:7a:25:1f:76
Port type: Interface name
Port ID: ethernet1/15
Port description: Link to Network-A
TTL: 100
System name: Network-A(Active)
System description: Palo Alto Networks PA-3400 series firewall
System capabilities:
Supported: O, P, B, R, 
Enabled: O, R, 

Local information:
Index 33
Local interface: ethernet1/18
Local Port ID: 18
Neighbor information:

Chassis type: MAC address
Chassis ID: 8c:36:7a:25:1f:8a
Port type: Interface name
Port ID: ethernet1/15
Port description: Link to Network-A
TTL: 99
System name: Network-A(Passive)
System description: Palo Alto Networks PA-3400 series firewall
System capabilities:
Supported: O, P, B, R, 
Enabled: O, R,


I'm at a complete loss as to why this one interface suddenly keeps failing negotiation.

0 Likes Likes
0 REPLIES 0
  • 286 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks