08-03-2021 07:38 AM
Hi,
I'm getting an error when applying macsec policy to an interface, I understand what the error message is saying (can't use 1G or less on a port or port group), what I don't get is that none of the other ports in that MAC id group have SFPs, none of them are in use.
I'm trying to use port e1/43 with a 10Gbase-LR sfp, e1/41,42 and 44 with the same MAC id are currently unused.
Error message: "Macsec cannot be enabled on a port group with member ports speed set as <= 1G. Use 'show interface hardware-mappings' to check if the ports are part of same port group (MacId)"
I added "speed 10000" on all 4 ports in the MAC id group but it didn't resolve the issue.
I moved the sfp to e1/19 which is free (for now), macsec was applied successfully to the interface and is running as expected.
The switch is not in production at present but will need to be setup as per design shortly and e1/19 will be required elsewhere, so I would like to understand what the issue is.
e1/17,18 and 20 are all empty same as e1/41,42 and 44.
Hardware:
cisco Nexus9000 C93180YC-FX Chassis
Cisco 10Gbase-LR
Software:
BIOS: version 05.42
NXOS: version 9.3(5)
Thanks.
08-03-2021 09:49 AM
Is there any Port set to 100M?
If so change it to SPEED >=1G
08-03-2021 11:28 AM
Hi
I added "speed 10000" command to all 4 ports in that group, unfortunately it didn't help.
08-03-2021 11:46 AM
08-04-2021 12:44 AM
Thank you, I'll see if OS update is allowed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide