Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
4
Replies

ASA 5500X Etherchannel With Mixed Copper and Fibre Ports Fail

KatoNakatomi
Level 1
Level 1

‎04-10-2014 05:43 AM - edited ‎03-11-2019 09:03 PM

ASA5500x - 9.1x

Unable to configure an etherchannel using a mixture of the on board UTP and an SFP interface from the ASA-IC-6GE-SFP-A module (which does support etherchannels unlike the SSM-4GE= ). Both are configured to run 1Gbps. Can anyone confirm that you cannot mix the two.

Cisco documentation advices "All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed. ". However it does not elaborate on the definition of "type".

Error shown "WARNING: GigabitEthernet0/0 is not compatible with GigabitEthernet1/2 and will be suspended (speed of GigabitEthernet0/0 is 1000 Mbps, GigabitEthernet1/2 is 1000 Mbps)".

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-10-2014 08:01 AM

An Etherchannel with port members across the base unit and an ASA-IC-6GE-SFP-A expansion is a supported configuration.

You don't perhaps have a nameif on one of the members you are trying to add do you? That will cause the creation to fail.

0 Helpful

KatoNakatomi
Level 1
Level 1
In response to Marvin Rhoads

‎04-11-2014 12:00 AM

There are no nameif configurations on either port, the firewall is new and had no previous configuration. The etherchannel is partially formed but one or the other will is suspended (depends on which on was added second). Have done "clear config interface" on both interfaces and port-channels, still no joy. The downstreams are a pair of Cisco NX5Ks, with a VPC.

interface GigabitEthernet0/0

channel-group 10 mode active

no nameif

no security-level

no ip address

!

interface GigabitEthernet1/2

channel-group 10 mode active

no nameif

no security-level

no ip address

interface Port-channel10

speed 1000

duplex full

nameif INSIDE security-level 100

no ip address

 

Group  Port-channel  Protocol  Span-cluster  Ports
------+-------------+---------+------------+------------------------------------
10     Po10(U)           LACP          No     Gi0/0(s)   Gi1/2(P)

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to KatoNakatomi

‎04-11-2014 05:14 AM

Check your Nexus to make sure the ports your ASA interfaces are connected to are configured properly and that the VPC is healthy and allowing the expected VLAN. If the ASA doesn't see them as going to the "same" downstream device that will cause the failure as well.

"show vpc brief" (on the Nexus) should show it for you.

0 Helpful

quattroSECGmbH
Level 1
Level 1

‎06-21-2017 03:17 AM

Hello Alex,

We have this problem to, what was the solution ??

BR

Ernst

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card