Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
0
Replies

FWSM internal portchannel down

Derek Lee
Level 1
Level 1

‎10-05-2016 04:31 PM - edited ‎03-12-2019 01:21 AM

Hello, I have a standby FWSM in a Cat6500 whose backplane etherchannel is in a down state:

switch#sh int port-channel 270 switchport
Name: Po270
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 2,3,200,900
Pruning VLANs Enabled: 2-1001

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

Vlans have been assigned to the FWSM:

switch#sh firewall vlan-group
Display vlan-groups created by both ACE module and FWSM

Group Created by vlans
----- ---------- -----
1 FWSM 2-3,900
2 ACE 12,20,30,40,50,60,100,201-202
3 ACE 200

Firewall module state reports no port channel found:

switch#sh firewall module 1 state
show_firewall_command: no port-channel int for mod 1

The 6 individual ports that make up the port channel appear to be up:

switch#sh int gigabitEthernet 1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

I've tried reassigning the vlans to the FWSM from the 6500 but same outcome:

switch#sh run | inc firewall
firewall multiple-vlan-interfaces
firewall module 1 vlan-group 1,3
firewall vlan-group 1 2,3,900

The primary FWSM in another 6500 is functioning with the same config. I'm able to session into the standby FWSM too, but unable to establish a failover link with the primary because of the down portchannel. Any ideas? Thanks!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card