ASA 5545-x HA pair connects to Juniper EX switch, and the port-channel configurations are the following:

1. Port-channel configuration in ASA 5545-X:

--------Physical interfaces-----------------

interface GigabitEthernet0/2
 speed 1000
 channel-group 1 mode active
 flowcontrol send on
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 speed 1000
 channel-group 1 mode active
 flowcontrol send on
 no nameif
 no security-level
 no ip address
!

----------VLAN interfaces -----------

5545-x/act# sh run int po1
interface Port-channel1
 description OA Servers
 speed 1000
 lacp max-bundle 8
 nameif vlan1
 security-level 50
 ip address 192.168.100.4 255.255.255.0 standby 192.168.100.5
 ospf cost 10

5545-x/act# sh run int po1.5
interface Port-channel1.5
 description Email Servers
 vlan 5
 nameif vlan5
 security-level 50
 ip address 192.168.110.4 255.255.255.0 standby 192.168.110.5
 ospf cost 10

5545-x/act# sh run int po1.160
interface Port-channel1.160
 description Office Servers
 vlan 160
 nameif vlan160
 security-level 50
 ip address 192.168.160.4 255.255.255.0 standby 192.168.160.5

2. Port-channel configuration in Juniper EX:

set interfaces ae69 aggregated-ether-options minimum-links 1
set interfaces ae69 aggregated-ether-options lacp active
set interfaces ae69 unit 0 family ethernet-switching port-mode trunk
set interfaces ae69 unit 0 family ethernet-switching vlan members 5
set interfaces ae69 unit 0 family ethernet-switching vlan members 160
set interfaces ae69 unit 0 family ethernet-switching native-vlan-id 1

set interfaces ge-4/0/46 description Connect-to-ASA5545X-Gi0/2
set interfaces ge-4/0/46 ether-options link-mode full-duplex
set interfaces ge-4/0/46 ether-options speed 1g
set interfaces ge-4/0/46 ether-options 802.3ad ae69
set interfaces ge-4/0/47 description Connect-to-ASA5545X-Gi0/3
set interfaces ge-4/0/47 ether-options link-mode full-duplex
set interfaces ge-4/0/47 ether-options speed 1g
set interfaces ge-4/0/47 ether-options 802.3ad ae69

-------------------------------------------------------------

Today, I turned on the "flowcontrol send on" on the physical interfaces of the ASA 5545-X (Gi0/2 & Gi0/3), but the problem is same, ping packet timeout is still occurring only in VLAN1.

Any advice and recommendation ?

i am not Juniper expert and never used these products.

can you run a capture on vlan 1 and 5. so least we shall find out why the packet are drops

after looking your config. i was thinking if you change your config to these config.

5545-x/act# sh run int po1
interface Port-channel1
 description XXXXXXXXXX
 speed 1000
 lacp max-bundle 8
 no nameif
 no security-level
 no ip address
 ospf cost 10





5545-x/act# sh run int po1.1
interface Port-channel1.1
 description OA Servers
 vlan 1
 nameif vlan1
 security-level 50
 ip address 192.168.100.4 255.255.255.0 standby 192.168.100.5
 ospf cost 10

 

5545-x/act# sh run int po1.5
interface Port-channel1.5
 description Email Servers
 vlan 5
 nameif vlan5
 security-level 50
 ip address 192.168.110.4 255.255.255.0 standby 192.168.110.5
 ospf cost 10

 

5545-x/act# sh run int po1.160
interface Port-channel1.160
 description Office Servers
 vlan 160
 nameif vlan160
 security-level 50
 ip address 192.168.160.4 255.255.255.0 standby 192.168.160.5

 

Hi, Guys,

I created another discussion on this topic:

https://community.cisco.com/t5/switching/packet-loss-in-vlan1/m-p/3762954#M454343

It should something suspected in VLAN1 rather than in device.

Thanks for you guy's previous suggestions