Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17082
Views
5
Helpful
9
Replies

When one of the interface in port-channel become suspended on WS-C2960L-24TS-LL , use ICMP or remote access to this switch will fail.

Go to solution
Genesis Cisco
Level 1
Level 1

‎12-26-2018 11:10 PM - edited ‎03-05-2019 11:08 AM

We have cisco WS-C2960L-24TS-LL (Version:152-6.E) and use two interface config port-channel use LACP mode .
When one of the interface become suspended, we use ICMP or remote access to this switch will fail , but client service and connection still work .
If I shutdown this interface manual , then this issue will be solved , ICMP and remote access will success.

Have anyone knows the reason ?

====Interface suspended log message====
%EC-5-CANNOT_BUNDLE2: Gi0/23 is not compatible with Gi0/24 and will be suspended (speed of Gi0/23 is 100M, Gi0/24 is 1000M)

 

=====Switch configuration see below=====


!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan 220,233
!
!
interface Port-channel1
switchport access vlan 220
switchport mode access
storm-control broadcast level pps 500
storm-control multicast level pps 500
!

interface GigabitEthernet0/23
description H_248.250(Gi1/0/11)
switchport access vlan 220
switchport mode access
storm-control broadcast level pps 500
storm-control multicast level pps 500
channel-group 1 mode active
!
interface GigabitEthernet0/24
description H_248.250(Gi2/0/11)
switchport access vlan 220
switchport mode access
storm-control broadcast level pps 500
storm-control multicast level pps 500
channel-group 1 mode active
!
interface GigabitEthernet0/25
shutdown
!
interface GigabitEthernet0/26
shutdown
!
interface GigabitEthernet0/27
shutdown
!
interface GigabitEthernet0/28
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan220
ip address X.X.X.X 255.255.255.0
no ip route-cache
!
ip default-gateway X.X.X.X
ip http server
ip http secure-server
!
logging host X.X.X.X
access-list 50 permit X.X.X.X 0.0.0.31
!
!
snmp-server community XXX RW 50
snmp-server community XXX RO
no vstack
!
line con 0
password 7 XXXX
login
line vty 0 4
password 7 XXXX
login
line vty 5 15
login
!
ntp server X.X.X.X
end

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Khalil
Spotlight
Spotlight

‎01-02-2019 12:32 AM - edited ‎01-02-2019 04:14 AM

Hello once again Genesis,

I guess first you should issue which protocol of aggregarting you would like to use by issuing:

#channel-protocol lacp, I guess it's missed in your configuration as it should appear per the show run output! 

and then try! if it's anyway not working so, let me consider that the etherchannel is aimed to be between a switch and a working station (with 2 teamed NICs),

such a behavior is related to the load-balance used method. The switch is using an algorithm to balance the transmission of data through its links depending on the method type (src-mac, src-ip, dst-mac, dst-ip, src-dst-mac, src-dst-ip), and as a result of these calculations, the switch is giving a priority to 1 of the links over the other! Also, the teamed NICs has the same function which enabling you to choose the method of load balancing! 

 

I expect that the suspended link is the dominant one, and when it's suspended form the switch side , it's still considered up for the teamed NICs, so it trys to send transmissions through it, but once you shut it down, the teamed NIC will consider it down and at this moment the sencond link is the only choice to transmit the data! 

 

The problem now, is that there is only 1 ip address for your SVI, as well as only 1 ip address of the team NICs, so each time the communication (pinging from from the workstation to the SVI) will take place though the same link! (also the same if we are talking about the MAC addresses)

I suggest to set your load balancing method of your team NICs to be dst-ip  as well as on the switches by typing #port-channel load-balance dst-ip, and then change the IP add of the workstation as well as the switch SVI, so that the logic OR operation of the last 1 rightmost bit of the 2 addresses will be one time 0 (here it will use 1 link) and another time 1 (here will use another link), and in each time try to ping from your workstation during the link suspension! one of them for sure will work even during the suspension which will show that the not suspended link now is the dominant!

 

I know if you are not familiar with what i have mentioned, it will look like confusing issue for you, so I will write now for you IP address directly to try that you will not think about how to choose IPs according to the XOR (logic or) operation:

only because I don't know your IP plan, so let's consider new IP addresses:

First:  consider the switch SVI IP address: 192.168.1.1 (the rightmost bit is 1)

and consider the workstation IP address: 192.168.1.2 (the rightmost bit is 0)

so 1 XOR 0 = 1

now one will be used.

Second: consider the switch SVI IP address: 192.168.1.1 (the rightmost bit is 1)

and consider the workstation IP address: 192.168.1.3 (the rightmost bit is 1)

so 1 XOR 1 = 0

now another link will be used.

 

I will be happy if you try and provide us the updates! 

 

I also recommend to fix the speed and of the link and to configure portfast to the access ports!

 

I hope it's helpful enough to get rating! also please, don't forget to mark my reply as a solution if it helps you to solve your problem! it will be so nice from you!

Bst Rgds,

Andrew Khalil

 

View solution in original post

9 Replies 9

Go to solution
Luis Seyler
Level 1
Level 1

‎12-27-2018 05:59 AM

For what I see you have different speed in the interfaces, Gi 0/23 is 100 and Gi 0/24 is 1000.

 

You don't have it set manually in the config you showed so it's probably on auto mode and the other side is setting the speed, I would try to manually set the speed so the etherchannel can work.

 

You need same speed, same duplex, same vlans and same switchport mode for an etherchannel to form successfully. 

0 Helpful

Go to solution
Genesis Cisco
Level 1
Level 1
In response to Luis Seyler

‎01-01-2019 09:25 PM

Hi Luis

 

Thank you for your reply .

 

I understand the port speed doen't match cause interface suspened , but still have the other one is connect , and all of the traffic should go through this one .
Now the problem is I can't remote connect to switch at this situation , but other client traffic is working . That's strange .

0 Helpful

Go to solution
Andrew Khalil
Spotlight
Spotlight

‎01-01-2019 11:03 PM

Hello Genesis,

Greetings,

Can you please provide us the topology so that we can understand! 

I just don't understand the switch it connected to another switch or directly to host! according to your configuration of the interfaces g0/23 and g0/24 I understood that the switch is connected to hosts, because it is in access mode! isn't it ?

 

Bst Rgds,

Andrew Khalil

0 Helpful

Go to solution
Genesis Cisco
Level 1
Level 1
In response to Andrew Khalil

‎01-02-2019 06:36 PM - edited ‎01-02-2019 06:54 PM

螢幕快照 2019-01-03 10.19.11.png

 

Hi Andrew

 

Topology as top . 

(The interface description at switch config is wrong , this topology is right)

The DS Layer are two switch (stack) use Gi1/0/8 , Gi2/0/8 connect to edge switch .  

0 Helpful

Go to solution
Andrew Khalil
Spotlight
Spotlight

‎01-02-2019 12:32 AM - edited ‎01-02-2019 04:14 AM

Hello once again Genesis,

I guess first you should issue which protocol of aggregarting you would like to use by issuing:

#channel-protocol lacp, I guess it's missed in your configuration as it should appear per the show run output! 

and then try! if it's anyway not working so, let me consider that the etherchannel is aimed to be between a switch and a working station (with 2 teamed NICs),

such a behavior is related to the load-balance used method. The switch is using an algorithm to balance the transmission of data through its links depending on the method type (src-mac, src-ip, dst-mac, dst-ip, src-dst-mac, src-dst-ip), and as a result of these calculations, the switch is giving a priority to 1 of the links over the other! Also, the teamed NICs has the same function which enabling you to choose the method of load balancing! 

 

I expect that the suspended link is the dominant one, and when it's suspended form the switch side , it's still considered up for the teamed NICs, so it trys to send transmissions through it, but once you shut it down, the teamed NIC will consider it down and at this moment the sencond link is the only choice to transmit the data! 

 

The problem now, is that there is only 1 ip address for your SVI, as well as only 1 ip address of the team NICs, so each time the communication (pinging from from the workstation to the SVI) will take place though the same link! (also the same if we are talking about the MAC addresses)

I suggest to set your load balancing method of your team NICs to be dst-ip  as well as on the switches by typing #port-channel load-balance dst-ip, and then change the IP add of the workstation as well as the switch SVI, so that the logic OR operation of the last 1 rightmost bit of the 2 addresses will be one time 0 (here it will use 1 link) and another time 1 (here will use another link), and in each time try to ping from your workstation during the link suspension! one of them for sure will work even during the suspension which will show that the not suspended link now is the dominant!

 

I know if you are not familiar with what i have mentioned, it will look like confusing issue for you, so I will write now for you IP address directly to try that you will not think about how to choose IPs according to the XOR (logic or) operation:

only because I don't know your IP plan, so let's consider new IP addresses:

First:  consider the switch SVI IP address: 192.168.1.1 (the rightmost bit is 1)

and consider the workstation IP address: 192.168.1.2 (the rightmost bit is 0)

so 1 XOR 0 = 1

now one will be used.

Second: consider the switch SVI IP address: 192.168.1.1 (the rightmost bit is 1)

and consider the workstation IP address: 192.168.1.3 (the rightmost bit is 1)

so 1 XOR 1 = 0

now another link will be used.

 

I will be happy if you try and provide us the updates! 

 

I also recommend to fix the speed and of the link and to configure portfast to the access ports!

 

I hope it's helpful enough to get rating! also please, don't forget to mark my reply as a solution if it helps you to solve your problem! it will be so nice from you!

Bst Rgds,

Andrew Khalil

 

Go to solution
Genesis Cisco
Level 1
Level 1
In response to Andrew Khalil

‎01-02-2019 06:52 PM

Hi Andrew

 

Thank you for your help .

 

I will try to change the way for traffic balance algorithm with port-channel , that sounds the root cause is it .

As for interface suspended , I will find some time replace the UTP cable .

 

Thank you very much!!

 

0 Helpful

Go to solution
Andrew Khalil
Spotlight
Spotlight
In response to Genesis Cisco

‎01-02-2019 09:52 PM

Dear Genesis,

Happy to help! 

Just keep us updated when it's done! 

also, if you will need anymore support, it would be a pleasure from my side! 

Bst Rgds,

Andrew Khalil

0 Helpful

Go to solution
Andrew Khalil
Spotlight
Spotlight

‎01-02-2019 02:28 AM

You can find out which interface is used in the EtherChannel to forward traffic based on the load balancing method. The command for this determination is

#test etherchannel load-balance interface port-channel number {ip | mac} [source_ip_add | source_mac_add] [dest_ip_add |dest_mac_add].

this command can be used with 3750 and 3560, but I am not sure that it's working with your 2960! you can try it! 

0 Helpful

Go to solution
umeshpathrwal10
Level 1
Level 1

‎01-02-2019 04:40 PM

For port channel to work , interface type , speed and other configuration should be same .
Check by setting the same config across the port-channel
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card