cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
5394
Views
10
Helpful
7
Replies

A little help with DTP

Zakarakus
Level 1
Level 1

Hi All,

 

DTP has flagged up as a vulnerability in our network but the ports are bundled in etherchannel. I apply switchport nonegotiate to the Port Channel and the command is accepted. However, when I try to apply it to the interfaces, it breaks the link. These errors are a little too advanced for me. 

 

WS-C4507R
12.2(54)SG

 

(config-if)#switchport nonegotiate
(config-if)#int g7/47
(config-if)#switchport nonegotiate
(config-if)#int g7/48
[2:16 PM]
Jun 29 14:00:11.571 BST: %EC-5-CANNOT_BUNDLE2: Gi7/47 is not compatible with Gi7/48 and will be suspended (trunk mode of Gi7/47 is trunk, Gi7/48 is dynamic)
Jun 29 14:00:11.707 BST: %EC-5-UNBUNDLE: Interface Gi7/48 left the port-channel Po2
Jun 29 14:00:11.707 BST: %EC-5-COMPATIBLE: Gi7/47 is compatible with port-channel members
Jun 29 14:00:11.711 BST: %EC-5-CANNOT_BUNDLE2: Gi7/48 is not compatible with Gi7/47 and will be suspended (dtp nonegotiate of Gi7/48 is 0, Gi7/47 id 1)

1 Accepted Solution

Accepted Solutions

Hello ,

Cisco Community has disabled notifications up to July 5th.

 

As suggested by @Jon Marshall  if you want to add the switchport nonegotiate to the member links use an interface range it is the best way..

 

I don't think that switchport nonegotiate is effective on logical interface port-channel it can accept it, but probably it does not apply to member links ( not sure 100%)

 

The log messages that appear in the initial post of the thread just mean that you had configured gi7/47 and before configuring gi7/48 the switch detected the config mismatch  and removed gi7/48 from the bundle.

Adding the command to gi7/48 would have fixed the problem. However the interface range is the right tool to use in these cases.

 

Hope to help

Giuseppe

View solution in original post

7 Replies 7

marce1000
Hall of Fame
Hall of Fame

 

      - If your intention is to have a trunking port-channel, you may not need switchport nonegotiate 'anywhere'

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Jun 29 14:00:11.571 BST: %EC-5-CANNOT_BUNDLE2: Gi7/47 is not compatible with Gi7/48 and will be suspended (trunk mode of Gi7/47 is trunk, Gi7/48 is dynamic)

It appears that each port is configured differently. Can you post the output of

sh run int gi7/47

sh run int gi7/48

sh run int po2

HTH

Hi All,

 

Sorry, I told cisco to email me when there was a response but they never did! 

 

Here is the output on those interfaces: 

 

sh run int gi7/47
Building configuration...

Current configuration : 302 bytes
!
interface GigabitEthernet7/47
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
no qos
auto qos voip trust
no cdp enable
channel-protocol lacp
channel-group 2 mode active
service-policy output autoqos-voip-policy
end

 

sh run int gi7/48
Building configuration...

Current configuration : 302 bytes
!
interface GigabitEthernet7/48
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
no qos
auto qos voip trust
no cdp enable
channel-protocol lacp
channel-group 2 mode active
service-policy output autoqos-voip-policy
end

 

#sh run int po2
Building configuration...

Current configuration : 231 bytes
!
interface Port-channel2
description **
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
switchport nonegotiate
end

Hello ,

Cisco Community has disabled notifications up to July 5th.

 

As suggested by @Jon Marshall  if you want to add the switchport nonegotiate to the member links use an interface range it is the best way..

 

I don't think that switchport nonegotiate is effective on logical interface port-channel it can accept it, but probably it does not apply to member links ( not sure 100%)

 

The log messages that appear in the initial post of the thread just mean that you had configured gi7/47 and before configuring gi7/48 the switch detected the config mismatch  and removed gi7/48 from the bundle.

Adding the command to gi7/48 would have fixed the problem. However the interface range is the right tool to use in these cases.

 

Hope to help

Giuseppe

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @Zakarakus ,

 

>> Jun 29 14:00:11.711 BST: %EC-5-CANNOT_BUNDLE2: Gi7/48 is not compatible with Gi7/47 and will be suspended (dtp nonegotiate of Gi7/48 is 0, Gi7/47 id 1)

 

you need

conf t

int gi7/48

switchport nonegotiate

 

You have a mismatch in config between Gi7/47 and Gi7/48 that can be solved by applying the command on both.

The log messages with term mon enabled are so fast that appear as soon as the mismatch is detected before you have configured gi7/48 in the same way as gi7/47.

 

Hope to help

Giuseppe

 

 

Jon Marshall
Hall of Fame
Hall of Fame

 

Just to add to Giuseppe's post. 

 

When configuring ports in an etherchannel you should use the interface range command and do them together rather than one at a time so you don't get these issues. 

 

Jon

 

Hello

when creating L2 PC you do so:

1) default the physical interfaces and shut them down 

default interface range x/x -x

interface range x/x-x

shut

channel-group x mode x

 

2) the PC will then be automatically created then you append the PC channel configuration which will propergate to the physical interface within the PC

 

interface port x

switchport

switchport mode access ( disables dtp)

switchport access vlan x

or

switchport mode trunk

switchport nonnegotiate (no dtp sent on trunk)

no shut


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul