- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 08:33 AM
Hi All,
DTP has flagged up as a vulnerability in our network but the ports are bundled in etherchannel. I apply switchport nonegotiate to the Port Channel and the command is accepted. However, when I try to apply it to the interfaces, it breaks the link. These errors are a little too advanced for me.
WS-C4507R | 12.2(54)SG |
(config-if)#switchport nonegotiate
(config-if)#int g7/47
(config-if)#switchport nonegotiate
(config-if)#int g7/48
[2:16 PM]
Jun 29 14:00:11.571 BST: %EC-5-CANNOT_BUNDLE2: Gi7/47 is not compatible with Gi7/48 and will be suspended (trunk mode of Gi7/47 is trunk, Gi7/48 is dynamic)
Jun 29 14:00:11.707 BST: %EC-5-UNBUNDLE: Interface Gi7/48 left the port-channel Po2
Jun 29 14:00:11.707 BST: %EC-5-COMPATIBLE: Gi7/47 is compatible with port-channel members
Jun 29 14:00:11.711 BST: %EC-5-CANNOT_BUNDLE2: Gi7/48 is not compatible with Gi7/47 and will be suspended (dtp nonegotiate of Gi7/48 is 0, Gi7/47 id 1)
Solved! Go to Solution.
- Labels:
-
Other Switches
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2021 03:31 AM - edited 07-02-2021 03:32 AM
Hello ,
Cisco Community has disabled notifications up to July 5th.
As suggested by @Jon Marshall if you want to add the switchport nonegotiate to the member links use an interface range it is the best way..
I don't think that switchport nonegotiate is effective on logical interface port-channel it can accept it, but probably it does not apply to member links ( not sure 100%)
The log messages that appear in the initial post of the thread just mean that you had configured gi7/47 and before configuring gi7/48 the switch detected the config mismatch and removed gi7/48 from the bundle.
Adding the command to gi7/48 would have fixed the problem. However the interface range is the right tool to use in these cases.
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 08:41 AM
- If your intention is to have a trunking port-channel, you may not need switchport nonegotiate 'anywhere'
M.
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 08:49 AM
Hi,
Jun 29 14:00:11.571 BST: %EC-5-CANNOT_BUNDLE2: Gi7/47 is not compatible with Gi7/48 and will be suspended (trunk mode of Gi7/47 is trunk, Gi7/48 is dynamic)
It appears that each port is configured differently. Can you post the output of
sh run int gi7/47
sh run int gi7/48
sh run int po2
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2021 03:10 AM
Hi All,
Sorry, I told cisco to email me when there was a response but they never did!
Here is the output on those interfaces:
sh run int gi7/47
Building configuration...
Current configuration : 302 bytes
!
interface GigabitEthernet7/47
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
no qos
auto qos voip trust
no cdp enable
channel-protocol lacp
channel-group 2 mode active
service-policy output autoqos-voip-policy
end
sh run int gi7/48
Building configuration...
Current configuration : 302 bytes
!
interface GigabitEthernet7/48
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
no qos
auto qos voip trust
no cdp enable
channel-protocol lacp
channel-group 2 mode active
service-policy output autoqos-voip-policy
end
#sh run int po2
Building configuration...
Current configuration : 231 bytes
!
interface Port-channel2
description **
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 202,800,1000,1050,1060,1065,1099
switchport mode trunk
switchport nonegotiate
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2021 03:31 AM - edited 07-02-2021 03:32 AM
Hello ,
Cisco Community has disabled notifications up to July 5th.
As suggested by @Jon Marshall if you want to add the switchport nonegotiate to the member links use an interface range it is the best way..
I don't think that switchport nonegotiate is effective on logical interface port-channel it can accept it, but probably it does not apply to member links ( not sure 100%)
The log messages that appear in the initial post of the thread just mean that you had configured gi7/47 and before configuring gi7/48 the switch detected the config mismatch and removed gi7/48 from the bundle.
Adding the command to gi7/48 would have fixed the problem. However the interface range is the right tool to use in these cases.
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 08:59 AM
Hello @Zakarakus ,
>> Jun 29 14:00:11.711 BST: %EC-5-CANNOT_BUNDLE2: Gi7/48 is not compatible with Gi7/47 and will be suspended (dtp nonegotiate of Gi7/48 is 0, Gi7/47 id 1)
you need
conf t
int gi7/48
switchport nonegotiate
You have a mismatch in config between Gi7/47 and Gi7/48 that can be solved by applying the command on both.
The log messages with term mon enabled are so fast that appear as soon as the mismatch is detected before you have configured gi7/48 in the same way as gi7/47.
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 09:23 AM
Just to add to Giuseppe's post.
When configuring ports in an etherchannel you should use the interface range command and do them together rather than one at a time so you don't get these issues.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2021 01:11 PM - edited 07-02-2021 12:42 AM
Hello
when creating L2 PC you do so:
1) default the physical interfaces and shut them down
default interface range x/x -x
interface range x/x-x
shut
channel-group x mode x
2) the PC will then be automatically created then you append the PC channel configuration which will propergate to the physical interface within the PC
interface port x
switchport
switchport mode access ( disables dtp)
switchport access vlan x
or
switchport mode trunk
switchport nonnegotiate (no dtp sent on trunk)
no shut
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
