Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
1
Helpful
9
Replies

LACP Etherchannel Between Cisco 6807 and Fortigate firewall not workin

dbuckley77
Level 1
Level 1

‎08-09-2024 05:14 AM - edited ‎08-09-2024 05:15 AM

We have a Cisco 6807-XL that has four 1gb fiber connections to a Fortigate firewall that is not coming up.  Both the physical interfaces and the aggregate interface are showing as up on the Fortigate but the Cisco side is showing the etherchannel and physical ports as not connected.  It's a pretty basic LACP config on the Cisco side that I have done with other Cisco switches and Palo Alto firewalls and never had an issue with before.  Are there any commands on the Cisco side I can use to troubleshoot?  Below is the po interface config and one of the physical interfaces.  I have tried active/active and active/passive on the LACP setting but neither has brought it up.


interface Port-channel30
description xxxx
switchport
switchport mode trunk
switchport trunk allowed vlan 250,800,805,811,820,830

interface GigabitEthernet1/2/17
description xxxxxx
switchport
switchport mode trunk
switchport trunk allowed vlan 250,800,805,811,820,830
channel-group 30 mode active

 

Labels:
0 Helpful
9 Replies 9

MHM Cisco World
VIP
VIP

‎08-09-2024 05:26 AM

Show lacp neighbor 

Share this from SW

MHM

0 Helpful

acampbell
VIP Alumni
VIP Alumni

‎08-09-2024 05:29 AM

Hi,

 

On the 6800 can you try adding

 

interface GigabitEthernet1/2/17

switchport
switchport mode trunk
switchport trunk allowed vlan 250,800,805,811,820,830

channel-protocol lacp
channel-group 30 mode active

 

 

 

Regards, Alex. Please rate useful posts.
0 Helpful

marce1000
VIP
VIP

‎08-09-2024 05:48 AM

 

                         >....channel-group 30 mode  active
  - Could you try a : channel-group 30 mode  on  instead.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

dbuckley77
Level 1
Level 1
In response to marce1000

‎08-09-2024 06:17 AM

What is the difference between active and on for the channel group mode?  I have always done either active/active or active passive and it has always worked.

 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to dbuckley77

‎08-09-2024 06:45 AM

With mode "On," there is no protocol or negotiation. Think of mode "On" as static routes. Anyway, LACP is standard across vendors and should work, if not, try "On" on both sides and test.

Question: Are you connecting one firewall to one switch, or are the 6700s VSS and you have 2 firewalls?

HTH

0 Helpful

dbuckley77
Level 1
Level 1

‎08-09-2024 07:31 AM - edited ‎08-09-2024 07:32 AM

I tried using a Cisco 2960X instead of the 6807 but used the exact same lacp config on the ports.  The ports on the Cisco came up this time but showed as i instead of p when I did a sh etherchannel summary and when I did a sh lacp 20 neighbor it gave me flags of sp even though the ports are set to active.

0 Helpful

MHM Cisco World
VIP
VIP
In response to dbuckley77

‎08-09-2024 07:36 AM

check if the 6807 use fast lacp or not 

MHM

0 Helpful

dbuckley77
Level 1
Level 1
In response to MHM Cisco World

‎08-09-2024 07:45 AM - edited ‎08-09-2024 07:48 AM

how do i check to see if it uses fast lacp

we have about 20 other lacp etherchannels on the 6807 that are up and when i do a sh lacp internal i see some of them have the fast tag (f) and some have the slow tag (s)

0 Helpful

MHM Cisco World
VIP
VIP
In response to dbuckley77

‎08-09-2024 07:53 AM

show lacp internal 
show lacp neighbor 

share both if you can 

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card