06-14-2012 12:12 PM - edited 03-07-2019 07:15 AM
Nexus 5020 does not seem to be able to do LACP with itself. I have servers on two vlans and I want to connect the vlans together through a firewall.
I create port channel on port 10-11 and put it in vlan 10, and create another port channel on 12-13 and put it in vlan 20 and hook them together through a layer2 firewall. This works on every other switch I have tried it on except for this Nexus.
It will not bring up the port channel. The LACP neighbor/system id is the same obviously on both so maybe it's a 'feature' in the software causing it.
This works on numerous IOS switches I've tried and also other vendors. I need this to work on the 5020.
Any ideas?
Thanks
06-14-2012 12:54 PM
Did you enable LACP on the switch.
switch# configure terminal switch (config)# feature lacp
06-14-2012 01:04 PM
Yes of course, I have the same switch doing LACP to two 6500s and some other devices, but it needs to do LACP to itself, and it keeps the ports in suspended state. It even shows up on CDP and show lacp neighbor i can see that it sees the other port it just will not bring up the port channel.
06-14-2012 01:05 PM
Do a show feature and make sure lacp is enabled. If it is what does you configuration look like on the ports. What mode do you have it set to?
Sent from Cisco Technical Support iPad App
06-14-2012 01:12 PM
Of course it is enabled, it's working on other port channels.
eth1/10
switchport access vlan 10
channel-group 10 mode active
eth1/11
switchport access vlan 10
channel-group 10 mode active
#
eth1/12
switchport access vlan 20
channel-group 20 mode active
eth1/13
switchport access vlan 20
channel-group 20 mode active
Port 10 is plugged into port 12, port 11 is plugged into port 13.
I plugged them in directly with nothing in between just to rule out the firewall as dropping LACP packets, and it won't come up.
Like I said before, I've done this on numerous other switches which work fine, and this switch is hooked up to other switches using lacp and it works, it will just not bring up the port channel with itself. It's obviously a software bug/issue but I really need it to work.
06-14-2012 01:29 PM
Ok is vtp active on these vlans? And do the individual ports come up and just not the port channel? Also how did you set spanning tree on the port channel?
Sent from Cisco Technical Support iPad App
06-14-2012 01:38 PM
VTP is disabled, STP is disabled
06-14-2012 05:35 PM
Can't say I have seen a L2 FW . Anything in the logs to indicate why it won't build the channel, usually there is something in the logs itself explaining why. Below are nexus channeling rules , seeing that you have them in 2 different vlans that is probably why its not allowing it to come active.
When you add an interface to a channel group, Cisco NX-OS checks certain interface attributes to ensure that the interface is compatible with the channel group. Cisco NX-OS also checks a number of operational attributes for an interface before allowing that interface to participate in the port-channel aggregation.
LACP compatability
The compatibility check includes the following operational attributes:
•Port mode
•Access VLAN
•Trunk native VLAN
•Allowed VLAN list
•Speed
•802.3x flow control setting
•MTU
The Cisco Nexus 5000 Series switch only supports system level MTU. This attribute cannot be changed on an individual port basis.
•Broadcast/Unicast/Multicast Storm Control setting
•Priority-Flow-Control
•Untagged CoS
ACP
06-14-2012 10:14 PM
I know all of this
Basically the entire jist of this ticket is the fact that I Can't get the 5020 to do a port channel to itself.
Directly connect any port on the 5020 to another port , both ports in port channels , mode active, in different vlans obviously otherwise there would be a loop, and it won't work.
It works on every other switch I have tried. I think it's a software bug and would like someone else to try it and maybe help me find a way to make it work.
The logs simply keep bouncing the port channel over and over and over non stop which I assume since it's suspending the unsuspending the port to check it on some timer.
I assume the issue is that it doesn't like seeing the exact same LACP ID for the neighbor, which isn't an issue for IOS, or other switch vendors I've done this with.
Using this code:
kickstart: version 5.1(3)N2(1)
system: version 5.1(3)N2(1)
Was using an earlier one, same issues.
06-14-2012 11:29 PM
Hi Paul,
LACP uses the system priority with the MAC address to form the system ID, so MAC should make it unique.
I done a research but could not find any bug like that.
A few things I suggest to try:
1. In your setup both sides are in active LACP mode, starting negotiation. Try to make one side passive and check if that helps.
2. If step 1 does not help, run "debug lacp error" for more information.
Kind Regards,
Ivan
06-15-2012 08:12 AM
Well I guess I'm saying it's not going to work with a nexus as it indicates it checks the access vlan on both ends to make sure "it's the same" if not the channel will not be created . Nexus OS is not IOS so may behave differently , otherwise I would open a TAC case and see what they say.
06-15-2012 05:52 PM
debug says port misconfig true
debugging further gives me pages and pages and pages of pretty much useless info
somehow it doesn't like being connected to itself, which i figured was the case, there must be a check to see if the LACP system ID on the other side is the same as the one connecting to it, which IOS doesn't seem to care
06-30-2012 08:43 PM
till now we have talked around one device(Nexus), could Paul let us know what firewall product he is using to connect to Nexus? may LACP setting/configuration at that device give us some clue?
07-06-2012 09:37 AM
I removed the devices and connected it directly to itself (as i stated in a previous post). It still does not work.
It does work with IOS, and it works with other vendors switches.
Nexus is the first one I have seen that doesn't LACP to itself.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide