Showing results for 
Search instead for 
Did you mean: 

Nexus 5020 port channel with itself LACP


Nexus 5020 does not seem to be able to do LACP with itself.  I have servers on two vlans and I want to connect the vlans together through a firewall.

I create port channel on port 10-11 and put it in vlan 10, and create another port channel on 12-13 and put it in vlan 20 and hook them together through a layer2 firewall.  This works on every other switch I have tried it on except for this Nexus.

It will not bring up the port channel. The LACP neighbor/system id is the same obviously on both so maybe it's a 'feature' in the software causing it.

This works on numerous IOS switches I've tried and also other vendors.   I need this to work on the 5020.

Any ideas?


13 Replies 13


Did you enable LACP on the switch.

switch# configure terminal  
switch (config)# feature lacp  

Yes of course, I have the same switch doing LACP to two 6500s and some other devices, but it needs to do LACP to itself, and it keeps the ports in suspended state.  It even shows up on CDP and show lacp neighbor i can see that it sees the other port it just will not bring up the port channel.


Do a show feature and make sure lacp is enabled. If it is what does you configuration look like on the ports. What mode do you have it set to?

Sent from Cisco Technical Support iPad App

Of course it is enabled, it's working on other port channels.


switchport access vlan 10

channel-group 10 mode active


switchport access vlan 10

channel-group 10 mode active



switchport access vlan 20

channel-group 20 mode active


switchport access vlan 20

channel-group 20 mode active

Port 10 is plugged into port 12, port 11 is plugged into port 13.

I plugged them in directly with nothing in between just to rule out the firewall as dropping LACP packets, and it won't come up.

Like I said before, I've done this on numerous other switches which work fine, and this switch is hooked up to other switches using lacp and it works, it will just not bring up the port channel with itself. It's obviously a software bug/issue but I really need it to work.

Ok is vtp active on these vlans? And do the individual ports come up and just not the port channel? Also how did you set spanning tree on the port channel?

Sent from Cisco Technical Support iPad App

VTP is disabled, STP is disabled


   Can't say I have seen a L2 FW .   Anything in the logs to indicate why it won't build the channel, usually there is something in the logs itself explaining why.  Below are nexus channeling rules , seeing that you have them in 2 different vlans that is probably  why its not allowing it to come active.

Compatibility Requirements

When you add an interface to a channel group, Cisco NX-OS checks certain  interface attributes to ensure that the interface is compatible with  the channel group. Cisco NX-OS also checks a number of operational  attributes for an interface before allowing that interface to  participate in the port-channel aggregation.

LACP compatability

The compatibility check includes the following operational attributes:

Port mode

Access VLAN

Trunk native VLAN

Allowed VLAN list


802.3x flow control setting


The Cisco Nexus 5000 Series switch only supports system level MTU. This attribute cannot be changed on an individual port basis.

Broadcast/Unicast/Multicast Storm Control setting


Untagged CoS


I know all of this  

Basically the entire jist of this ticket is the fact that I Can't get the 5020 to do a port channel to itself.

Directly connect any port on the 5020 to another port , both ports in port channels , mode active, in different vlans obviously otherwise there would be a loop, and it won't work.

It works on every other switch I have tried.  I think it's a software bug and would like someone else to try it and maybe help me find a way to make it work.

The logs simply keep bouncing the port channel over and over and over non stop which I assume since it's suspending the unsuspending the port to check it on some timer.

I assume the issue is that it doesn't like seeing the exact same LACP ID for the neighbor, which isn't an issue for IOS, or other switch vendors I've done this with.

Using this code:

kickstart: version 5.1(3)N2(1)

system:    version 5.1(3)N2(1)

Was using an earlier one, same issues.

Hi Paul,

LACP uses the system priority with the MAC address  to form the system ID, so MAC should make it unique.

I done a research but could not find any bug like that.

A few things I suggest to try:

1. In your setup both sides are in active LACP mode, starting negotiation. Try to make one side passive and check if that helps.

2. If step 1 does not help, run "debug lacp error" for more information.

Kind Regards,

Kind Regards,

  Well I guess I'm  saying it's not going to work with a nexus as it indicates it checks the access vlan on both ends to make sure "it's the same"  if not the channel will not be created .   Nexus OS is not IOS  so may behave differently , otherwise I would open a TAC case and see what they say.

debug says port misconfig true

debugging further gives me pages and pages and pages of pretty much useless info

somehow it doesn't like being connected to itself, which i figured was the case, there must be a check to see if the LACP system ID on the other side is the same as the one connecting to it, which IOS doesn't seem to care

till now we have talked around one device(Nexus), could Paul let us know what firewall product he is using to connect to Nexus? may LACP setting/configuration at that device give us some clue?

I removed the devices and connected it directly to itself (as i stated in a previous post). It still does not work.

It does work with  IOS, and it works with other vendors switches.

Nexus is the first one I have seen that doesn't LACP to itself.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers