cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
994
Views
0
Helpful
5
Replies
Highlighted
Cisco Employee

Port-channel between an ASA and a switch not coming up

Hey,

 

I am trying to setup ASA clustering.

 

I need to setup port-channels between the ASA and the switch on both the inside and outside of the ASA.

 

The clustering works alright on the ASA. The master and the slave come up perfectly.

But when I add the port-channel configuration on the Master ASA, I get the following logs on the Switch.

 

%EC-5-CANNOT_BUNDLE2: Et0/3 is not compatible with Po10 and will be suspended (trunk mode of Et0/3 is dynamic, Po10 is access)

%EC-5-CANNOT_BUNDLE2: Et1/3 is not compatible with Po20 and will be suspended (trunk mode of Et1/3 is dynamic, Po20 is access)

 

Can you please tell me how do i fix this.

 

Regards

Joyal

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: Port-channel between an ASA and a switch not coming up

Can you clear the config of your interfaces on the switch side and configure first you're interfaces like:
sw mode acc
sw access vlan 10
sw nonegotiate
channel-group 10 mode active

Finish by configuring your po10 as access vlan 10.
Finally no shut your interfaces and PO.

See if it works better.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

5 REPLIES 5
Highlighted
VIP Advisor

Re: Port-channel between an ASA and a switch not coming up

Hi

Can you share your config please because here it says the interface is in trunk mode whereas port-channel is in access mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted
Cisco Employee

Re: Port-channel between an ASA and a switch not coming up

Hey, Following is the config.

 

SW


interface range e 1/1
switchport host
switchport access vlan 10

 

interface range e 0/2 , e 0/3
channel-group 10 mode active
no shut

 

Interface port-channel 10
switchport mode access
switchport access vlan 10


interface range e 1/2
switchport host
switchport access vlan 20

interface range e 1/0, e 1/3
channel-group 20 mode active
no shut

 

Interface port-channel 20
switchport mode access
switchport access vlan 20

 

!cluster link
interface range e 0/0, e 0/1
switchport host
switchport access vlan 100

 

 

ASA- 1

!bootstarp configuration

Interface e 0
no shut

cluster interface-mode spanned force

cluster group CCIESECv5
local-unit PRI
cluster-interface Ethernet0 ip 10.100.100.1 255.255.255.0
priority 1
key cisco123
enable noconfirm


!configuration on the master

Interface e 1
channel-group 10 mode active
no shut

 

Interface e 3
channel-group 20 mode active
no shut

 

Interface Port-channel 10
port-channel span-cluster
nameif Inside
security-level 100
ip address 10.11.11.10 255.255.255.0
no shut

 

Interface Port-channel 20
port-channel span-cluster
nameif Outside
security-level 0
ip address 192.1.20.10
no shut

ASA-2

 

!bootstarp configuration

Interface e 0
no shut

cluster interface-mode spanned force

cluster group CCIESECv5
local-unit SEC
cluster-interface Ethernet0 ip 10.100.100.2 255.255.255.0
priority 10
key cisco123
enable noconfirm

Highlighted
VIP Advisor

Re: Port-channel between an ASA and a switch not coming up

Can you clear the config of your interfaces on the switch side and configure first you're interfaces like:
sw mode acc
sw access vlan 10
sw nonegotiate
channel-group 10 mode active

Finish by configuring your po10 as access vlan 10.
Finally no shut your interfaces and PO.

See if it works better.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Highlighted
Cisco Employee

Re: Port-channel between an ASA and a switch not coming up

switchport nonegotiate actually helped.

Thanks Francesco !
Highlighted
VIP Advisor

Re: Port-channel between an ASA and a switch not coming up

You're welcome!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
CreatePlease to create content
Content for Community-Ad