Solved: Re: Port-channel between an ASA and a switch not coming up

jmendonc · ‎01-24-2019

Hey,

I am trying to setup ASA clustering.

I need to setup port-channels between the ASA and the switch on both the inside and outside of the ASA.

The clustering works alright on the ASA. The master and the slave come up perfectly.

But when I add the port-channel configuration on the Master ASA, I get the following logs on the Switch.

%EC-5-CANNOT_BUNDLE2: Et0/3 is not compatible with Po10 and will be suspended (trunk mode of Et0/3 is dynamic, Po10 is access)

%EC-5-CANNOT_BUNDLE2: Et1/3 is not compatible with Po20 and will be suspended (trunk mode of Et1/3 is dynamic, Po20 is access)

Can you please tell me how do i fix this.

Regards

Joyal

Francesco Molino · ‎01-24-2019

Can you clear the config of your interfaces on the switch side and configure first you're interfaces like:
sw mode acc
sw access vlan 10
sw nonegotiate
channel-group 10 mode active

Finish by configuring your po10 as access vlan 10.
Finally no shut your interfaces and PO.

See if it works better.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎01-24-2019

Hi

Can you share your config please because here it says the interface is in trunk mode whereas port-channel is in access mode.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

jmendonc · ‎01-24-2019

Hey, Following is the config.

SW

interface range e 1/1
switchport host
switchport access vlan 10

interface range e 0/2 , e 0/3
channel-group 10 mode active
no shut

Interface port-channel 10
switchport mode access
switchport access vlan 10

interface range e 1/2
switchport host
switchport access vlan 20

interface range e 1/0, e 1/3
channel-group 20 mode active
no shut

Interface port-channel 20
switchport mode access
switchport access vlan 20

!cluster link
interface range e 0/0, e 0/1
switchport host
switchport access vlan 100

ASA- 1

!bootstarp configuration

Interface e 0
no shut

cluster interface-mode spanned force

cluster group CCIESECv5
local-unit PRI
cluster-interface Ethernet0 ip 10.100.100.1 255.255.255.0
priority 1
key cisco123
enable noconfirm

!configuration on the master

Interface e 1
channel-group 10 mode active
no shut

Interface e 3
channel-group 20 mode active
no shut

Interface Port-channel 10
port-channel span-cluster
nameif Inside
security-level 100
ip address 10.11.11.10 255.255.255.0
no shut

Interface Port-channel 20
port-channel span-cluster
nameif Outside
security-level 0
ip address 192.1.20.10
no shut

ASA-2

!bootstarp configuration

Interface e 0
no shut

cluster interface-mode spanned force

cluster group CCIESECv5
local-unit SEC
cluster-interface Ethernet0 ip 10.100.100.2 255.255.255.0
priority 10
key cisco123
enable noconfirm

Francesco Molino · ‎01-24-2019

Can you clear the config of your interfaces on the switch side and configure first you're interfaces like:
sw mode acc
sw access vlan 10
sw nonegotiate
channel-group 10 mode active

Finish by configuring your po10 as access vlan 10.
Finally no shut your interfaces and PO.

See if it works better.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

jmendonc · ‎01-25-2019

switchport nonegotiate actually helped.

Thanks Francesco !

Francesco Molino · ‎01-26-2019

You're welcome!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question