Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3672
Views
12
Helpful
5
Replies

When should LACP in Passive mode cause ports to become suspended?

Go to solution
pwtn
Level 1
Level 1

‎06-23-2022 06:11 AM - edited ‎06-23-2022 06:12 AM

 

Device

C9300-48U

IOS-XE 17.3.5

 

Port Configuration

interface TenGigabitEthernet1/1/1
switchport mode trunk
ip arp inspection trust
channel-group 1 mode passive
ip dhcp snooping trust
!
interface TenGigabitEthernet3/1/1
switchport mode trunk
ip arp inspection trust
channel-group 1 mode passive
ip dhcp snooping trust
!
interface Port-channel1
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust

 

Problem

The remote switch ports are not configured with LACP or PagP, they are just standalone trunk ports, but the passive mode ports on the switch will transition into a suspended state and the switch loses network connectivity:

 

%ETC-5-L3DONTBNDL2: Te3/1/1 suspended: LACP currently not enabled on the remote port.
%ETC-5-L3DONTBNDL2: Te1/1/1 suspended: LACP currently not enabled on the remote port.

 

From the configuration guide, it appears to be written that passive mode does not attempt to engage in LACP negotiations unless it detects incoming LACP messages from its neighbor. I had interpreted this to mean that the ports would simply remain unbundled (Standalone) if no LACP neighbor was detected.

 

LACP Modes

LACP modes specify whether a port can send LACP packets or only receive LACP packets.

Table 2. EtherChannel LACP ModesModeDescription

active

Places a port into an active negotiating state in which the port starts negotiations with other ports by sending LACP packets.

passive

Places a port into a passive negotiating state in which the port responds to LACP packets that it receives, but does not start LACP packet negotiation. This setting minimizes the transmission of LACP packets.

 

However, there is also a reference in the guide to a change in default behaviour, unfortunately it has a bug ID that I am not permitted to view:

 

The independent mode behavior of ports in a port channel is changed. With CSCtn96950, by default, standalone mode is enabled. When no response is received from an LACP peer, ports in the port channel are moved to suspended state.

 

The wording of this is a little unclear.

 

Does this mean that LACP passive mode ports will become disabled (suspended) unless the neighbor device is explicitly configured with LACP active mode?

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
pwtn
Level 1
Level 1

‎06-23-2022 10:17 AM

I may have answered my own question.

 

After much testing I was able to confirm that passive or active mode ports will become suspended with line protocol going down, in a scenario where the remote ports have no LACP configuration, and do not send any negotiation messages. The log messages and show etherchannel summary output will look something like this:

 

000291: Jun 23 15:44:39.792: %ETC-5-L3DONTBNDL2: Te1/1/1 suspended: LACP currently not enabled on the remote port.
000292: Jun 23 15:44:39.993: %ETC-5-L3DONTBNDL2: Te3/1/1 suspended: LACP currently not enabled on the remote port.


Group   Port-channel   Protocol   Ports
------+-------------+-----------+-----------------------------------------------
1       Po1(SD)        LACP       Te1/1/1(s) Te3/1/1(s)

 

 A thorugh examination of the configuration guide reveals a section missing from the main content headings at the top of the document:

 

Configuring LACP Port-Channel Standalone Disable

To disable the standalone EtherChannel member port state on a port channel, perform this task on the port channel interface:

Procedure
  Command or Action Purpose
Step 1

enable

Example:
Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:
Device# configure terminal

Enters global configuration mode.

Step 3

interface port-channel channel-group

Example:
Device(config)# interface port-channel channel-group

Selects a port channel interface to configure.

Step 4

port-channel standalone-disable

Example:
Device(config-if)# port-channel standalone-disable

Disables the standalone mode on the port-channel interface.

Step 5

end

Example:
Device(config-if)# end

Exits configuraiton mode

 

The the port-channel interface will also accept  the no port-channel standalone-disable command, which effectively enables LACP ports to fallback to standalone (I) mode in the event that no LACP negotiation messages are recieved from the connected device.

 

I've found this default behaviour (suspend) can be quite disastorous for cisco DNA PnP provisioning. If the upstream (remote) ports have not been properly configured for LACP, the switch provision can fail and the switch being onboarded can be disconnected from the network, requiring manual intervention.

 

The following configuration seems to have resolved any potential issues by enabling the ports to enter standalone (I) mode insted of becoming suspended (s).

 

interface Port-channel1
 no port-channel standalone-disable
 switchport mode trunk
 ip arp inspection trust
 ip dhcp snooping trust
 

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

‎06-23-2022 06:17 AM

You want to config the Member port in PO and config PO with passive mode, and you looking for 
if the LACP is OK then the member Port is bundle if not then it will work as standalone ?
No this is not how it work I think, 
when you config the member port it either bundle to suspend.

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎06-23-2022 06:46 AM - edited ‎06-23-2022 06:46 AM

Hello,

 

Yes. If its passive its still bundled 'waiting' on a LACP message from the other side configured as active and will not act like a normal port. Its the same as if you configure a lot of interfaces in the bundle (max is 8 I think). If you configure 10 ports to be in the bundle then 8 will be active while the other 2 sit waiting for a port to fail and then it will become active. The ports waiting wont forward traffic like normal ports.

 

Hope that helps

 

-David

0 Helpful

Go to solution
pwtn
Level 1
Level 1

‎06-23-2022 10:17 AM

I may have answered my own question.

 

After much testing I was able to confirm that passive or active mode ports will become suspended with line protocol going down, in a scenario where the remote ports have no LACP configuration, and do not send any negotiation messages. The log messages and show etherchannel summary output will look something like this:

 

000291: Jun 23 15:44:39.792: %ETC-5-L3DONTBNDL2: Te1/1/1 suspended: LACP currently not enabled on the remote port.
000292: Jun 23 15:44:39.993: %ETC-5-L3DONTBNDL2: Te3/1/1 suspended: LACP currently not enabled on the remote port.


Group   Port-channel   Protocol   Ports
------+-------------+-----------+-----------------------------------------------
1       Po1(SD)        LACP       Te1/1/1(s) Te3/1/1(s)

 

 A thorugh examination of the configuration guide reveals a section missing from the main content headings at the top of the document:

 

Configuring LACP Port-Channel Standalone Disable

To disable the standalone EtherChannel member port state on a port channel, perform this task on the port channel interface:

Procedure
  Command or Action Purpose
Step 1

enable

Example:
Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:
Device# configure terminal

Enters global configuration mode.

Step 3

interface port-channel channel-group

Example:
Device(config)# interface port-channel channel-group

Selects a port channel interface to configure.

Step 4

port-channel standalone-disable

Example:
Device(config-if)# port-channel standalone-disable

Disables the standalone mode on the port-channel interface.

Step 5

end

Example:
Device(config-if)# end

Exits configuraiton mode

 

The the port-channel interface will also accept  the no port-channel standalone-disable command, which effectively enables LACP ports to fallback to standalone (I) mode in the event that no LACP negotiation messages are recieved from the connected device.

 

I've found this default behaviour (suspend) can be quite disastorous for cisco DNA PnP provisioning. If the upstream (remote) ports have not been properly configured for LACP, the switch provision can fail and the switch being onboarded can be disconnected from the network, requiring manual intervention.

 

The following configuration seems to have resolved any potential issues by enabling the ports to enter standalone (I) mode insted of becoming suspended (s).

 

interface Port-channel1
 no port-channel standalone-disable
 switchport mode trunk
 ip arp inspection trust
 ip dhcp snooping trust
 

Go to solution
MHM Cisco World
VIP
VIP
In response to pwtn

‎06-23-2022 10:49 AM

many many thanks for sharing this info.
very helpful

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-23-2022 11:00 AM

since here we exchange the Info. I want to clear this point 


I read about this feature and found this statement 

"""This feature is particularly relevant when a port (A) in a Layer 2 LACP EtherChannel is connected to an unresponsive port (B) on the peer. When LACP standalone is disabled on the EtherChannel, all traffic arriving on A is blocked (the default behavior on a switch). In some scenarios, you might want to allow management traffic on such ports. You can do this by enabling LACP standalone (or independent) mode."""

 

so this feature will add to allow management traffic.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card