This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
oliver_gao36
Participant
‎2020-08-31 03:07 AM

Cisco port channel member is suspended

Jump to solution

Hi all,

Here we have a CP6200p NGFW, i set a bond group to connect with Cisco switch, below is the configurations on both Checkpoint & Cisco side.

Cisco:

interface Port-channel2
switchport access vlan 254
switchport mode access

interface TenGigabitEthernet1/0/11
switchport access vlan 254
switchport mode access
channel-protocol lacp
channel-group 2 mode active

interface TenGigabitEthernet2/0/11
switchport access vlan 254
switchport mode access
channel-protocol lacp
channel-group 2 mode active

 

Checkpoint:

 

CP_1.pngCP_2.pngCP_3.png

 

My question is: after setting, i found there is only one link member is active, is it normal? or are there anything that i setup wrong? please advise, thanks a lot.

CP_4.png

 

 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2020-08-31 06:47 AM

Jump to solution

Once a port goes into a suspended state due to a configuration mismatch, I don't believe it will try to recover on its own (kind of like errdisable).  It is possible a mismatch was detected when you were still setting things up, try a shut/no shut on Te1/0/11 and see what happens.  If it goes right back to a suspended state, do a show log which should have an error message showing the suspension reason.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
5 Replies
mk1
Collaborator
‎2020-08-31 04:04 AM

Jump to solution

Hello Oliver,

Is there any particular reason to leave "Transmit Hash Policy" to Layer 2 instead of Layer 3+4? Could you also send the result from command: cat /proc/net/bonding/bond10

0 Kudos
oliver_gao36
Participant
‎2020-08-31 06:25 PM
In response to mk1

Jump to solution

Hi Nickel,

Actually no other particular reason, i just use the default settings in Advanced Option.

0 Kudos
oliver_gao36
Participant
‎2020-08-31 06:28 PM
In response to mk1

Jump to solution

Hi Nickel,

Thank you for your reply first.

In fact, we don't have any particular reason to set that, the screenshot above(Bond group advanced option) is the default settings when i configuring ether-channel on CP side.

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-08-31 06:47 AM

Jump to solution

Once a port goes into a suspended state due to a configuration mismatch, I don't believe it will try to recover on its own (kind of like errdisable).  It is possible a mismatch was detected when you were still setting things up, try a shut/no shut on Te1/0/11 and see what happens.  If it goes right back to a suspended state, do a show log which should have an error message showing the suspension reason.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
oliver_gao36
Participant
‎2020-08-31 06:31 PM
In response to Timothy_Hall

Jump to solution

Thank you very much Timothy_Hall, i tried your suggestion, and then the portchannel came back normally.

0 Kudos