Connectivity down between a 9100 gateway and a cis...

Josh28

Hello,

I’m facing an issue with a new 9100 cluster, trying to connect it to an old 4500 (specificaly a WS-X4306-GB card) but all ports remain in the state « down (notconnect) » (4 ports in total, on both member of the cluster so I’m rejecting a connection issue). Below some outputs :

Firewall2> show asset network

Number of line cards: 1

Line card 1 model: CPAC-8-1/10F-D

Line card 1 type: 8 ports 1/10GbE Fiber Rev 1.0

Firewall2> show interface eth1-02

state on

mac-addr xx:xx:xx:xx:xx:xx

type ethernet

link-state link down

mtu 1500

auto-negotiation off

speed N/A

ipv6-autoconfig Not configured

monitor-mode Not configured

duplex N/A

link-speed 1000M/full

comments

ipv4-address Not Configured

ipv6-address Not Configured

ipv6-local-link-address Not Configured

Firewall2> show interface eth1-02 xcvr_detail

eth1-02 SFP is present

Product Type: 10G Base-SR

Vendor name: FINISAR CORP.

Vendor PN: FTLX8574D3BCL

Vendor rev: A

Vendor SN: xx

Laser wavelength: 850nm

Link Length for SMF,km: 0km

Link Length for SMF: 0m

Link Length for 50um: 80m

Link Length for 62.5um: 30m

Link Length for Copper: 0m

Link Length for OM3: 300m

No tx fault, No rx loss

Router2#show interfaces Gi2/6

GigabitEthernet2/6 is down, line protocol is down (notconnect)

Hardware is Gigabit Ethernet Port, address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)

Description: Firewall 2

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, link type is force-up, media type is 1000BaseSX

For me, transceivers seem good on both ends. On router side, there is nothing much I can configure on the port expect of a « speed nonegotiate » which doesn’t change the behavior. On Checkpoint side, I’ve forced the speed and duplex to match the router’s but without a change either :

Router2#sh run int Gi2/6

interface Firewall2

description NS_RESA_U142018_FWVTECH

speed nonegotiate

end

set interface eth1-02 link-speed 1000M/full

set interface eth1-02 state on

set interface eth1-02 auto-negotiation off

Do you know if there is some known incompatibility between the new quantum firewall and old cisco modules ?

Thank you.

Chris_Atkinson

To clarify what brand / SKU of SFP is populated in the ports, does HCP complain about them?

Also per sk92755 not all of them support multirate capabilities.

CCSM R77/R80/ELITE

Josh28

Hi, Thanks for your answer. HCP doesn't complain about the SFP on both member of the cluster:

| System/Hardware/Transceivers Support
|
+-----------------------------------------------------------------------------------------------------------------
-------------------+
| Result: SUCCESS
|
|
|
| Description: This test checks that all installed transceivers are supported
|
|
|
| Summary:All transceivers are approved

Chris_Atkinson

Great the remaining aspect is the speed / multirate issue and if the SFP supports it (refer sk92755).

CCSM R77/R80/ELITE

the_rock

If you do ifconfig and show interfaces from clish, does it show as up in both places?

Best,
Andy

Are you a member of CheckMates?

Connectivity down between a 9100 gateway and a cisco 4500 module