'show lacp aggregate-ethernet' has a different key between local and peer interface
48273
Created On 11/29/19 05:08 AM - Last Modified 02/06/20 05:02 AM
Symptom
The Firewall is configured for Link Aggregation using LACP as the bundling protocol
Please see HOW TO CONFIGURE LACP for assistance in configuring LACP.
- This Knowledge Article will show us how to resolve an improperly configured Link Aggregation configuration case where misconfiguration on local or peer device shows the AE interface to be not in the correct state.
- As seen from below, ae1 has a yellow status instead of green although ethernet1/7 and ethernet1/8 are up and green
- ethernet1/7 interface is properly bundled to ae1, its state and its partner's state are the same (0x3D), other thing to take note of is that the keys (48) are the same, the key's numerical value may differ from your output, it is important is that local interface (ethernet 1/7) and Partner should be the same.
- ethernet1/8 interface's state status is in different than its Partner
Environment
Topology :
- On Lab70-66-PA-5060 ae1 was created and was assigned to ethernet 1/7 and ethernet 1/8
- On Lab70-50-PA-5060 ae1 was created and was assigned to ethernet 1/7 while ae2 was created and assigned to ethernet 1/8, which was intentionally misconfigured to show the issue.
- On Lab70-66-PA-5060 is the fully working setup
- On Lab70-50-PA-5060 is the problematic setup
- The diagram below was taken from Lab70-66-PA-5060, which shows ae1's status due to a peer's misconfiguration
- From Lab70-66-PA-5060, the above is the working setup
- From Lab70-50-PA-5060, which is the problematic setup
- Interface output of Lab70-66-PA-5060 which is a perfectly configured one for aggregate configuration
- Interface output of Lab70-50-PA-5060 which was intentionally misconfigured for aggregate interface
- Lab70-50-PA-5060's ae1's result, which was properly configured
- Lab70-50-PA-5060's ae2's result, which was intentionally misconfigured to illustrate the issue
Cause
On Lab70-50-PA-5060 ae1 was created and was assigned to ethernet 1/7 while ae2 was created and assigned to ethernet 1/8, which was misconfigured.
Resolution
1. Configure the appropriate aggregate for Lab70-50-PA-5060
2. Lab70-66-PA-5060's ae1 is now all green for its interface status
Additional Information
How To View the Issue from PCAP perspective:
1. Configure packet capture based from KB
GETTING STARTED: PACKET CAPTURE
2. Prepare a packet capture filter like the one below, based from the interfaces configured for aggregate,
in our case ethernet1/7, ethernet1/8 and ae1 are added for the packet capture.
3. Review the transmit.pcap file from the firewall.
Note: The key above is the ideal one, where both interfaces are sending the same key number
4. Review the received.pcap file from the firewall
Note: From above we are receiving two different key from the same peer, one key was set to 48 while the other is 49
5 . Do a 'show lacp aggregate-channel all'
Note: The above highlighted Keys (48 and 49) are also seen similar to the pcap capture from step 4