LACP : Cisco ASA 5515 & Switch ProCurve 2920
Posted
by
user979276
on Server Fault
See other posts from Server Fault
or by user979276
Published on 2013-07-22T17:59:04Z
Indexed on
2013/11/07
15:58 UTC
Read the original article
Hit count: 303
I've two ASAs 5515 connected in failover Active/Stand by (on Gi0/5)
My two ASAs are connected to two Switch ProCurve 2920 to have HA if something happens. So I plug something like that (don't pay attention to the arrows) :
So one the ASA, I created a Port-Channel like that :
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.3 255.255.255.0 standby 192.168.1.4
!
interface GigabitEthernet0/1
speed 1000
duplex full
channel-group 1 mode passive
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
speed 1000
duplex full
channel-group 1 mode passive
no nameif
no security-level
no ip address
!
interface Port-channel1.1
vlan 1
nameif inside
security-level 100
ip address 192.168.8.1 255.255.255.0 standby 192.168.8.2
!
interface Port-channel1.10
vlan 10
nameif guest
security-level 50
ip address 172.16.100.2 255.255.255.224 standby 172.16.100.3
!
interface Port-channel1.16
vlan 16
nameif dmz
security-level 50
ip address 192.168.16.1 255.255.255.0 standby 192.168.16.2
On the switch, I created a trunk LACP capable with the port 1 and 2 on each switch, force the speed to 1000 and put the port un full duplex mode.
BUT this is not working... I tried many things and I can't make it work.
In this configuration, I can't ping anything between my ASA and my Switch (or any object connected). Here what I get on my ASA :
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
-----------------------------------------------------------------------------
Gi0/2 SP not-bndl 32768 0x1 0x1 0x3 0xc
Gi0/1 FP not-bndl 32768 0x1 0x1 0x2 0x6
And on the Switchs :
PORT LACP TRUNK PORT LACP LACP
NUMB ENABLED GROUP STATUS PARTNER STATUS
----- ------- ----- ------ ------- ------
1 Active trk1 Broken Yes Failure
2 Active trk1 Broken Yes Failure
If I change the Cisco interface to LACP mode On, I can ping the switch from the ASA but nothing other objects conneted on the switch. If I look at the statut of LACP on the switch I see this :
PORT LACP TRUNK PORT LACP LACP
NUMB ENABLED GROUP STATUS PARTNER STATUS
----- ------- ----- ------ ------- ------
1 Active trk1 Up No Success
2 Active trk1 Up No Success
I don't have any clue on what's going on so If someone have any idea and help me on this, it would be great !
Feel free to ask me anything if you need any more information !
Thanks a lot !
© Server Fault or respective owner