LACP : Cisco ASA 5515 & Switch ProCurve 2920

Posted by user979276 on Server Fault See other posts from Server Fault or by user979276
Published on 2013-07-22T17:59:04Z Indexed on 2013/11/07 15:58 UTC
Read the original article Hit count: 299

Filed under:
|
|
|

I've two ASAs 5515 connected in failover Active/Stand by (on Gi0/5)

My two ASAs are connected to two Switch ProCurve 2920 to have HA if something happens. So I plug something like that (don't pay attention to the arrows) :

diagram

So one the ASA, I created a Port-Channel like that :

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.3 255.255.255.0 standby 192.168.1.4
!
interface GigabitEthernet0/1
speed 1000
duplex full
channel-group 1 mode passive
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
speed 1000
duplex full
channel-group 1 mode passive
no nameif
no security-level
no ip address
!
interface Port-channel1.1
vlan 1
nameif inside
security-level 100
ip address 192.168.8.1 255.255.255.0 standby 192.168.8.2
!
interface Port-channel1.10
vlan 10
nameif guest
security-level 50
ip address 172.16.100.2 255.255.255.224 standby 172.16.100.3
!
interface Port-channel1.16
vlan 16
nameif dmz
security-level 50
ip address 192.168.16.1 255.255.255.0 standby 192.168.16.2

On the switch, I created a trunk LACP capable with the port 1 and 2 on each switch, force the speed to 1000 and put the port un full duplex mode.

BUT this is not working... I tried many things and I can't make it work.

In this configuration, I can't ping anything between my ASA and my Switch (or any object connected). Here what I get on my ASA :

Channel group 1
                             LACP port     Admin     Oper    Port        Port
Port      Flags   State      Priority      Key       Key     Number      State
-----------------------------------------------------------------------------
Gi0/2     SP      not-bndl   32768         0x1       0x1     0x3         0xc  
Gi0/1     FP      not-bndl   32768         0x1       0x1     0x2         0x6

And on the Switchs :

PORT   LACP      TRUNK   PORT     LACP      LACP
NUMB   ENABLED   GROUP   STATUS   PARTNER   STATUS
-----  -------   -----   ------   -------   ------
1      Active    trk1    Broken   Yes       Failure
2      Active    trk1    Broken   Yes       Failure

If I change the Cisco interface to LACP mode On, I can ping the switch from the ASA but nothing other objects conneted on the switch. If I look at the statut of LACP on the switch I see this :

PORT   LACP      TRUNK   PORT     LACP      LACP
NUMB   ENABLED   GROUP   STATUS   PARTNER   STATUS
-----  -------   -----   ------   -------   ------
1      Active    trk1    Up       No        Success
2      Active    trk1    Up       No        Success

I don't have any clue on what's going on so If someone have any idea and help me on this, it would be great !

Feel free to ask me anything if you need any more information !

Thanks a lot !

© Server Fault or respective owner

Related posts about cisco

Related posts about cisco-asa