dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1103
share rss forum feed

zippy83

join:2012-08-30

[HELP] Portchenell issues

Click for full size
PO Setup
Hello.

I have been playing with Port-chanell between 3 switches. I have attached a picture of the setup as well as the configuratoions for all three switches

I have followed some lab documentation on how to build a simple port Chanell, however it does not seem to work like it should. Initally it works fine for about 15 min and then one of the switches drops. It seemes to me that switch 2 is dropping frequently every 15 min, and it stays down for 5 min, then after 5 min I get one valid Ping response and then it times out for another 5 minutes and eventually comes back up for 10-15 min.

SW1#sh run
Building configuration...
 
Current configuration : 7628 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW1
!
logging buffered 1000000 informational
no logging console
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
enable secret 5 $1$Ti48$5Wuvxc7IcdtC2gB5iyyOU.
!
username user1 privilege 15 secret 5 $1$iA1d$TWqZ9wfsdfsdfsfassrqrew212yjp2fsdflNo0tE1DW6i1
ip subnet-zero
no ip domain-lookup
!
!
spanning-tree extend system-id
!
!
interface Port-channel1
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
!
interface Port-channel2
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
!
interface FastEthernet0/1
 description Upliunk to LAB_RTR
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 172
 switchport mode trunk
 no ip address
 duplex full
!
interface FastEthernet0/2
 description Uplink to Wireless MX
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
!
interface FastEthernet0/3
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/4
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/5
 switchport access vlan 172
 switchport mode access
 no ip address
!         
interface FastEthernet0/6
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/7
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/8
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/9
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/10
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/11
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/12
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/13
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/14
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/15
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/16
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/17
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/18
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/19
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/20
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/21 
 description TEMP Port for SW2
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 shutdown
 duplex full
 speed 100
!
interface FastEthernet0/22
 description TEMP Port for SW3
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 shutdown
 duplex full
 speed 100
!
interface FastEthernet0/23
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/24
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/25
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/26
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/27
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/28
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/29
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/30
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/31
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/32
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/33
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/34
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/35
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/36
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/37
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/38
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/39
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/40
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/41
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/42
 switchport access vlan 172
 switchport mode access
 no ip address
!
interface FastEthernet0/43
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/44
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/45
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/46
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 2 mode desirable
!
interface FastEthernet0/47
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 2 mode desirable
!
interface FastEthernet0/48
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 2 mode desirable
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface Vlan1
 no ip address
 no ip route-cache
!
interface Vlan172
 ip address 172.30.180.7 255.255.254.0
 no ip route-cache
!
ip default-gateway 172.30.180.1
ip http server
ip tacacs source-interface Vlan172
!
!
tacacs-server host 172.22.0.223
tacacs-server host 172.22.0.224
tacacs-server timeout 1
tacacs-server key password
 
!
line con 0
 exec-timeout 11 0
 logging synchronous
line vty 0 4
 exec-timeout 11 0
 logging synchronous
line vty 5 15
!
end
 
SW1#            
 
SW1#sh etherchannel summary 
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        R - Layer3      S - Layer2
        u - unsuitable for bundling
        U - port-channel in use
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Fa0/43(P)  Fa0/44(P)  Fa0/45(P)  
2     Po2(SU)     Fa0/46(P)  Fa0/47(P)  Fa0/48(P)  
 

SW2#sh run
Building configuration...
 
Current configuration : 6855 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW2
!
logging buffered 1000000 informational
logging rate-limit console 5
no logging console
enable secret 5 $1$Mpew$8lQiSO3q8aQccIltRGAXS/
!
username user1 privilege 15 secret 5 $1$EH7H$dxjehpircuehwioNtZ1/3J8mmz7gIeJlVYn/
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
!
aaa session-id common
switch 1 provision ws-c3750-48p
ip subnet-zero
no ip domain-lookup
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel2
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Port-channel3
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet1/0/1
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode desirable
!
interface FastEthernet1/0/2
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode desirable
!
interface FastEthernet1/0/3
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 3 mode desirable
!
interface FastEthernet1/0/4
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/5
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/6
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/7
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/8
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/9
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/10
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/11
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/12
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/13
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/14
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/15
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/16
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/17
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/18
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/19
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/20
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/21
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutwown
 duplex full
 speed 100
!         
interface FastEthernet1/0/22
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/23
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/24
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/25
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/26
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/27
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/28
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/29
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/30
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/31
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/32
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/33
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/34
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/35
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/36
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/37
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/38
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/39
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/40
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/41
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/42
 switchport access vlan 172
 switchport mode access
!
interface FastEthernet1/0/43
 switchport access vlan 172
!
interface FastEthernet1/0/44
 switchport access vlan 172
!
interface FastEthernet1/0/45
 switchport access vlan 172
!
interface FastEthernet1/0/46
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode desirable
!
interface FastEthernet1/0/47
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode desirable
!
interface FastEthernet1/0/48
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 2 mode desirable
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
 no ip address
!
interface Vlan172
 ip address 172.30.180.8 255.255.254.0
!
ip default-gateway 172.30.180.1
ip classless
ip http server
ip tacacs source-interface Vlan172
!
tacacs-server host 172.22.0.223
tacacs-server host 172.22.0.224
tacacs-server timeout 1
tacacs-server directed-request
tacacs-server key password
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
 exec-timeout 11 0
 logging synchronous
line vty 0 4
 exec-timeout 11 0
 logging synchronous
line vty 5 15
!
!
end
 
SW2#              
 
SW2# sh etherchannel summary 
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
Number of channel-groups in use: 2
Number of aggregators:           2
 
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
2      Po2(SU)         PAgP      Fa1/0/46(P) Fa1/0/47(P) Fa1/0/48(P) 
3      Po3(SU)         PAgP      Fa1/0/1(P)  Fa1/0/2(P)  Fa1/0/3(P)  
 

SW3#sh run
Building configuration...
 
Current configuration : 5153 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW3
!
logging buffered 1000000 informational
no logging console
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
enable secret 5 $1$Q4CG$BD8TQx5YqZJVIf1xc6kGG1
!
username user1 privilege 15 secret 5 $1$OBGhkdfb;askfasdfsafW$6u4f6lVW2d43g4df6LZnW2erA/C.Uy/
ip subnet-zero
no ip domain-lookup
!
!
spanning-tree extend system-id
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
!
interface Port-channel3
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
!
interface FastEthernet0/1
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 3 mode desirable
!
interface FastEthernet0/2
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 3 mode desirable
!
interface FastEthernet0/3
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 3 mode desirable
!
interface FastEthernet0/4
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/5
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/6
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/7
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/8
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/9
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/10
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/11
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/12
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/13
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/14
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/15
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/16
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/17
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-group 1 mode desirable
!
interface FastEthernet0/18
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/19
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/20
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/21
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/22
 switchport access vlan 172
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 shutdown
 duplex full
 speed 100
!
interface FastEthernet0/23
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface FastEthernet0/24
 switchport access vlan 172
 switchport mode access
 no ip address
 shutdown
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan172
 ip address 172.30.180.9 255.255.254.0
!
ip default-gateway 172.30.180.1
ip classless
ip http server
ip tacacs source-interface Vlan172
!
!
tacacs-server host 172.22.0.223
tacacs-server host 172.22.0.224
tacacs-server timeout 1
tacacs-server key password
 
!
line con 0
 exec-timeout 11 0
 logging synchronous
line vty 0 4
 exec-timeout 11 0
 logging synchronous
line vty 5 15
!
end
 
SW3#      
 
SW3#sh etherchannel summary 
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        u - unsuitable for bundling
        U - in use      f - failed to allocate aggregator
 
        d - default port
Number of channel-groups in use: 2
Number of aggregators:           2
 
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         PAgP      Fa0/15(P)  Fa0/16(P)  Fa0/17(P)  
3      Po3(SU)         PAgP      Fa0/1(P)   Fa0/2(P)   Fa0/3(P)   
 

I am using crossover cables between the switches.
Im sure I did somethign wrong but I just cant figure it out.

SW 1 and 3 are c3550 and SW 2 is 3750P

Any help on this is greatly appreciated
Thank you
Zippy

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
First, don't use "desirable"... force them be a group without any guess-work.

Second, verify spanning-tree and vlan configuration on all three switches. You have a loop, so STP is needed to prevent it.

moazzamali

join:2010-07-09
54000
reply to zippy83
why are you configuring trunk port as access port by applying switchport access vlan 172.
Remove this command from all int port channel and physical interface and do let me know if this solve your issue

zippy83

join:2012-08-30
reply to cramer
said by cramer:

First, don't use "desirable"... force them be a group without any guess-work.

Second, verify spanning-tree and vlan configuration on all three switches. You have a loop, so STP is needed to prevent it.

Here is the spanning-tree output for the problem switch. I dont see anything on it that would cause this issue

When I change the mode to auto on all interfaces the switch keeps up but all my portchannels show down down

When I change the mode to "on" on all interfaces that have PO configured I get packet loss every other ping.

SW2#sh spanning-tree 
 
VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     000a.b7ca.a380
             Cost        9
             Port        624 (Port-channel2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 
  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0016.9d61.b280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po2              Root FWD 9         128.624  P2p 
Po3              Altn BLK 9         128.632  P2p 
 
          
VLAN0003
  Spanning tree enabled protocol ieee
  Root ID    Priority    32771
             Address     000a.b7ca.a380
             Cost        9
             Port        624 (Port-channel2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 
  Bridge ID  Priority    32771  (priority 32768 sys-id-ext 3)
             Address     0016.9d61.b280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po2              Root FWD 9         128.624  P2p 
Po3              Altn BLK 9         128.632  P2p 
 
          
VLAN0172
  Spanning tree enabled protocol ieee
  Root ID    Priority    32940
             Address     000a.b7ca.a380
             Cost        9
             Port        624 (Port-channel2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 
  Bridge ID  Priority    32940  (priority 32768 sys-id-ext 172)
             Address     0016.9d61.b280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
 
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po2              Root FWD 9         128.624  P2p 
Po3              Altn BLK 9         128.632  P2p 
 

zippy83

join:2012-08-30
reply to moazzamali
VLAN 172 is my native vlan.

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
Then configure it as such using the switchport trunk command—switchport access is not doing anything for you with a trunk port

zippy83

join:2012-08-30
reply to zippy83
I removed the access vlan 172 from all trunk ports but I am still having the same issue


MrTwister
Premium
join:2003-09-27
Hilliard, OH

1 recommendation

reply to zippy83
Ether-channels can be a real pain if you configure them
in the wrong order, or trying to mix interfaces on different
blades, that happen to be a different rev hardware/software
wise.

Usually if you have configuration issues, the port(s) will
not come up in the bundle. They usually are in a stalled/wait
state.

Saying that, I was curious as to the IOS rev on these switches.
It looks like you're running older IOS code on switchs 1 & 3 and
switch 2 being the newer one, as per the configs you posted;

There could be a issue with ether-channel in the lower code
that may be causing the drops.

SW1#sh run
Building configuration...
  
Current configuration : 7628 bytes
!
version 12.1
 

SW2#sh run
Building configuration...
  
Current configuration : 7628 bytes
!
version 12.2
 

SW3#sh run
Building configuration...
  
Current configuration : 7628 bytes
!
version 12.1
 

There are a lot of issues over there years, if you
read the release notes for your IOS, you'd be amazed
at some of the crazy bugs that the IOS had pop up,
and been addressed in updates. One that was kind of
funny, was doing a "show run" command. That would
reboot a switch/router. Noone uses that command.

We've got a buttload of Ether-channels running in both
of our data centers, haven't seen the dropping issues.
Speeds range from 800MB, 8Gb, up to 20Gb channels,
in a mix of PAgP and LACP. The rootbridges for the vlan's
has been modified, so d1 is root for odd vlans, and d2
is root for even vlans. Down the road when we swap in
the nexus 7k's that's more than likely going to change, but
we'll cross that bridge when we come to it.

We have two camps here, one that nails up the ether-channels
hard, and a few white paper/best practice types that still
swear by the desirable modes.

one set examples, our data center here, has
dual 65xx distribution switches that dual attach to the
access layer switches. This is a smaller data center
as we've collapsed to a ton of HP C7000 blade centers,
so there's only 43 ether-channels left running, some
only have a single gig uplink running, but allows for adding
the second/fourth uplink on the fly.

Simple config for the Ether-channle between the two
looks like this;

!
!
!switch-D1
!
!
!
interface Port-channel102
 description 20-gig-EtherChannel-to-switchd2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 mls qos trust dscp
!
!
interface TenGigabitEthernet1/1
 description switchd2-Te1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 wrr-queue bandwidth percent 1 42 35 20 2 0 0 
 priority-queue queue-limit 10 
 wrr-queue queue-limit 5 45 20 10 10 0 0 
 wrr-queue threshold 1 100 100 100 100 100 100 100 100 
 wrr-queue threshold 2 100 100 100 100 100 100 100 100 
 no wrr-queue random-detect 1 
 no wrr-queue random-detect 2 
 no wrr-queue random-detect 3 
 wrr-queue cos-map 1 1 1 
 wrr-queue cos-map 2 1 0 
 wrr-queue cos-map 3 1 2 
 wrr-queue cos-map 4 1 3 
 wrr-queue cos-map 5 1 6 7 
 priority-queue cos-map 1 4 5 
 mls qos trust dscp
 channel-group 102 mode desirable
!
interface TenGigabitEthernet1/2
 description switchd2-Te1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 wrr-queue bandwidth percent 1 42 35 20 2 0 0 
 priority-queue queue-limit 10 
 wrr-queue queue-limit 5 45 20 10 10 0 0 
 wrr-queue threshold 1 100 100 100 100 100 100 100 100 
 wrr-queue threshold 2 100 100 100 100 100 100 100 100 
 no wrr-queue random-detect 1 
 no wrr-queue random-detect 2 
 no wrr-queue random-detect 3 
 wrr-queue cos-map 1 1 1 
 wrr-queue cos-map 2 1 0 
 wrr-queue cos-map 3 1 2 
 wrr-queue cos-map 4 1 3 
 wrr-queue cos-map 5 1 6 7 
 priority-queue cos-map 1 4 5 
 mls qos trust dscp
 channel-group 102 mode desirable
!
!
 

Ether-channel Summary
switchd1#sh etherchannel summary
        
Number of channel-groups in use: 43
Number of aggregators:           43
 
Group  Port-channel  Protocol    Ports
------+-------------+-----------+------------------------
102    Po102(SU)       PAgP      Te1/1(P)       Te1/2(P)
 

!
!
!switch-D2
!
!
!
!
interface Port-channel102
 description 20-gig-EtherChannel-to-switchd1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 mls qos trust dscp
!
!
interface TenGigabitEthernet1/1
 description switchd1-Te1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 wrr-queue bandwidth percent 1 42 35 20 2 0 0 
 priority-queue queue-limit 10 
 wrr-queue queue-limit 5 45 20 10 10 0 0 
 wrr-queue threshold 1 100 100 100 100 100 100 100 100 
 wrr-queue threshold 2 100 100 100 100 100 100 100 100 
 no wrr-queue random-detect 1 
 no wrr-queue random-detect 2 
 no wrr-queue random-detect 3 
 wrr-queue cos-map 1 1 1 
 wrr-queue cos-map 2 1 0 
 wrr-queue cos-map 3 1 2 
 wrr-queue cos-map 4 1 3 
 wrr-queue cos-map 5 1 6 7 
 priority-queue cos-map 1 4 5 
 mls qos trust dscp
 channel-group 102 mode desirable
!
interface TenGigabitEthernet1/2
 description switchd1-Te1/2
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
 wrr-queue bandwidth percent 1 42 35 20 2 0 0 
 priority-queue queue-limit 10 
 wrr-queue queue-limit 5 45 20 10 10 0 0 
 wrr-queue threshold 1 100 100 100 100 100 100 100 100 
 wrr-queue threshold 2 100 100 100 100 100 100 100 100 
 no wrr-queue random-detect 1 
 no wrr-queue random-detect 2 
 no wrr-queue random-detect 3 
 wrr-queue cos-map 1 1 1 
 wrr-queue cos-map 2 1 0 
 wrr-queue cos-map 3 1 2 
 wrr-queue cos-map 4 1 3 
 wrr-queue cos-map 5 1 6 7 
 priority-queue cos-map 1 4 5 
 mls qos trust dscp
 channel-group 102 mode desirable
!
!
 

Ether-channel Summary
switchd2#sh etherchannel summary
        
Number of channel-groups in use: 43
Number of aggregators:           43
 
Group  Port-channel  Protocol    Ports
------+-------------+-----------+------------------------
102    Po102(SU)       PAgP      Te1/1(P)       Te1/2(P)
 

The Port-channel interface
switchd1#sh int po102
Port-channel102 is up, line protocol is up (connected)
  Hardware is EtherChannel, address is e8b7.48ed.0cf5 (bia e8b7.48ed.0cf4)
  Description: 20-gig-EtherChannel-to-switchd2
  MTU 9216 bytes, BW 20000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 9/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 10Gb/s, media type is unknown
  input flow-control is on, output flow-control is off
  Members in this channel: Te1/1 Te1/2
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 763133000 bits/sec, 89491 packets/sec
  5 minute output rate 117069000 bits/sec, 36036 packets/sec
     77036795986 packets input, 71787187179806 bytes, 0 no buffer
     Received 528718397 broadcasts (469571224 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     47848107765 packets output, 34227653785063 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
 

I probably should have removed the QoS configurations, but
I wanted to show the difference between the physical interface
and the port channel interface.

Having all those Port-channels running VoIP and Video along
with various other mission critical apps, we can't afford
to have any uplink issues.

The only issue we have had, was with end-users plugging
the second network drop in the conference rooms into the
back of the VoIP phone, bridging both access layer switches
in that IDF. That resulted in a strange situation where
HSRP groups were hijacked.. but that's another story all
together.


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
not sure what you are talking about. I have had no issues in regards to setting up port channels since IOS version 9.x

Your configurations are NOT recommended under any circumstances. The command should be
channel-group X mode on

LACP/PAgP is not needed under any normal conditions, unless it is being attached to a server. Even than, most newer servers do support Port channel without LACP/PAgP.

Using the mode on makes it so that it does not make any difference what device is on the other end. I have it tested with Juniper/Cisco/Nortel/Avaya/3Com/HP/etc... to name a few.

It also, makes no difference what you run on them or which modules they are connected to or any combination of many...

edit: WOW, JUST WOW!!!! are you running VoIP with 9216 byte Packet sizes going thru those Port Channels... ???? WOW!!!! Fantastic design, I might say. LOL


MrTwister
Premium
join:2003-09-27
Hilliard, OH
said by Da Geek Kid:

Your configurations are NOT recommended under any circumstances. The command should be
channel-group X mode on

Believe me, I always set mine to on. There was a point I was
going to make with that, but somehow got lost in translation,
and coming back working the reply. We get overruled by the
powers that be, who get their info from people who DONOT
work on the day to day operations and live in their white papers
and best practices (and don't pay attention to updates).

It's funny how the government works sometimes..
or should I say sad how it works sometimes.

said by Da Geek Kid:

LACP/PAgP is not needed under any normal conditions, unless it is being attached to a server. Even than, most newer servers do support Port channel without LACP/PAgP.

Using the mode on makes it so that it does not make any difference what device is on the other end. I have it tested with Juniper/Cisco/Nortel/Avaya/3Com/HP/etc... to name a few.

I agree with you on that. We have to cover our bases,
you know how server people always like to point the fingers
at the network. If it doesn't match the vendors suggested
configuration (right or wrong), it's an issue. To the blade centers
you and such, you give them the LACP they want, then
it's a battle over the load balancening algorithm, as if their
hosts are the only thing running on the network.

There are a few things we've got, that we know aren't
what they should be, and it's a big sticking point. You
point it out, (record it somewhere), and working on
trying to get replace, corrected through back channels
that won't get noticed.

I missed the desirable on that group, that one will be address
at the next maintenance window.


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
lol

Think of Server folks as Grandma's driving down the street... They don't care how the road is made up as long as it's straight and has speed limit, etc... The server folks are either "Right Click" folks or "sudo" folks... They rarely know a thing about pushing packets. So, one should not consult sys admin.


MrTwister
Premium
join:2003-09-27
Hilliard, OH
said by Da Geek Kid:

lol

Think of Server folks as Grandma's driving down the street... They don't care how the road is made up as long as it's straight and has speed limit, etc... The server folks are either "Right Click" folks or "sudo" folks... They rarely know a thing about pushing packets. So, one should not consult sys admin.

LoL.. we don't consult them, they have a way of getting the ear of their boss, and their bosses boss, all the way up the food chain.
Basically buying them time to figure out what they are doing, while
blaming the network.

The best one was, the SAN group asking for port-channel and
ports that needed opened on the firewall. Low and behold
no one can connect to the CIFS, yadda, yadda, yadda..
lets CC (and BCC I'm sure) everyone and their brother,
boss, bosses boss and so on..

After hearing about it at length, and returning from lunch
to a gaggle of people in my cubbyhole, I walk into the server
room, and locate the source of their problem.
The port-channels on my c3750X won't really help the
SAN peoples throughput on their NetApp box, if there's
no drop-cable from the 3750X to the NetApp!!

oh yeah, and no retraction on the CC/BCC to everyone.

The horror stories go on.. it's the crazy one's like that,
that make it up to the CIO's inbox, that leave a bad taste
in your mouth.


battleop

join:2005-09-28
00000
reply to MrTwister
"One that was kind of funny, was doing a "show run" command"

I ran into that in some 2600 some time ago. We never found the exact time but the router had to run for several months before it would happen to us.
--
I do not, have not, and will not work for AT&T/Comcast/Verizon/Charter or similar sized company.

HELLFIRE
Premium
join:2009-11-25
kudos:18
said by MrTwister :

you know how server people always like to point the fingers at the network.

Preaching to the choir here MrTwister. Remind me to look up for a server job next time; apparently your
only qualifications needed are a) a full lobotomy, b) a knack for blaming everyone but yourself, c) the
ability to parrot "It MUST be [insert here]'s fault" without documenting proof, d) finding the darndest
ways to NOT be near the pager / cell / BB / email / etc when that big troubleshoot conf call is going on...
and you're the last one to the party, and e) all resolutions are "server was rebooted, repeat after me."

Case in point, two issues that stuck out for my week : one was a running email trail where some jacka$$ who
has NOT contributed an iota of useful ANYTHING during troubleshooting takes it upon himself to basically
say "please give me a lesson in private VLANs, oh, can you also check if there were any link flaps at the time?
This is really important and would help us (read:him) in troubleshooting."

Case #2 was users complaining of 1/2 the user PCs unable to access an app, the other 1/2 working find.
Nonworking PCs could telnet to the destination server by name and IP address on the proper port... how's
THAT a fscking network issue? Wasted two hours of our time, and the morons insisted Networks hold
the problem ticket while they "investigated with HP."

said by Da Geek Kid :

Think of Server folks as Grandma's driving down the street

I rather think of them as a lower life form that needs to be exterminated at the earliest opportunity...
preferably at Network Battleship if possible -- switchport C-9, "AHH! MY FILE SHARES!!" network drop
B-17, "THAT'S MY NETWORK JACK!"

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to battleop
[doublepost]