LACP Etherchannel between pfSense and Cisco Switch Not using All Links
-
Hello,
I have an issue with my LACP Etherchannel (LAGG) setup between my Cisco Catalyst 2960X switch and my pfSense router. I have it up and running but it is only using 1 physical link out of 2 total links with the second one in a suspended state according to the switch. I am not sure what I have wrong in the config. It does work in terms of failover, just not with both links active.
These are the configs that I have. I am using this LAGG as a trunk with VLANs if that helps.
![Etherchannel Config [pfSense Side].png](/assets/uploads/files/1560824496344-etherchannel-config-pfsense-side.png)
![Etherchannel Config [Switch Side].png](/assets/uploads/files/1560824503407-etherchannel-config-switch-side.png)
Any help would be greatly appreciated. Due to my current work schedule, I will only be able to reply later in the evenings.
-
What's the etherchannel config?
-
@Derelict said in LACP Etherchannel between pfSense and Cisco Switch Not using All Links:
What's the etherchannel config?
Here is the etherchannel config on the switch.
This is what the Interface Assignments tab shows for the LAGG.
And this is what I see from the Status -> Interfaces page if that helps.
-
What is:
show interface Gi1/0/1and
show interface Gi1/0/2??
(You can just copy/paste text instead of screenshots)
-
Ok, used to using screen shots. Here is the output.
MASTER-SWITCH#show int g1/0/1
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 80e8.6fc5.4881 (bia 80e8.6fc5.4881)
Description: Router Channel-Group 1 LACP
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 246000 bits/sec, 98 packets/sec
5 minute output rate 94000 bits/sec, 85 packets/sec
82054432 packets input, 107994359285 bytes, 0 no buffer
Received 358835 broadcasts (354302 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 354302 multicast, 0 pause input
0 input packets with dribble condition detected
46935706 packets output, 5155706172 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
MASTER-SWITCH#MASTER-SWITCH#show int g1/0/2
GigabitEthernet1/0/2 is up, line protocol is down (suspended)
Hardware is Gigabit Ethernet, address is 80e8.6fc5.4882 (bia 80e8.6fc5.4882)
Description: Router Channel-Group 1 LACP
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:16, output 00:00:11, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23011
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
41903953 packets input, 57649574726 bytes, 0 no buffer
Received 135566 broadcasts (126265 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 126265 multicast, 0 pause input
0 input packets with dribble condition detected
16713403 packets output, 4870411290 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
MASTER-SWITCH# -
Hmm, this doesn't make much sense, all of the ports on my pfSense box are supposed to be Gigabit but em0 is reporting as 100baseTX. em0 and em1 however are supposed to be a part of a dual Gigabit PCIe NIC.
--------------------ifconfig output on pfSense --------------------
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:25:b3:0e:1d:a1
hwaddr 00:25:b3:0e:1d:a1
inet6 fe80::225:b3ff:fe0e:1da1%em2 prefixlen 64 scopeid 0x3
inet 172.16.0.250 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active -
Check the cable.
-
For the Cisco 2960X, there are several modes for the LACP Mode, it may work with
channel-group 1 mode on
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/layer2/configuration_guide/b_lay2_152ex_2960-x_cg/b_lay2_152ex_2960-x_cg_chapter_010.html#con_1275816
-
The switch is not going to build a lagg using two different speed ports.
It could probably be argued that FreeBSD shouldn't either. (it might not be. I don't see an ifconfig for lagg0 up there anywhere.)
If you have a port coming up at 100-full that should be 1000, that needs to be fixed first. Not a lot that could be other than a bad cable. 100BaseTX only uses pins 1,2,3,6 for data. 1000BaseT uses 1-8. If there is a problem with pins 4,5,7,8 (the blue or brown pairs in both 568A and 568B) it will come up as 100-full instead.
-
The cable was the problem. I haven't replaced it yet because I just tried flipping the cables to see if the 100baseTX would change to the other NIC but both are now running full Gigabit so it definitely must be one of the two cables. Since it is working now I will leave it and will replace it if it starts to give any issues. I appreciate the help!
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=1009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether 00:1f:29:5a:65:b2
hwaddr 00:1f:29:5a:65:b3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:25:b3:0e:1d:a1
hwaddr 00:25:b3:0e:1d:a1
inet6 fe80::225:b3ff:fe0e:1da1%em2 prefixlen 64 scopeid 0x3
inet 172.16.0.250 netmask 0xffff0000 broadcast 172.16.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: activeI'm so used to the cables I make being just fine I didn't think to check one of them.
