I'm working on an HA project, but can't get the interfaces to negotiate.
2 x PA-3220 v8.1 2 x Dell N4032F switches latest recommended firmware
The firewalls are setup for active/passive HA and the switches are configured for MLAG and have a LAG setup to connect to the firewalls. The PA ae interface on the active firewall shows one physical interface as active, but the other is 'not active (negotiation failed)' resulting in an amber link state. I've checked all of the settings on both the PA and switches and it looks like it should be working.
What logs and settings should I check again?
Solved! Go to Solution.
Are they LACP LAGs or static? Is it two ports for each of the firewalls?
Can you try with just one port connected to each?
Sorry, I misunderstood. Each firewall has a connection to each switch, so firewall 1 connects to switch 1 and switch 2 and firewall 2 connects to switch 1 and switch 2.
The core switches are in an MLAG?
Does spanning-tree show anything blocking?
I don't see any, but I do see this message on both core switches. This reads to me that the partner priority is 32768 which looks the same for Po14.
dot3ad_lacp.c(2284) 279767 %% WARN Interface Te1/0/12 partner priority 32768 is not same as existing members of LAG interface Po14 (32768). Not adding interface Te1/0/12 as active member of LAG interface Po14.
Try changing it on both and see if that helps.