33 Posts
0
2381
LAG to Firewalls won't Negotiate
I'm working on an HA project, but can't get the interfaces to negotiate.
2 x PA-3220 v8.1 2 x Dell N4032F switches latest recommended firmware
The firewalls are setup for active/passive HA and the switches are configured for MLAG and have a LAG setup to connect to the firewalls. The PA ae interface on the active firewall shows one physical interface as active, but the other is 'not active (negotiation failed)' resulting in an amber link state. I've checked all of the settings on both the PA and switches and it looks like it should be working.
What logs and settings should I check again?
mike4fg
33 Posts
0
May 22nd, 2020 12:00
I opened a tech support case and was able to get this working by setting up a second port channel.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 15th, 2020 13:00
Hi,
Are they LACP LAGs or static? Is it two ports for each of the firewalls?
mike4fg
33 Posts
0
May 15th, 2020 15:00
Yes, LACP LAGs and 2 ports for each firewall.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 15th, 2020 15:00
Can you try with just one port connected to each?
mike4fg
33 Posts
0
May 15th, 2020 21:00
Sorry, I misunderstood. Each firewall has a connection to each switch, so firewall 1 connects to switch 1 and switch 2 and firewall 2 connects to switch 1 and switch 2.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 18th, 2020 09:00
The core switches are in an MLAG?
mike4fg
33 Posts
0
May 18th, 2020 10:00
Yes, the core switches are in MLAG with one partner switch in a LAG and uplinks to firewalls in a LAG.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 18th, 2020 11:00
Does spanning-tree show anything blocking?
mike4fg
33 Posts
0
May 18th, 2020 12:00
I don't see any, but I do see this message on both core switches. This reads to me that the partner priority is 32768 which looks the same for Po14.
dot3ad_lacp.c(2284) 279767 %% WARN Interface Te1/0/12 partner priority 32768 is not same as existing members of LAG interface Po14 (32768). Not adding interface Te1/0/12 as active member of LAG interface Po14.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 18th, 2020 13:00
Try changing it on both and see if that helps.