Solved

7254XSQ SMLT/LACP to Cisco

  • 10 February 2021
  • 24 replies
  • 212 views

Hello. I’m trying to get an LACP link to come up to a Cisco. I’ve spent too much time looking on Google without the most helpful of results so I’m hoping someone here can help. Here is some of the relevant configuration…

 

The interfaces on the Cisco:

 

interface GigabitEthernet1/1/2

switchport mode trunk

logging event trunk-status

channel-protocol lacp

channel-group 10 mode active

 

interface GigabitEthernet2/1/2

switchport mode trunk

logging event trunk-status

channel-protocol lacp

channel-group 10 mode active

 

interface Port-channel10

switchport mode trunk

 

On the VSP:

 

# LACP CONFIGURATION
#

vlacp enable
lacp smlt-sys-id d4:78:56:xx:xx:xx
lacp enable

 

# MLT CONFIGURATION
#

mlt 22 enable name "MY-MLT"

 

# MLT INTERFACE CONFIGURATION
#

interface mlt 22
smlt
lacp enable key 22
exit

 

interface GigabitEthernet 1/41
name "MLT22"
no shutdown
lacp key 22 aggregation enable
lacp enable
sflow sampling-rate 8192
exit

 

MY-SWITCH:1(config)#show mlt 22

===============================================================================
                                    Mlt Info
===============================================================================
                                         PORT    MLT        MLT           PORT         VLAN
MLTID IFINDEX NAME      TYPE   ADMIN CURRENT    MEMBERS       IDS
----------------------------------------------------------------------------------------------------
22         6165  MY-MLT     trunk   smlt        norm                                 2222

                          DESIGNATED   LACP      LACP
MLTID IFINDEX  PORTS            ADMIN     OPER
----------------------------------------------------------------------------------------------------
22       6165       null                  enable    down

                                                                                                                WHICH PORTS
                        WHERE        LOCAL                      REMOTE                   PROGRAMMED
MLTID NAME   CREATED    PORT MEMBERS      PORT MEMBERS      IN DATA PATH
----------------------------------------------------------------------------------------------------
22      MY-MLT   LOC & REM                                      NONE

                          ENCAP                                          PVLAN        VID
MLTID IFINDEX  DOT1Q     LOSSLESS   PVLAN     TYPE         TYPE       FLEX-UNI
----------------------------------------------------------------------------------------------------
22       6165       enable      disable               -              -                -            disable

 

A message I found in the logs:

 

MY-SWITCH:1(config)#show log file tail
CP1 [02/10/21 12:41:44.739:CST] 0x000ec5d1 00000000 GlobalRouter LACP INFO A churn condition has been detected for port 1/41 as the  PARTNER is out of sync.

 

 

 

icon

Best answer by bfaltys 5 March 2021, 20:27

Disabled speed negotiation on the Cisco interface and the link came up.

View original

24 replies

Userlevel 5

Before enabling LACP on the interface…..

Make sure you the VLAN and default VLAN is set on the port.

 

interface GigabitEthernet 1/41

name "MLT22"
no shutdown
lacp key 22 aggregation enable
lacp enable
sflow sampling-rate 8192
exit

 

 

 

Userlevel 6
Badge +1

bfaltys,

 

SMLT requires to disable the spanning tree on the port:

interface GigabitEthernet 1/41

no spanning-tree mstp force-port-state enable

exit

I think that you forgot the encapsulation:

mlt 22 encapsulation dot1q

 

Here a working config with a Cisco router:

#

# MLT CONFIGURATION

#

mlt 203 enable name Router

mlt 203 encapsulation dot1q

interface mlt 203

smlt

lacp enable key 203

exit

#

# VLAN CONFIGURATION

#

vlan mlt 100 203

vlan mlt 101 203

vlan mlt 102 203

vlan mlt 103 203

vlan mlt 104 203

# PORT CONFIGURATION - PHASE II

#

interface GigabitEthernet 2/3

lacp key 203 aggregation enable

lacp enable

exit

Try also to follow a naming convention for the MLTs to ease the debug.

MLT on port 1/41 is MLT-141, on port 2/1 is MLT-201, etc.

 

Regards

Mig

When I try to set the mlt encapsulation I get an error (I do have it set on the actual interface though):

MY-SWITCH:1(config)#mlt 22 encapsulation dot1q

Error: Operation not allowed

 

MY-SWITCH(config)#sh run | b 1/41
interface GigabitEthernet 1/41
encapsulation dot1q

 

Regarding naming conventions, I just changed them for the sake of OPSEC. :)

 

How can I run a debug for this? I still see the “churn” message showing up in the log file.

 

Here is what my interfaces look like now:

interface GigabitEthernet 1/41
default-vlan-id 2222
untag-port-default-vlan enable
no shutdown
lacp key 22 aggregation enable
lacp enable
no spanning-tree mstp  force-port-state enable
sflow sampling-rate 8192
exit

 

Userlevel 6
Badge +1

bfaltys,

can you share a show run modu mlt?

For the lacp key, you should use the SMLT id, just for the OPSEC ;)

I would let it as :

mlt 141 enable name Cisco-SMLT

mlt 141 encapsulation dot1q

interface mlt 141

smlt

lacp enable key 141

exit

 

interface GigabitEthernet 1/41

encapsulation dot1q

no shutdown

lacp key 141 aggregation enable

lacp enable

no spanning-tree mstp  force-port-state enable

sflow sampling-rate 8192

no shutdown

exit

Mig

MY-SWITCH:1(config)#show run mod mlt
Preparing to Display Configuration...
#
# Wed Feb 10 14:06:04 2021 CST
# box type             : VSP-7254XSQ
# software version     : 7.1.0.0
# cli mode             : ECLI
#

#Card Info :

#  Slot 1-2 :
#       CardType          : 7254XSQ
#       CardDescription   : 7254XSQ
#       CardSerial#       : ########
#       CardPart#         : EC720001X-E6
#       CardAssemblyDate  : 20151117
#       CardHWRevision    : 02
#       CardHWConfig      :
#       AdminStatus       : up
#       OperStatus        : up

config terminal

#

# MLT CONFIGURATION
#

mlt 22 enable name "MY-MLT"


#
# VIRTUAL IST CONFIGURATION
#

virtual-ist  peer-ip 192.168.xxx.xxx vlan xxxx

#
# MLT INTERFACE CONFIGURATION
#

interface mlt 22
smlt
lacp enable key 22
exit


end


MY-SWITCH:1(config)#

 

Userlevel 6
Badge +1

Could you double check this?:

interface GigabitEthernet 1/41

encapsulation dot1q


 

MY-SWITCH:1(config)#sh run | b 1/41
interface GigabitEthernet 1/41
encapsulation dot1q

 

I do see that we’re sending LACP PDUs, but not receiving anything.

 

====================================================================================================
                                Port Stats Lacp
====================================================================================================
PORT     TX       RX       TX         RX         TX              RX              RX         RX
NUM      LACPDU   LACPDU   MARKERPDU  MARKERPDU  MARKERRESPPDU   MARKERRESPPDU   UNKNOWN    ILLEGAL
----------------------------------------------------------------------------------------------------
1/41     185      0        0          0          0               0               0          0

 

Userlevel 6
Badge +1

What Cisco model is it?

Could you share ?:

show isis spbm

show virtual-ist

Mig

I’m new to these Extremes, but to me, this seems that the port is up and not learning any MACs…

 

 

Userlevel 6
Badge +1

Could you share:

show port vlans 1/41

 

 

Userlevel 6
Badge +1

So on the cisco, the vlan 2222 is the only vlan present and tagged?

Do you see mac-addresses on the cisco ports?

To be sure that all is ok on the mlt setup could oyu share:

show isis spbm

show virtual-ist

Mig

 

Userlevel 6
Badge +1

v-ist is ok .

For the sys-id you should start with 02 as it will be used as backbone mac-address (02:01:72:00:01:00 an … :02:00). 02 meaning locally managed (read manually modified).

For the virt-bmac, the best practice is to use the lowest sys-id in the cluster ending by F (02:01:72:00:01:0F).

All this shouldn’t impact the link here.

 

So on the cisco, the vlan 2222 is the only vlan present and tagged?

Do you see mac-addresses on the cisco ports?

Mig

I’m checking with the other side. We don’t own/manage the Cisco.

They’ve double checked the links. I cannot see their MAC on either switch. I’m not sure why this is so complicated. On a Cisco I’d just debug LACP and probably get useful output in a few seconds, but with the VSP it is like pulling teeth to get relevant output. If there is an issue between the 2 VSPs I assume the link won’t come up. Is the “partner” the other VSP or is it the switch at the other end of the link? Even the description of the command options are not helpful.

 

1#show lacp ?
  actor-admin    Show port lacp actor administrative info
  actor-oper     Show port lacp actor operational info
  extension      Show port lacp timer info
  interface      Show lacp interface info
  partner-admin  Show port lacp partner administrative info
  partner-oper   Show port lacp partner operational info

 

Userlevel 6
Badge +1

bfaltys,

A machine will only do what you ask him.

FYI:

  • lacp partner is the 3rd party device (cisco)
  • lacp actor is the VSP on which you type the command
  • vist peer is the other VSP

If you want to go to debug level, you’ll find here some commands I entered a year ago to debug issues with a 3rd party device. The teeth came easily :joy:

  1. clear trace
  2. trace screen disable
  3. show trace modid-list
    1. and look for LACP, it should be 59
  4. trace level 59 3
    1. the second number is the trace level:
      1.  <0-4>   Trace level (0-Disabled; 1-Very terse; 2-Terse; 3-Verbose; 4-Very verbose)
  5. Perform a connection with the third party device
  6. trace shutdown
  7. show trace file | include “what ever you want but probably the interface id 1/xx”

Let me know if this is what your were looking for

Mig

Thanks, Mig! I think we’re now good on our side. The 3rd party will hopefully get sorted out today. I can see MACs for the local & vIST peer now. LACP now shows admin “up” as well.

 

My related config:

mlt 22 enable name NAME

interface mlt 22

smlt

lacp enable key 22

vlan members add 2222 1/41

 

interface g 1/41

lacp key 22 aggregation enable

lacp enable

 

As far as allowing VLANs on the link, I had also entered this command, but don’t see it in the config:

vlan mlt 2222 22

Is that not needed in this scenario? Maybe just for “legacy” mlt?

Userlevel 6
Badge +1

bfaltys,

Good to see it coming. What was the issue?

The command “vlan mlt 2222 22” is to add the vlan 2222 to the mlt 22.

You should also be able to just add the vlans to the interface.

 

Regards

 

Mig

 

Well, I’ve got access to the Cisco side. These devices won’t even link up. I have a Linkrunner & it links to each device using the same LC/LC cable & the same SFPs, but the devices won’t link with each other. I even have a fresh vsp & Cisco 2960-x that I’m testing on & they just don’t want to link. No STP. No shutdown ports. No err-disabled ports. Crazy!

 

Additionally, the Cisco will link right up with a 4926 so it feels like there is something going on with the 7200...

VSP & Cisco do link when I use copper SFP on the VSP to copper port on Cisco.

Disabled speed negotiation on the Cisco interface and the link came up.

Reply