No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

After transparent mode accessed,lacp negotiate unsuccessful

Publication Date:  2012-09-19  |   Views:  524  |   Downloads:  0  |   Author:  谢芸徽  |   Document ID:  EKB1000015215


Issue Description

network topology
1/0/47|-------------------|0/0/0   0/0/2|-------------------|1/0/47
SW1|----------------- |    USG5300   |-------------------|SW2
1/0/48----------------|0/0/1   0/0/3|-------------------|1/0/48
1 The protocol between switches is dynamic lacp(at least 2 couple of interface run lacp protocol),after access in transparent mode fire wall(interface corresponding firewall binding eth-trunk),lacp negotiate was unsuccessful,if switchs only has one interface run lacp,means  transparent mode fire wall negotiate was successful

Alarm Information


Handling Process

1 when configure lacp of switch,firewall configure eth-trunk dynamic negotiate was unsuccessful 
we can see from negotiation estate of switch that,the ultimately reason of lacp negotiate was
not successful is that the message format is multicast message. So after the eth-trunk interface of firewall received this multicast message,it sent this message from one of member interface,and this message is sending randomly,couldn’t ensure lacp messages from switch interface are all the same.   
2 configure lacp of switch,firewall upstream and downstream interface are divided to the same vlan,and different upstream and downstream interface belong to different vlan

   We can see from lacp negotiation estate that,lacp negotiation of switchs is successful,because firewall divide 2 vlans,form a logical physical links,ensure sent and received lacp of interfaces in 2 switchs are accorded
3 configure lacp of switch,firewall upstream and downstream configure eth-trunk

Root Cause

The lacp of switch is run through negotiation messages,the negotiation message has it own format. The handle process of lacp message is the same as bpdu handle process(not built mac forwarding table and flood it directly),when firewall configure eth-trunk interface,firewall will flood lacp out,make lacp of both ends of switchs sent or receive negotiate was unsuccessful


When configure lacp between switch and firewall,firewall can configure an eth-trunk,if switch use dynamic lacp configure Link Aggregation,firewall need to divide several vlans,form a logical physical links,ensure sent and received lacp of interfaces in 2 switchs are accorded

Aggregation interface of switch can be divided different vlans,upstream and downstream divide to a same vlan,between upstream and downstream divide to different vlans