Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5500X Etherchannel With Mixed Copper and Fibre Ports Fail

ASA5500x - 9.1x

Unable to configure an etherchannel using a mixture of the on board UTP and an SFP interface from the ASA-IC-6GE-SFP-A module (which does support etherchannels unlike the SSM-4GE= ). Both are configured to run 1Gbps. Can anyone confirm that you cannot mix the two.

Cisco documentation advices "All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed. ". However it does not elaborate on the definition of "type".

Error shown "WARNING: GigabitEthernet0/0 is not compatible with GigabitEthernet1/2 and will be suspended (speed of GigabitEthernet0/0 is 1000 Mbps, GigabitEthernet1/2 is 1000 Mbps)".

4 REPLIES
Hall of Fame Super Silver

An Etherchannel with port

An Etherchannel with port members across the base unit and an ASA-IC-6GE-SFP-A expansion is a supported configuration.

You don't perhaps have a nameif on one of the members you are trying to add do you? That will cause the creation to fail.

New Member

There are no nameif

There are no nameif configurations on either port, the firewall is new and had no previous configuration. The etherchannel is partially formed but one or the other will is suspended (depends on which on was added second). Have done "clear config interface" on both interfaces and port-channels, still no joy. The downstreams are a pair of Cisco NX5Ks, with a VPC.

interface GigabitEthernet0/0

channel-group 10 mode active

no nameif

no security-level

no ip address

!

interface GigabitEthernet1/2

channel-group 10 mode active

no nameif

no security-level

no ip address

interface Port-channel10

speed 1000

duplex full

nameif INSIDE security-level 100

no ip address

 

Group  Port-channel  Protocol  Span-cluster  Ports
------+-------------+---------+------------+------------------------------------
10     Po10(U)           LACP          No     Gi0/0(s)   Gi1/2(P)

 

Hall of Fame Super Silver

Check your Nexus to make sure

Check your Nexus to make sure the ports your ASA interfaces are connected to are configured properly and that the VPC is healthy and allowing the expected VLAN. If the ASA doesn't see them as going to the "same" downstream device that will cause the failure as well.

"show vpc brief" (on the Nexus) should show it for you.

New Member

Hello Alex,

Hello Alex,

We have this problem to, what was the solution ??

BR

Ernst

248
Views
0
Helpful
4
Replies