Problems with Cisco 7500 Portchannels

steju · ‎06-11-2003

Hi everyone,

I have some sort of strange problem.

In my network I run a Port-channel between a Cisco 7513 and a Catalyst 2950-24. The Port-channel is a trunk link with dot1q encapsulation. Whenever I change the configuration of the Port-channel interface on the router (e.g., adding/removing a dot1q subinterface or shutting down/bringing up an existing subinterface) the Port-channel stops working completely. Its state is up (with line protocol up), however, it doesn't seem to forward traffic anymore. Even pinging a connected device from the router fails. A reload on the router will solve the problem; anything else (microcode reload, shutdown/no shutdown on both Port-channel and FastEthernet interfaces) won't.

If you've seen anything at least a bit like this, please drop me a reply to this posting. I'll provide below some details, and if anyone thinks he/she can help, I can provide config excerpts, show outputs, etc. as necessary.

So: the Port-channel on the router consists of 2 FE interfaces located on the same FEIP2, on its two port adapters. On the switch, two adjacent ports are used (although this is no longer a limitation). The Port-channel normally works, so the basic guidelines of configuring (same speed, duplex, etc.) have been followed.

The software versions are 12.2(15)T2 with SERVICE PROVIDER/VIP feature set on the router, and 12.1(13)EA1b on the switch, correspondingly.

Any idea or suggestion is welcome.

Best wishes,

Stejarel Veres

mdoldan · ‎06-11-2003

Can you provide the config from both devices?

I've been having a variety of issues with the 2950 and 3550 SMI platforms. Just when I think I have them all figured out a different implementation causes problems. These platforms just don't behave the same as the 2900XL platforms. Actually they just don't behave. LOL.

mdoldan · ‎06-11-2003

Forgot to mention that setting native vlan on 2950 may resolve the issue. (don't use switchport mode access on 2950 FEC or GEC when trunking)

steju · ‎06-11-2003

Hello Michael,

Thanks for your replies.

The relevant configs are:

(snip from the 7500 router config)

interface Port-channel1

no ip address

full-duplex

hold-queue 150 in

!

interface Port-channel1.80

encapsulation dot1Q 80

... some ip address

... some inbound/outbound filters

!

... and so on, for more dot1q subinterfaces.

interface FastEthernet5/0/0

no ip address

no ip proxy-arp

load-interval 30

full-duplex

channel-group 1

!

interface FastEthernet5/1/0

no ip address

no ip proxy-arp

load-interval 30

full-duplex

channel-group 1

(snip from the Catalyst 2950-24 config)

interface Port-channel1

switchport trunk allowed vlan ... some VLANs

switchport mode trunk

bandwidth 200000

no ip address

duplex full

flowcontrol send off

spanning-tree portfast

!

interface FastEthernet0/1

switchport trunk allowed vlan ... the same VLANs

switchport mode trunk

no ip address

load-interval 30

duplex full

speed 100

channel-group 1 mode on

spanning-tree portfast

!

interface FastEthernet0/2

switchport trunk allowed vlan ... the same VLANs

switchport mode trunk

no ip address

load-interval 30

duplex full

speed 100

channel-group 1 mode on

spanning-tree portfast

I guess this would be all...

What do you mean by setting native VLAN on the 2950? Changing the default value of 1 for the native VLAN?

Thanks,

Stejarel

mdoldan · ‎06-11-2003

switchport trunk native vlan X

You may want X to be VLAN 1.

Please do a show vtp status on the switch. Need to know if it is server, client or transparent.

steju · ‎06-11-2003

Yes I would want that the native VLAN for the trunk to be VLAN 1, as it's not used for any specific traffic, even the management VLAN is another one. However, I was under the impression that this is the default setting; when I tried to set it on the Port-channel/FastEthernet interfaces as you suggested, no changes occured in the configuration.

The switch is really in the VTP server mode.

VTP Version : 2

Configuration Revision : 18

Maximum VLANs supported locally : 64

Number of existing VLANs : 18

VTP Operating Mode : Server

VTP Domain Name : ... something

VTP Pruning Mode : Enabled

VTP V2 Mode : Enabled

VTP Traps Generation : Disabled

MD5 digest : 0x71 0xFB 0x0F 0xD5 0x7A 0x42 0x83 0x57

Configuration last modified by 172.30.0.2 at 6-11-03 20:49:02

Local updater ID is 172.30.0.2 on interface Vl300 (lowest numbered VLAN interface found)

mdoldan · ‎06-12-2003

Yes, your right. VLAN 1 is the default native VLAN and as a result wont show up. I noticed you were running portfast on the channel. You may not want to do this. Is your 2950 configured for MST or is it default spanning tree.

I think the router fast Etherchannel may be the source of the issue.

steju · ‎06-12-2003

I didn't touch the 2950's spanning tree configuration except enabling portfast on the ports I knew won't connect to another switches. But, do you think that this could impact on the Port-channel behaviour?

Yes I too suspect the software on the 7500 crashes at this point. However, all the software versions I've tried until now (basically, the PV feature set of the 12.2T mainline because I also need IPv6) seem to have the same problem. Even more, with 12.2(15)T and T1, the problem was occuring at random time intervals (but no longer than 1-2 days), making the Portchannel to stop working so the router was required to be reloaded. With 12.3(1), the Portchannel won't work at all, from the very beginning. At least with the one I'm running now, 12.2(15)T2, it only stops working when I change something as I've said in its configuration. It is still quite annoying.

In the beginning I suspected a config problem but I can't seem to figure out what would that be. Portchannels on 7500 have way poorer features than the ones on 2950 (as a result, I had to force portchannel mode on 2950 because 7500 doesn't really like PAgP frames). But now, I think that the real problem is somewhere within the software, because of the different behaviours of different versions of software. I think I will try as well a GD version (12.2 mainline) to see if it does the same thing. Anyway, that wouldn't be an acceptable solution, since it doesn't include IPv6 support.

mdoldan · ‎06-12-2003

I recall reading something about disabling CEF on the 7500 series router for port channels with 2950's. Something to look into.

mdoldan · ‎06-12-2003

I found an obscure document discussing a 2950 and a 2948G-L3 switch. It talks about the 48G-L3 as being routed interfaces and may offer some insight.

http://www.cisco.com/en/US/customer/products/hw/switches/ps607/products_configuration_example09186a008014c203.shtml

From a configuration standpoint, the Catalyst 2948G-L3 switch is a router. It uses a Cisco IOS command line and by default, all interfaces are routed interfaces.

The Catalyst 2948G-L3 switch does not extend your VLANs by default. Since all of the interfaces are routed interfaces, each interface has to belong to a different network or subnet. If you want two or more interfaces to belong to the same subnet, bridging needs to be configured on these interfaces.

The Catalyst 2948G-L3 switch does not support negotiation protocols found on other Catalyst switches, such as VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), and Port Aggression Protocol (PAgP). It is recommended that these protocols be turned off on the Catalyst 2950 interfaces that connect to the Catalyst 2948G-L3 switch.

On the Catalyst 2948G-L3 switch, all traffic received on the native VLAN on a trunk is routed in software. This means this traffic is sent to the CPU. When a great deal of traffic is sent on this VLAN, it can result in a high CPU load on the Catalyst 2948G-L3 switch and have an adverse effect on the performance of the network. It is advised to create a dummy VLAN (such as VLAN 99) which can be made the native VLAN for the trunk. All of the user traffic is sent over the other VLANs and these are routed in hardware, leading to a better performance.

steju · ‎06-12-2003

Thanks for the tips, I think there is some pertinent information within them. I will look into the matter in a couple of days or so because right now I don't have the time to do it. Anyway, I'll keep you posted with the results when I'll do the testing, but if you find anything else, don't hesitate to update this topic. Thanks again for all your help.