- Integrated Systems
- About Us
- Integrated Systems
- About Us
07-01-2019 02:52 AM
Can not ping VlanInterface IP address via standby IRF member
we have a 5130hi irf stack configured for a ring topology.
The management ip address is configured via interface vlan.
We randomly can not reach the ip address from our workstations or servers.
There is a cisco asa connected via LACP, 2 links per irf member (total 4 x 1 Gbit).
The asa is our layer 3 routing device.
The problems started when we updated the asa firmware.
This rebooted the firwall, so the bridge aggregation links were down and than up again.
The really strange thing is, that we can make the connection work again by shutting down one bridge aggregation link.
But than the issue occurs sometimes for another device.
It seems that if the device is matched to a link on the irf standby by the asa lacp algorithm the connection is not working.
We double checked the cabling, the whole configuration (interfaces, stp, irf) and stumbled above this post:
Could the "ring" topology be the problem?
interface Ten-GigabitEthernet1/1/1 description IRF P1/1 # interface Ten-GigabitEthernet1/1/2 description IRF P1/2 # interface Ten-GigabitEthernet2/1/1 description IRF P2/1 # interface Ten-GigabitEthernet2/1/2 description IRF P2/2 irf-port 1/1 port group interface Ten-GigabitEthernet1/1/1 # irf-port 1/2 port group interface Ten-GigabitEthernet1/1/2 # irf-port 2/1 port group interface Ten-GigabitEthernet2/1/1 # irf-port 2/2 port group interface Ten-GigabitEthernet2/1/2 <sw-xxx>disp irf MemberID Role Priority CPU-Mac Description *+1 Master 30 00e0-fc0f-xxxx switch1 2 Standby 10 00e0-fc0f-xxxx switch2 -------------------------------------------------- * indicates the device is the master. + indicates the device through which the user logs in. The bridge MAC of the IRF is: e8f7-249b-xxxx Auto upgrade : yes Mac persistent : 6 min Domain ID : 718
If we can not solve it by configuration we will go ahead and update the software version of the stack.
07-01-2019 02:47 PM - edited 07-01-2019 02:55 PM
Re: Can not ping VlanInterface IP address via standby IRF member
- If I were you I will seriously consider a Daisy Chain IRF Topology (SW 1 IRF Port 1 to SW 2 IRF Port 2 where SW 1 IRF Port 1 has 1/1/1 and 1/1/2 as physical member interfaces and where SW 2 IRF Port 2 has 2/1/1 and 2/1/2 as physical member interfaces)...apparently looks sub-optimal - having no SW 1 IRF Port 2 and no SW 2 IRF Port 1 defined - but the only alternative to have some sort of simmetry [*] in case of Ring IRF Topology is to use front SFP+ ports in this way (let me say the case of 24 ports models): SW 1 IRF Port 1: 25+26, SW 1 IRF Port 2: 27+28 | SW 2 IRF Port 1: 25+26, SW 2 IRF Port 2: 27+28 and use, again, only SW 1 IRF Port 1 to SW 2 IRF Port 2 leaving remaining SW 2 IRF Port 1 and SW 1 IRF Port 2 ready for closing the Ring.
- diagnose the LAG (LACP) to Cisco ASA, from both ends.
- stay update (latest is Comware 7.10 R1311P03).
[*] I mean: from the physical interface standpoint (and not because there is a particular restriction/requirement in binding IRF Ports to physical ports on HPE 5130 HI)...it's "nice" having leftmost interfaces bound to IRF Port 1 and rightmost interfaces bound to IRF Port 2...but...since you have just one Slot...ports are simply 1|2/1/1 and 1|2/1/2...a nice setup will be having two Slots with 1 and 2 for Slot 1 and 1 and 2 for Slot 2...and the "crossing" will happen between ports of the leftmost Module (of the IRF Member 1) for IRF Port 1 with ports of the Rightmost Module (of the IRF Member 2) for IRF Port 2...I know this is just not-necessary and not-required...it's just a personal mindset.
I'm not an HPE Employee