Hi all,
We have 2 x MS225-24 running in stack mode with latest stable version 10.45. A Cisco Firepower 2130 with a port-channel running LACP against the Meraki stack, 1 link per stack member. When powering off one of the stack members, it also affect the other switch, bringing the whole port-channel down. Once the port channel is down, the whole network will be down. Have you faced any similar issues?
We do not face any issues on MS425-16 stack.
for this test, the design was as follows:
laptop running ping to gateway and internet -----> MS425-16 stack -----> Cisco Firepower working in Active/Spare mode ------> MS225-24 Stack -----> Load balance -----> Internet.
Firewall 1 port 13 to MS225-24 Switch 1 Port 27
Firewall 1 port 14 to MS225-24 Switch 2 Port 27
Firewall 2 port 13 to MS225-24 Switch 1 Port 28
Firewall 2 port 14 to MS225-24 Switch 2 Port 28
Firewall configuration
Firewall 1 port 13 and 14 is port channel.
Firewall 2 port 13 and 14 is port channel
MS225-24 configuration
MS225-24 Switch 1 Port 27 & MS225-24 Switch 2 Port 27 (Aggregated)
MS225-24 Switch 1 Port 28 & MS225-24 Switch 2 Port 28 (Aggregated)
We try remove the link from one of the MS225-24 Switch 1 Port 27 and Port 28, the port channel never go down.
>MS225-24 Switch 1 Port 27 and Port 28
According to your description, these are going to different firewalls and are different LACP groups - so the channel should not go down.
But it goes down when we power off one of the MS225-24 stack member
Firepower is reporting that the LACP channel is down?
Yes at the firewall the status of the port channel is down
The Meraki Dashboard is showing the two MS225's are both correctly stacked? Have you definately got the two stacking cables plugged into the back of the switches?
Does it matter which MS225 you power off to make this happen?
Meraki dashboard have show both are correctly stacked. Stacking cables have plugged into the back of the switches too.
It does not matter which switch i power off
I think out of desperation I would factory reset both switches and then let them re-provision.
If the problem is still happening you'll need to open a support case.
i already open a case already, meraki side say firewall issues, my firewall side said is your meraki lacp got issues. Cause the same thing happen to my load balance when we power of the switch, will cause my load balance side both link to down for couple sec. once the both link is down, my load balance will failed over.
first things why when we power off the switch both link will down? we suspect on the meraki switch side.there is some limitation at the LACP side
Have you tried determining on which link the LACP messages are sent using packet capture.
Then try to power down the switch that does not send LACP messages and see if the port channel goes down and if messages are still sent on the active port.
Then try the same but disabling the switch that normally has the LACP messages.
That could help in determining which device is no longer sending the packets and report to the case owner.
once the switch is being shutdown the port channel will down. once the port channel no traffic able to pass through the firewall.