Archiv für den Monat: März 2014

ibm aix 7.1 and LACP

Mind to define the LACP mode with your AIX administrator. Configuring the ports with „channel group # mode active“ did work fine for us. Mode on won’t work if the AIX servers uses mode active. For this also see cisco LACP configuration guidelines under:

Configuring EtherChannels and Link-State Tracking

Here the different modes:

auto—Enables PAgP only if a PAgP device is detected. It places the port into a passive negotiating state, in which the port responds to PAgP packets it receives but does not start PAgP packet negotiation. This keyword is not supported when EtherChannel members are from different switches in the switch stack.

desirable—Unconditionally enables PAgP. It places the port into an active negotiating state, in which the port starts negotiations with other ports by sending PAgP packets. This keyword is not supported when EtherChannel members are from different switches in the switch stack.

on—Forces the port to channel without PAgP or LACP. In the on mode, an EtherChannel exists only when a port group in the on mode is connected to another port group in the on mode.

non-silent—(Optional) If your switch is connected to a partner that is PAgP capable, configure the switch port for nonsilent operation when the port is in the auto or desirable mode. If you do not specify non-silent, silent is assumed. The silent setting is for connections to file servers or packet analyzers. This setting allows PAgP to operate, to attach the port to a channel group, and to use the port for transmission.

active—Enables LACP only if a LACP device is detected. It places the port into an active negotiating state in which the port starts negotiations with other ports by sending LACP packets.

passive—Enables LACP on the port and places it into a passive negotiating state in which the port responds to LACP packets that it receives, but does not start LACP packet negotiation.

 

 

bootp packets are dropped on switch

We had the problem, that bootp packets from an IBM p720 client, which should get an image from an IBM NIM server, were dropped on the switch where the client was connected to. I could proof this with a SPAN port on the local switch. The switch which was used was a cisco 3750G stack with 15.02 ios release.

The ibm p720 client had a fixed ip address, as also the IBM NIM server and the client was configured to use the IBM NIM server ip address, so the packets were unicast packets.

The reason why those packets were dropped is dhcp snooping feature on the cisco switches. This feature is used to prevent the network from so called spurious DHCP server, which are dhcp servers which exist in your network without your knowledge. Here an abstract from the cisco configuration guideline:

If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the ip dhcp snooping trust interface configuration command.

If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command.

For more details see: Configuring DHCP Features and IP Source Guard

To prevent the switch from dropping the packets from the bootp client, we had to configure the NIM server port with „ip dhcp snooping trust“ as also the client port.

Bootp was designed prior to dhcp and uses the same ports (UDP 67, 68) as dhcp. Based on lack of time, I could not find the exact reason for the packet drop, the packet validaiton chapter from the cisco link above didn’t bring fast enlightment, why we also had to configure the client ports with „ip dhcp snooping trust“.