Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Link in LAG group failed, could still access switch but DHCP fails. Why?

So I have a switch LAGed (2 links) to the main switch. The switch provides POE to a bunch of Access Points that are on trunk ports with a native vlan. The other day, when all of those APs went offline it was pretty clear that the issue was with that single switch or at least it's line of communication back to our core switches. I could SSH into the switch and could ping around internally an externally, as well as saw in 'show cdp neighbors detail' that the APs weren't getting IP addresses. At some point I saw that one of the two links in the LAG group was dark, but the assumption that the LAG group was meant to continuing operating if a link failed led me to look else where. After some amount of dead end troubleshooting, i decided to just fix the dead link in the LAG group and voila, all the Access Points received DHCP and all was well. Can someone explain this to me?

72% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1

Static lag and an intermediate device keeping one end of of the link up/up?

level 1

LACP or static? If static, the "dead" link could still be trying to pass traffic, and if you were unlucky the related traffic was hashed to take the dead link.

level 2
Original Poster1 point · 3 months ago

It's LACP, Active/Passive on their respective ends of the link.

level 1
rfc9000 - Bitchslap over IP2 points · 3 months ago

DHCP snooping trust probably not enabled on all the member ports of the LAG. That's my bet.

level 2
Original Poster1 point · 3 months ago

I'm not familiar with DHCP snooping trust. I'll look into that. Thanks for the direction.

level 2

DHCP snooping trust probably not enabled on all the member ports of the LAG.

This feels like a config option that should be applied to the aggregate virtual interface, rather than on a member-by-member basis, though I suppose some platforms might allow you to create insane configurations like that.

level 3
It's never the network.2 points · 3 months ago

I have noticed that a lot of green (and even some "vet") admins will continue to attempt to modify the physical interfaces of LAGs directly.

Had to stop my co-worker who's been in the trenches for 15 years from adding a vlan directly to a member interface. Fun stuff. :)

level 4

This process "works", but should cause the individual members to fall out of the bundle due to consistency check failure until they all match again.

level 1

How did you fix the bad port/link? Remove/re-add it to the lag? or was there an actual physical issue.

level 2
Original Poster1 point · 3 months ago

I copied the config over to another port on the switch and moved the cable ( i tested a new cable first and also tested the port on the other side of the link)

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.