USG FLEX 200H: LAG LACP Interface Issue
Freshman Member
Hi, in my scenario I have a stack of two XGS3700-48HP, firmware V4.30(AAGF.3),and a LAG of two ports on which I've connected public network. I had ATP500 Firewall connected on that LAG with the external interface and it worked fine for years since I've changed with USG FLEX 200 H, firmware V1.38(ABWV.0).
Both LAGs where LACP, hash policy src-dst-mac. After two days of fine working, USG FLEX started to lose packets on the WAN interface. I tried some changes in the xmit-hash-policy, or in LACP Timeout on XGS3700, I rebooted both the systems too, but nothing worked.
I changed from
/ vrf "main" interface lag "wan" "mode" "lacp"
/ vrf "main" interface lag "wan" "xmit-hash-policy" "src-dst-mac"
/ vrf "main" interface lag "wan" "lacp-rate" "slow"
/ vrf "main" interface lag "wan" "mii-link-monitoring" "100"
to
/ vrf "main" interface lag "wan" "mode" "static"
/ vrf "main" interface lag "wan" "xmit-hash-policy" "src-dst-mac"
/ vrf "main" interface lag "wan" "mii-link-monitoring" "100"
and disabled LACP and changed to static on the XGS3700, and it started to work again.
The iessue I noticed was that some Access Point (and PC, or printers too) connected to XGS3700 responded via IPSec VPN to the ping for about 10 seconds, then for about 1 minute or more I had Request timeout.
The strange thing is that via IPSec VPN I was able to ping correctly XGS3700, for example, both XGS1930 connected via fiber, and just one Access Point conneted to the XGS3700. The VPN was made through the same LAG interface that had issues.
All of the other devices lose connectivity, and go back up again for 10 seconds sometimes.
From the LAN side (that was another LAG interface with LACP), conencted via Wi-Fi or ethernet, I was able to ping all the internal devices, but I was losing connectivity to internet and the other side of the IPSec VPNs.
Actually is working with "wan" LAG static, and "lan" LAG lacp.
What could be happened? Can you figure out?
Thank you
Federico
All Replies
-
Hi @fedebros,
May I ask whether you collected the diagnostic information file when the issue occurred?
If so, we would appreciate it if you could share it with us for further analysis.Zyxel Tina
0
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 228 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 645 USG FLEX H Series
- 357 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 54 Wireless Ideas
- 7.1K Consumer Product
- 303 Service & License
- 496 News and Release
- 93 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.9K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight
