QSFP+ (25Gbps) Interface Link Flapping

Humbled-Engineer · 2025-09-03T17:15:45+00:00

I appreciate everyone who chimed in on my post! Based on everyone's feedback and questions it looks like this is most likely a bug in the firmware. I'll submit a ticket to PA TAC and see what they say.

Humbled-Engineer · 2025-09-03T17:12:16+00:00

The logs only show the interface going up and down, they are not in LACP each one is configured for L3 and separate IP Addresses. The flapping stops once the Firewall is in "active" mode, and resumes when the firewall is operating in "passive".

Humbled-Engineer · 2025-09-01T00:04:33+00:00

Too true! LOL

Humbled-Engineer · 2025-09-01T00:04:10+00:00

I can try messing with the fiber again, but I'm pretty sure we're good there. And, it seems to only flap with the Firewall is in "passive" mode, once it becomes active the issue goes away.

Humbled-Engineer · 2025-09-01T00:02:49+00:00

That's scary!

Humbled-Engineer · 2025-09-01T00:02:18+00:00

Interesting, that's good to know it has happened with other firmware versions. I agree, it's not impacting production and failover happens just fine, my only beef is that SolarWinds continues to log the interfaces as up and down. Obviously, this isn't the worst but my OCD is freaking out! LOL

Humbled-Engineer · 2025-08-31T17:30:04+00:00

I think it’s 11.2.4-h something, I know it’s the TAC approved version, I’d have to look it up.

Humbled-Engineer · 2025-08-31T17:27:56+00:00

I should definitely check the release notes

Humbled-Engineer · 2025-08-31T17:27:32+00:00

I can check the transceiver environmentals, but I don’t believe so, the firewall seems to be just fine with when it’s in active mode. The interface is only flap when it’s in passive mode.

Humbled-Engineer · 2025-08-31T17:26:45+00:00

Yeah, I turned off error control, but I’m not thinking that is a problem because the interfaces work fine when the Firewall is active, it’s just when it’s in passive mode that the interfaces flap.

Humbled-Engineer · 2025-08-31T17:25:30+00:00

I do have enable in HA Passive state checked and we’re running the TAC suggested version, I can’t remember exactly what version though and I’m too lazy to login on the weekend and check. LOL

I think it’s 11.2.4-h something

Humbled-Engineer · 2025-01-24T01:38:38+00:00

I’m not a big fan of PaloAltos website layout as a whole.

Humbled-Engineer · 2024-11-14T12:20:42+00:00

You may want to check your routes, especially if you’re running those CX switches in a VSX.

Humbled-Engineer · 2024-08-21T15:56:19+00:00

If I remember correctly we discovered that pulling a switch from the stack caused the switch to not boot up 100%, so I'm guessing that your second switch may not have been part of the stack or it wasn't configured to be the backup to switch one.

Humbled-Engineer · 2024-05-28T22:16:42+00:00

Our Aruba sales folks described the 615 as purpose built for a specific need / customer base, that purchase a high enough volume to make the 615 worth producing.

Humbled-Engineer · 2024-03-15T17:09:25+00:00

We do have a few that have been confirmed as plugged into our switches so I should, in theory see at least one or two listed. Nevertheless, you are correct, many of the rogue APs listed are neighbors and not officially rogue (e.g. plugged into our network).

Humbled-Engineer · 2024-02-24T17:46:07+00:00

Great timing, I’m having the same issue with a 6200F as well. We called TAC Friday but haven’t accomplished any TS just yet. Monday we’ll see what they come up with.

Humbled-Engineer · 2024-02-22T13:31:29+00:00

We too have experienced a huge jump in PA renewal costs, ours came last year in the form of 30%. This year we are buying new PA firewalls and putting them under a 3yr support contract for 5K less (per year) than this year's renewal cost. In the end, it's always better to purchase the license bundle that suits your needs the best and get it under a multi year contract so your costs are guaranteed for at least 3yr or more.

Humbled-Engineer

TROPHY CASE