Nexus 7K VPC

Hi,
We have two Nexus 7K in our data centre with N7K-M132XP-12(10G) module and N7K-M148GT-11(1G) module
Also both 7K has two supervisor module in active/standby mode
vpc keep alive and vpc peer link( on port channel) is setup on 10G module between both 7K's
Im currently planning for an NX-OS upgrade and i wanted to keep the vpc keepalive/vpc peer link active during the process
my questions:
1. Is it a must to use 10 gig ports otherwise the peer link and keepalive will not form
2. can i configure vpc keep alive and peerlink on the 1G N7K-M148GT-11 copper module
3.can i form two sets of vpc keepalive and peerlink in two different vpc domain, so during the upgrade when one slot reboots, the other slot will keep the vpckeepalive and peerlink active
4. can i use the management modules on the supervisor modules to configure vpc keep alive
apart from the above question, could u just provide the best practice for my situation

Hi Oleksandr,
ISSU which upgrades only the control plane. Would this be considered to be a complete OS upgrade
I have seen ur other discussion about control and data plane fucntionality..
When only the control plane gets updated, i understand all routing and other fucntionality gets updated but would it be applied to the physical hardware like supervisor modules and other line cards ?
since u mentioned that data plance will not upgraded(traffic is not interupted). what happens when only control plane is upgraded and not the data plance ?
would the supervisor modules and line cards not be able to make use of the new fucntionality since the data plane is not upgraded ?

Similar Messages

6500-VSS and NEXUS 56XX vPC interoperability

Hello, is it possible to establish a PORT CHANNEL between a couple of Cisco 6500 running VSS mode and a couple of NEXUS 5000 running vPC? . Design should be " Back-to-Back" : VSS-- Port-Channel--vPC.
I want also to support L2 and L3 flows between the two couples.
I read many forums but i am not sure it runs.
Is such design, if it runs; supported by Cisco?
Thanks a lot for your help.

Hi Tlequertier,
We have VSS 6509Es with Sup 2Ts & 6908 modules. These have a 40gb/sec (4 x 10gb/sec) uplink to our NEXUS 5548UP vPC switches.
So we have a fully meshed ether-channel between the 4 physical switches (2 x N5548UP & 2x6509E)
Kind regards,
Tim

Nexus 5000 vpc and fabricpath considerations

Hello community,
I'm currently in the process of implementing a fabricpath environment which includes Nexus 5548UP as well Nexus 7009
NX OS on N5K is 6.0(2)N1(2)
Regarding the FP config on the N5K I wonder what is the best practice for the peer-link. Is it necessary to configure the Portchannel like below:
interface port-channel2
description VPC+ Peer Link
switchport mode fabricpath
spanning-tree port type network
vpc peer-link
There are several VLANs configured as FP.
As I understand we can remove the command:
spanning-tree port type network
Can anyone confirm this ?
Also I noticed a "cosmetic" problem. On two port 1/9 and 1/10 on both N5K it isn't possible to execute the command "speed"?!
When the command speed is executed I receive the following error:
ERROR: Ethernet1/9: Configuration does not match the port capability
Also please notice after the vPC and FP configuration we don't do a reload!
Thanks
Udo

Hi Simon -
Have done some testings in the lab on ISSU with FEXes either in Active/Active and Straight-through fashion, and it works.
Disabling BA on N5K(except the vPC peer link) is one of the requirements for ISSU .
In a lately lab testing with the following topo, BA is configured on the vpc 101 between the N5Ks and Cat6k. We have a repeated regular ping between the SVI interfaces of c3750 and Cat6K.
                      c3750
                         ||
                      vPC
                         ||
    N5K =====vPC====== N5K
                          ||
                     vpc 101
                          ||
                     Cat6k
When we changed the network type to disable BA, we observed some ping drops, which around 20-30.
I am not sure what your network looks like, hopefully this will give you some ideas about the ISSU. As a general recommendation, schedule a change window for some changes or even ISSU.
regards,
Michael

Nexus 7000 vPC modification - avoiding type1 inconsistencies

Hi Everyone,
I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.
I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.
This is causing me a big service disruption headache as I need to do this for a whole Data Centre.
I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.
Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?
If not, do you know of any other ways to prevent vPC going into suspend?
Thanks in advance for any advice!

Hi Raj,
thankyou for your response.
We have VPC between Core - Aggregation - all 7k and Aggregation to Access (5ks). VPC down from Core all the way to Access and also up all the way from Access to Core.
So from a STP point of view, the topology is a single switch for Core, Aggregation and Access - so no loops.
I agree this limits the potential for trouble if a switch is plugged into the access layer by mistake for example - but the customer is adamant they want it (RootGuard).
Thanks,
Oswaldo

Cisco VSS Dual-active PAgP detection via Nexus and vPC

Hi!
We will soon implement Cisco nexus 5595 in our Datacenter.
However we will still be using a pair of C6500 in a VSS in some part of the network.
Today we are running dual-active detection via a PAgP Port-channel, but those Port-channels will be removed and the only Port-channel we will have is to a pair of Nexus 5596.
Does anyone know if we can run PAgP dual-active detection via this MEC/vPC?
Thank you for your time!
//Olle

Hi,
The easies way is to connect both links from the 6500s to only one of the Nexus switches. Than create a portchannel on both the 6500 and the Nexus.
The other option would be to connect the 6500s directly together via a gig link and use fast hello instead of epagp.
I would use fast hello since it is supported on the 6500s.
HTH

Cisco nexus 9508 Vpc with catalyst switches

Hi,
i am karthik.
we are going to build the nexus 9508 with NX-OS in our data center. in existing we are having 50's of catalyst L2 and L3 switches.
If we perform the Vpc with 9K and catalyst switches. is there any restrictions on particular model catalyst switches will support Vpc with 9K?
Kindly clarify my question?
Thanks in advance for the valuable response!!!!

Hi,
i am having 4500 series switches and 6E sup engine.
Then we are having nexus 9508 and N2232PP. when we try to configure fex between these switches.
in Nexus 9508 showing unknown features error.
Current Nx-OS version is n9000-dk9.6.1.2.I2.2.bin.

Nexus 5548UP vPC PIM-SSM

Hi
Does anyone configure pim-ssm in vPC domain ? I am looking for some config/experience before I start.
I know that PIM-SSM in vPC is only supported with FabricPath licencse which I allready got it.
Regs
Martin

Hi lilyzima1
direct link to the post : http://blog.alainmoretti.com/pim-ssm-through-nexus-vpc/

Nexus 5010 VPC noOperMem

I'm trying to set up a vpc between two Nexus 5010s going to an HP VMware chassis..
I'm getting the error no operational members and am not sure what I did wrong.
I've attached the configs for VPC121, if anyone has any ideas I'd really appreciate it.

Try rebuilding the Portchannel again
interface Ethernet1/11
no switchport mode trunk
no switchport trunk allowed vlan 4,8,10,12,14,16-17,19-21,24-25,27,64,72,80,88,96,124,190,200,209,257-258,420,900,1102
no channel-group 121 mode active
no int po121
new config:
int e1/11
channel-group 121 mode active
The command above should create po 121 for you
int po121
switchport mode trunk
switchport trunk allowed vlan 4,8,10,12,14,16-17,19-21,24-25,27,64,72,80,88,96,124,190,200,209,257-258,420,900,1102
no sh
now test again
HTH

Nexus 5548UP VPC and/or VRRP problem

Hi, I have two 5548UP + L3 card with LAN_ENTERPRISE_SERVICES_PKG and FC license.
This two Nexus are the core of my network.
Eight stacks of 2960S are connected to both NX with an etherchannel formed by two SX-1G or two SR-10G.
I've checked the conf and maked a lot of test and everything works fine. BUT, two days after the people start working on the new building, about half of the PC don't even reach the default gateway. (Nexus VRRP)
I've turned off VRRP and it works for minutes.
The problem disappear if I shutdown one of the links to NX01 or NX02.
I followed the destination MAC of one PC with the problem and the ARP table looks OK but I guest the problem is related with a corruption in the ARP table anyway.
system image file is:   bootflash:///n5000-uk9.5.2.1.N1.1a.bin
Thanks in advance!
Guido./
interface Vlanxx
no shutdown
ip address 10.xx.xx.1/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address xxxxx
vrrp 80
    address 10.xx.xx.1
! Actualy is in shutdown
interface port-channel55
switchport mode trunk
switchport trunk allowed vlan 1-300,303-4094
ip dhcp snooping trust
speed 10000
vpc 55
interface port-channel111
switchport mode trunk
switchport trunk allowed vlan 1-224
ip dhcp snooping trust
spanning-tree port type network
speed 10000
vpc peer-link

Looks like you have configured same IP on physical and for standby. is this typo or configured on device ?
!----------- NX01 ----------------------------------------------
interface Vlan80
no shutdown
ip address 10.xx.80.1/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address xxxxx
vrrp 80
    address 10.xx.80.1
! Actualy is in shutdown
!----------- NX02 ----------------------------------------------
!NX02
interface Vlan80
no shutdown
ip address 10.xx.80.2/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address x
vrrp 80
    address 10.x.80.1
Also -Peer Gateway                      : Disabled
Optional but can be turnon to make both in forwarding mode.
Thanks
Ajay

Nexus 7k VPC connecting to Juniper MX series?

Hi.
I'm in a situation where I need to link my Nexus 7k core (two 7010's running multiple VPC's) to a pair of Juniper MX-240 switch/routers.
Both devices are capable of a form of VPC - Juniper call it MC-LAG (Multi-chassis Link Aggregation), Cisco obviously call it VPC.
What I need to find out is if a VPC across the two-Nexus system will be compatible with a MC-LAG on the Juniper setup. I have VPC's working find to other Cisco devices.
As far as I can tell from the reading fo the standards I can find it *should* work, but since I'm working in production I'm very wary of making a change which would cause an issue in this.
Has anyone done this/come across this before? Anyone got any insight if it's possible?
Thanks.

Answering my own question for reference of anyone else who might need to know.
It *is* possible, but you only get an active/active LACP connection to an EX series switch running in a virtual chassis configuration.
Juniper's implementation of MC-LAG on non-EX devices only supports active/standby mode - one port of the VPC on the Nexus pair will go immediately into hot-standby mode and stay that way.
You have to fiddle with the LACP priorities to get any form of failover working - otherwiswe, the only way I could find to get the second leg of the LACP to go active was to shut down the primary on the Nexus, then shut down and no shut the port on the second Nexus.
To an EX series switch, LACP "just worked".

Two Nexus 5020 vPC etherchannel with Two Catalyst 6500 VSS

Hi,
we are fighting with an 40 Gbps etherchannel between 2 Nx 5000 and 2 Catalyst 6500 but the etherchannel never comes up. Here is the config:
NK5-1
interface port-channel30
description Trunk hacia VSS 6500
switchport mode trunk
vpc 30
switchport trunk allowed vlan 50-54
speed 10000
interface Ethernet1/3
switchport mode trunk
switchport trunk allowed vlan 50-54
beacon
channel-group 30
interface Ethernet1/4
switchport mode trunk
switchport trunk allowed vlan 50-54
channel-group 30
NK5-2
interface port-channel30
description Trunk hacia VSS 6500
switchport mode trunk
vpc 30
switchport trunk allowed vlan 50-54
speed 10000
interface Ethernet1/3
switchport mode trunk
switchport trunk allowed vlan 50-54
beacon
channel-group 30
interface Ethernet1/4
switchport mode trunk
switchport trunk allowed vlan 50-54
beacon
channel-group 30
Catalyst 6500 VSS
interface Port-channel30
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
interface TenGigabitEthernet2/1/2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
channel-protocol lacp
channel-group 30 mode passive
interface TenGigabitEthernet2/1/3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
channel-protocol lacp
channel-group 30 mode passive
interface TenGigabitEthernet1/1/2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
channel-protocol lacp
channel-group 30 mode passive
interface TenGigabitEthernet1/1/3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
channel-protocol lacp
channel-group 30 mode passive
The "Show vpc 30" is as follows
N5K-2# sh vpc 30
vPC status
id     Port        Status Consistency Reason                     Active vlans
30     Po30        down* success     success                    -
But the "Show vpc Consistency-parameters vpc 30" is
N5K-2# sh vpc consistency-parameters vpc 30
    Legend:
        Type 1 : vPC will be suspended in case of mismatch
Name                             Type Local Value            Peer Value
Shut Lan                              1     No                     No
STP Port Type                    1     Default                Default
STP Port Guard                  1     None                   None
STP MST Simulate PVST 1     Default                Default
mode                                    1     on                     -
Speed                                  1     10 Gb/s                -
Duplex                                   1     full                   -
Port Mode                            1     trunk                  -
Native Vlan                           1     1                      -
MTU                                       1     1500                   -
Allowed VLANs                    -     50-54                  50-54
Local suspended VLANs    -     -                      -
We will apreciate any advice,
Thank you very much for your time...
Jose

Hi Lucien,
here is the "show vpc brief"
N5K-2# sh vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
vPC domain id                   : 5
Peer status                     : peer adjacency formed ok
vPC keep-alive status           : peer is alive
Configuration consistency status: success
Per-vlan consistency status     : success
Type-2 consistency status       : success
vPC role                        : secondary
Number of vPCs configured       : 2
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
Graceful Consistency Check      : Enabled
vPC Peer-link status
id   Port   Status Active vlans
1    Po5    up     50-54
vPC status
id     Port        Status Consistency Reason                     Active vlans
30     Po30        down* success     success                    -
31     Po31        down* failed      Consistency Check Not      -
                                      Performed
*************************************************************************+
*************************************************************************+
N5K-1# sh vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
vPC domain id                   : 5
Peer status                     : peer adjacency formed ok
vPC keep-alive status           : peer is alive
Configuration consistency status: success
Per-vlan consistency status     : success
Type-2 consistency status       : success
vPC role                        : primary
Number of vPCs configured       : 2
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
Graceful Consistency Check      : Enabled
vPC Peer-link status
id   Port   Status Active vlans
1    Po5    up     50-54
vPC status
id     Port        Status Consistency Reason                     Active vlans
30     Po30        down* failed      Consistency Check Not      -
                                      Performed
31     Po31        down* failed      Consistency Check Not      -
                                      Performed
I have changed the lacp on both devices to active:
On Nexus N5K-1/-2
interface Ethernet1/3
switchport mode trunk
switchport trunk allowed vlan 50-54
channel-group 30 mode active
interface Ethernet1/4
switchport mode trunk
switchport trunk allowed vlan 50-54
channel-group 30 mode active
On Catalyst 6500
interface TenGigabitEthernet2/1/2-3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
switchport mode trunk
channel-protocol lacp
channel-group 30 mode active
interface TenGigabitEthernet1/1/2-3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50-54
switchport mode trunk
channel-protocol lacp
channel-group 30 mode active
Thanks for your time.
Jose

Question about Nexus 3548 vPC setup

Hi.
We have just installed our two first Nexus 3548 switches in our Catalyst environment. We want to set up a vPC domain between the Nexuses, to use for connections to storage and other equipment.
I have read the guide at http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html and tried setting it up. I created a vPC domain on both switches like this:
nexus1:
vpc domain 1
role priority 2000
system-priority 4000
peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
nexus2:
vpc domain 1
system-priority 4000
peer-keepalive destination 192.168.105.39 source 192.168.105.40 vrf default
The switches are connected with a port-channel consisting of 2x 10GE. The IP addresses above are the ones we use for managing the switches. When I configure the port-channel as "vpc peer-link", the vpc status looks OK:
vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
vPC Peer-link status
id   Port   Status Active vlans
1    Po2    up     1,6,100,102,106
The problem I have is that I lose connection to nexus2 when I bring up the vPC. I can no longer access it on its IP (192.168.105.40). I cannot ping it from nexus1 either. The Nexus switches are connected to our core switches, which are Catalyst 6509. nexus1 is connected to coreswitch1 using a portchannel of 2xGE and nexus2 is connected to coreswitch2 the same way. A spanning-tree cost has been set on the uplink from nexus2, to make spanning tree block that uplink, and allow traffic between the nexuses to go over the 2x 10GE portchannel instead of over the core switches. I have attached a drawing of this.
Maybe I shouldn't use the management IP:s for peer keepalive? Does the peer keepalive need to be on a different physical link than the peer-link?
Regards,
Johan

We are not using the management ports for management, but an ordinary Vlan Interface in the default vrf, as seen below. We can of course change that and instead use the mgmt0 port if that is the best approach.
vrf context management
vlan configuration 1,100
vlan 1
vlan 100
name DMMgmtPriv
vpc domain 1
role priority 2000
system-priority 4000
peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
interface Vlan1
interface Vlan100
no shutdown
no ip redirects
ip address 192.168.105.39/23

Nexus 5000 vPC suspended during reload delay period

Hi ,
after reloading on vPC-Peer-Switch be box comes up and all vPC-Member-Ports on the box are in suspended state until the reload delay time expired.
Unfortunately the link of the vPC-Member Ports are already up. This behaviour leads us in some problems if we connect a Cisco-UCS-FI with a LACP-Portchannel to a vPC on N5K.
Because the link of the suspended Port is up the FI detects the port also as up and running and set it to individual state, because of missing LACP-BPDUs, So at this time the FI hast two uplinks, one Port-Channel and one individual Ports. After 30 seconds the FI starts to repinning the servers over these two uplinks. Because the individual Port is not in forwarding state an the reloaded N5K until reload delay timer expired.
So during this period all the servers which are pinned to the individual Port are blackholed.
Possible Workarrounds
1. Creating a Pin-Group for the Port-Channel and pinning all Servers to this Pin-Group to avoid in case on channel-Member goes to individual state, any server is pinned to this individual Port . This could be a solution
2.Configuring the Port-Channel on FI for "suspend individual". Unfortunately I could not find a way to achive this. This would avoid that the individual Port is considered as possible uplink-port, so no pinning to the individual Port would happen.
3. Find a way that during the delay restore time on the suspended vPC-Member-Ports also the link is down. (In my opinion this would be the best way)
I am not sure if configuration of "individual suspend" on the vPC on the N5K would help.
any other ideas?
Hubert

What I really want is a command I can use to prevent VPC from turning off ports at all. I'd much rather have an active-active situation than have my entire network go down just because the primary VPC peer rebooted. VPC is not designed correctly to deal with that situation. And yes, it has happened. Multiple times with different VPC keepalive setups.

Nexus 7000 vPC suspended VLAN problem

I am trying to connect a Cat3560G switch to an N7K pair via a vPC. The VLANs I wish to trunk are being suspended, I am getting the following error messages:
2010 Jun 22 17:03:36 N7K-Core1 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 2,301 on Interface port-channel2 are being suspended. (Reason: Vlan is not allowed on Peer-link)
The VLANs do exist , but a STP instance isnt created for it (I am using RPVST);
N7K-Core1# sh vlan id 2
VLAN Name                             Status    Ports
2    VLAN0002                         active    Po2, Po75
N7K-Core1# sh spanning-tree vlan 2
ERROR: Spanning tree instance(s) for vlan does not exist.
Port       Vlans Err-disabled on Trunk
Eth1/9     none
Eth1/10    none
Eth1/17    2,301
Eth1/18    2,301
Eth1/25    2,301
Eth1/26    2,301
Eth2/2     none
Eth10/1    none
Eth10/2    2,301
Po2        2,301
Po75       2,301
Po99       none
The VLANs are allowed on the trunk (it by default allows all)
interface port-channel1
description * vPC Peer-Link *
vpc peer-link
spanning-tree port type network
I have turned off bridge assurance as a test but no no avail.
Any ideas?

I'm having the same issue between a pair of vPC'd 5020s going to a 6500 using a vPC.
All VLANs which are supposed to go over the trunk/vPC, are showing as err-disable on trunk. I've checked all configs and they are the same... allowed vlans match on all po interfaces and physical interfaces.
6509:
interface Port-channel78
description Connection to n5020s @ in the MDC
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 2240
switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024,2026,2240
switchport trunk allowed vlan add 2244,2248,2252,2254,4050,4052,4054
switchport mode trunk
end
N5020-1:
interface port-channel100
description Uplink to dist01 @ A building
switchport mode trunk
switchport trunk native vlan 2240
switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024
switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050
switchport trunk allowed vlan add 4052,4054
vpc 100
N5020-2:
interface port-channel100
description Uplink to dist01 @ A building
switchport mode trunk
switchport trunk native vlan 2240
switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024
switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050
switchport trunk allowed vlan add 4052,4054
vpc 100
All member ports reflect the correct config.
Both 5020s have the same config for the peer-link:
interface port-channel2
description VPC Peer-link
vpc peer-link
spanning-tree port type network
Output form 'show interface trunk"
n5020-1# sh int tru
Port          Native Status        Port
              Vlan                  Channel
Eth1/1        2240    trnk-bndl     Po100
Eth1/2        1       trnk-bndl     Po200
Eth1/17       2240    trnk-bndl     Po78
Eth1/18       2240    trnk-bndl     Po78
Eth1/19       2240    trnk-bndl     Po87
Eth1/20       2240    trnk-bndl     Po87
Po78          2240    trunking      --
Po87          2240    trunking      --
Po100         2240    trunking      --
Po200         1       trunking      --
Port          Vlans Allowed on Trunk
Eth1/1        2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Eth1/2        180-183
Eth1/17       180-183
Eth1/18       180-183
Eth1/19       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Eth1/20       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po78          180-183
Po87          2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po100         2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po200         180-183
Port          Vlans Err-disabled on Trunk
Eth1/1        2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Eth1/2        180-183
Eth1/17       180-183
Eth1/18       180-183
Eth1/19       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Eth1/20       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po78          180-183
Po87          2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po100         2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po200         180-183
Port          STP Forwarding
Eth1/1        none
Eth1/2        none
Eth1/17       none
Eth1/18       none
Eth1/19       none
Eth1/20       none
Po78          none
Po87          none
Po100         none
Po200         none
Thank you,
Chris Perkins
INX Inc.

Routing issue in Nexus 7009 due to vPC or hsrp

we have two site's, on first site we have two nexus 7009 switches (Nexus A & Nexus B) and other site is remote site having two 6500 switches. (design attached)
we are using hsrp on nexus switches and Active is Nexus A for all vlan’s
From one of my remote site user's (user's are in vlan 30 ) are not able to communicate with nexus site vlan 20 specially if host in vlan 20 take forwarding path from nexus switch B,
I can ping the vlan 20 both physical address's and gateway (vlan 20 configured in both nexus switch and using HSRP) from vlan 30 which configured on remote site 6500 switch
ospf with area 0 is the routing protocol running between both site.
vlan 10 we are using as a management vlan on both nexus switch that building neighbore ship with WAN router, it's means wan router have two neighbors nexus A and nexus B, but nexus B building the neigbhorship via a Nexus A because from WAN router we have single link which is terminated on Nexus A,
there is one layer 2 switch between nexus A and WAN router, nexus A site that switch port in vPC because we are planning to pull second link later to nexus B.
All user's are connected with edge switch and edge switch have a redundant uplink to nexus A and B with vPC configured
After troubleshooting we observe that if user in vlan 20 wants to communicate with vlan 30 (remote site), traffic is taking Nexus B is forwarding path, then gets drops.
I run the tracert from pc its showing route till SVI on Nexus B after that seems packets not finding route. Even vlan 30 routes are available in the routing table of Nexus B. we don’t have any access-list and Firewall between this path.

Hi,
I suspect in your scenario that traffic is being dropped due to the characteristics of vPC, the routing table on Nexus-B may reflect the next-hop address for the destination IP, however if that next-hop address is the address of the Nexus-A off of VLAN 20 then it will be forwarded across the vPC peer-link, this breaks the convention.
When you attach a Layer 3 device to a vPC domain, the peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported. If routing protocol adjacencies are needed between vPC peer devices and a generic Layer 3 device, you must use physical routed interfaces for the interconnection.
You can configure VLAN Interfaces for Layer 3 connectivity on the vPC peer devices to link to Layer 3 of the network for such applications as HSRP and PIM. However, Cisco recommend that you configure a separate Layer 3 link for routing from the vPC peer devices, rather than using a VLAN network interface for this purpose.
Take a look at the following URL, this article helps to explain the characteristics of vPC and routing over the peer-link:
http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
Regards
Allan.
Hope you find this is helpful.
Sent from Cisco Technical Support iPad App

Nexus 7K VPC

Similar Messages

Maybe you are looking for