Nexus 5596 svi - strange

Answered Question
May 26th, 2012

hi all,

I currently got 2 nexus 5596 to do some tests

First of all i wanted to create a management if without using mgmt0 (i use this if for vpc-peer)

So what i did is:

create a vlan

create a vrf

enable feature interface-vlan

create a interface vlan within this vrf and set a ip

enable a trunk with this vlan

on one of the nexus it works, on the other not .. really strange

vlan is up and got a spanning-tree forwarding port

but on the strange switch the layer 3 if is down/down

both switches are 5596 with 5.1.3

anyone ever experienced such an issue?

thanks!

I have this problem too.
0 votes
Correct Answer by ajnallicruz about 1 year 10 months ago

Hmm, sounds strange. Can you verify it came with the base license installed. I've seen that before where the base license didn't get installed and the switch wouldn't do something. I can't remember if it was that the SVI wouldn't come online or something else...

Sent from Cisco Technical Support iPad App

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
ajnallicruz Sat, 05/26/2012 - 08:55

Do you mean for the peer keepalive link? Do you have M or F cards?

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 09:11

Oh ya ><

It sounds like a vPC issue maybe.

What does a "sh vPC" on each switch show? Also, can you post the vPC and peer link config?

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 09:24

it have the same issue if i remove the vpc config und just add a normal trunk between both switches (even after wr er)

Here are some details (vlan 3801 is used for l3):

Working switch:

switch2# sho inter vlan 3801

Vlan3801 is up, line protocol is up

  Hardware is EtherSVI, address is  547f.ee09.e6c1

  Internet Address is 172.24.128.5/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec

switch2# sho vpc

Legend:

                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                   : 10

Peer status                     : peer adjacency formed ok

vPC keep-alive status           : peer is alive

Configuration consistency status: success

Per-vlan consistency status     : success

Type-2 consistency status       : success

vPC role                        : secondary, operational primary

Number of vPCs configured       : 1

Peer Gateway                    : Disabled

Dual-active excluded VLANs      : -

Graceful Consistency Check      : Enabled

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans

--   ----   ------ --------------------------------------------------

1    Po1    up     3801-3811

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

10     Po10        up     success     success                    3801-3811

on the other switch:

switch1# sho inter vlan 3801

Vlan3801 is down, line protocol is down

  Hardware is EtherSVI, address is  547f.ee2f.d2c1

  Internet Address is 172.24.128.6/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec

switch1# sho vpc

Legend:

                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                   : 10

Peer status                     : peer adjacency formed ok

vPC keep-alive status           : peer is alive

Configuration consistency status: success

Per-vlan consistency status     : success

Type-2 consistency status       : success

vPC role                        : primary, operational secondary

Number of vPCs configured       : 1

Peer Gateway                    : Disabled

Dual-active excluded VLANs      : -

Graceful Consistency Check      : Enabled

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans

--   ----   ------ --------------------------------------------------

1    Po1    up     3801-3811

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

10     Po10        up     success     success                    3801-3811

switch1# sho vlan id 3801

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

3801 vmware_mng                       active    Po1, Po10

switch1# sho feature | i enabled

fex                   1         enabled

interface-vlan        1         enabled

lacp                  1         enabled

lldp                  1         enabled

sshServer             1         enabled

telnetServer          1         enabled

udld                  1         enabled

vpc                   1         enabled

ronald.spicka@d... Sat, 05/26/2012 - 09:25

switch1:

interface Vlan3801

  no shutdown

  vrf member poc_vpc

  ip address 172.24.128.6/24

interface mgmt0

  vrf member management

  ip address 192.168.1.1/24

interface port-channel1

  switchport mode trunk

  switchport trunk allowed vlan 3801-3811

  spanning-tree port type network

  speed 10000

  vpc peer-link

Correct Answer
ajnallicruz Sat, 05/26/2012 - 10:01

Hmm, sounds strange. Can you verify it came with the base license installed. I've seen that before where the base license didn't get installed and the switch wouldn't do something. I can't remember if it was that the SVI wouldn't come online or something else...

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 10:08

there is a difference between both switches:

switch2:

LAN_BASE_SERVICES_PKG         No    -   Unused             -

switch1:

LAN_BASE_SERVICES_PKG         Yes   -   In use Never       -

hm, strange, if lan_base is in use l3 doesn't work .. does that make sense?

ajnallicruz Sat, 05/26/2012 - 10:14

Ya that makes sense. I've seen it before where the missing base license caused problems with some L3 feature, I just couldn't remember if it was specifically the SVI wouldn't go up.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 10:18

That's it

I cleared the license for LAN_BASE_SERVICES_PKG and now the interface is up

Thanks a lot for your help!

ajnallicruz Sat, 05/26/2012 - 10:24

No the L3 card requires the advanced license, the 5596 wont even recognize the L3 daughtercard without the advanced license, but there are basic L3 stuff the switch will do, apparently only with the base license.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 10:32

But the base lic is not installed and it works .. now i am getting confused

Feature                      Ins  Lic   Status Expiry Date Comments

LAN_BASE_SERVICES_PKG         No    -   Unused             -

ajnallicruz Sat, 05/26/2012 - 10:43

Hmm, that IS weird. Here's the licensing doc:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide_chapter_01.html

So the one WITH the base license installed was the one that wasn't working?

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 10:48

The grace period didn't kick in when you cleared the license did it?

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 10:52

not that i noticed. here's the output from clearing the lic:

clear license xxx.lic

Clearing license xxx.lic:

SERVER this_host ANY

VENDOR cisco

INCREMENT LAN_BASE_SERVICES_PKG cisco 1.0 permanent uncounted \

        VENDOR_STRING=MDS_SWIFTN55-BAS1K9= \

        HOSTID=VDH=xxx \

        NOTICE="xxx1 \

        " SIGN=xxx

Do you want to continue? (y/n) y

Clearing license ......2012 May 26 17:14:53 N5k5POC01 %$ VDC-1 %$ %LICMGR-1-LOG_LIC_LICENSE_EXPIRED: Evaluation license expired for feature LAN_BASE_SERVICES_PKG.

done

ajnallicruz Sat, 05/26/2012 - 11:05

what does your "sh license usage" look like now?

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 11:06

I'd try to reinstall the base license and see if it breaks again.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 11:11

befor installing the lic:

switch1# sho lic usage

Feature                      Ins  Lic   Status Expiry Date Comments

                                 Count

--------------------------------------------------------------------------------

FCOE_NPV_PKG                  No    -   Unused             -

FM_SERVER_PKG                 Yes   -   Unused 21 Jan 2013 -

ENTERPRISE_PKG                Yes   -   Unused 03 May 2013 -

FC_FEATURES_PKG               Yes   -   Unused 03 May 2013 -

VMFEX_FEATURE_PKG             No    -   Unused             -

ENHANCED_LAYER2_PKG           Yes   -   Unused 21 Jan 2013 -

LAN_BASE_SERVICES_PKG         No    -   Unused             -

LAN_ENTERPRISE_SERVICES_PKG   Yes   -   Unused Never       -

--------------------------------------------------------------------------------

after installing:

N5k5POC01# sho lic usage

Feature                      Ins  Lic   Status Expiry Date Comments

                                 Count

--------------------------------------------------------------------------------

FCOE_NPV_PKG                  No    -   Unused             -

FM_SERVER_PKG                 Yes   -   Unused 21 Jan 2013 -

ENTERPRISE_PKG                Yes   -   Unused 03 May 2013 -

FC_FEATURES_PKG               Yes   -   Unused 03 May 2013 -

VMFEX_FEATURE_PKG             No    -   Unused             -

ENHANCED_LAYER2_PKG           Yes   -   Unused 21 Jan 2013 -

LAN_BASE_SERVICES_PKG         Yes   -   In use Never       -

LAN_ENTERPRISE_SERVICES_PKG   Yes   -   Unused Never       -

--------------------------------------------------------------------------------

switch1# sho inter vlan 3811

Vlan3811 is down, line protocol is down

Installing the base lic breaks the svi

ajnallicruz Sat, 05/26/2012 - 11:21

I wonder if the enterprise license is inclusive or incremental. With the base license cleared see if you still have HSRP commands. If so we know its inclusive and I'd just leave the base license uninstalled since you have the enterprise license.

I don't remember having trouble with both licenses, but the few 5596 implementations I've done with a L3 daughtercard/enterprise license I've never really paid attention if the base license is installed as well, I just always assumed it was.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 11:28

i just cleared all licenses, l3 if is up, but i dont have any hsrp features ..  also tried reloading the switch, no change

i am not sure, but does the 5596 support hsrp without a l3 daughter card?

i think the base lic is only used when this l3 card is installed

ajnallicruz Sat, 05/26/2012 - 11:39

Yes, HSRP is part of the base license, it does not require the L3 card. The L3 card basically expands the routing table and improves forwarding. The L3 daughtercard requires the enterprise license.

Did you buy the enterprise license? If so, what I meant was keep the enterprise license installed, clear the base license and see if the HSRP commands are available. If they are then we know the enterprise license covers all the base license stuff and you can leave it like that.

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 11:46

CORRECTION:

The L3 card requires the base license to be installed, not the enterprise. But, the base license doesn't require the L3 card.

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 11:52

I dunno, maybe I'm going crazy and all L3 feature require the L3 expansion module... I'm digging around the internet...

Sent from Cisco Technical Support iPad App

ajnallicruz Sat, 05/26/2012 - 11:57

Yeah, I totally miss-read the datasheets, the V2 expansion card expands the routing table from the previous version, not that its the only thing it does. And now that I think about it, the only 5500 implementations I've done that included routing have also had the L3 card :\

I'm post sales not pre-sales so I don't usually have to deal with that stuff ><

Anyway, looks like if you need to route between those vlans you're going to have to bounce it off a router or install the L3 expansion module.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 12:02

i just need the interfaces for managing the switch and do the tacacs auth over it .. and that seems to work

but it seems, the 5596 has some basic l3 functionality without the l3 daughter card

ajnallicruz Sat, 05/26/2012 - 12:06

ya it does, you should be able to get the SVI online for management, you just wouldn't be able to use a routing protocol or route between SVIs.

Really weird though that if they require the L3 card the SVI would come online with the enterprise license and without the base license.

I'm really curious, with the enterprise license installed does it let you configure any routing protocols?

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 12:12

this thing is a bit strange

with enterprise without base lic:

feature eigrp

No available license - LAN_BASE_SERVICES_PKG error Feature does not have an inst

alled license

with both lic installed i can enable eigrp:

router eigrp 10

  vrf poc_vpc

    address-family ipv4 unicast

      autonomous-system 123

but the svi is down

ajnallicruz Sat, 05/26/2012 - 12:23

Ya so it sounds like what it's doing is without the licensing you can use the svi for management, but you can't route because you can't enable the routing protocol features. Once you install the licensing it then says nice try, even though you can now enable/configure the feature I'll just kill the SVI because you still need the L3 card. You'd think instead of killing the SVI they'd just add in an additional check for the card when you try to enable the routing protocol feature.

Weird.

Sent from Cisco Technical Support iPad App

ronald.spicka@d... Sat, 05/26/2012 - 12:26

Agree. Would be nice if there was a warning that you need a L3 card for this features.

But the management works now, thanks for your support

ronald.spicka@d... Sat, 05/26/2012 - 12:00

i installed the enterprise lic and the interface is up .. hsrp works, but i forgot to enable the feature

But hsrp seems to work without a license (tried it on the other switch where no base/enterprice lic is installed)

pankudin Wed, 02/27/2013 - 06:46

To reduce confusion around:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_2_1_N1_1/Nexus5000_Release_Notes_5_2_1_N1.html#wp355966

So, L3 interfaces (including SVI) are not supported without L3 module or "management" keyword under SVI configuration.

LAN_BASE_SERVICES_PKG license is necessary when L3 module is installed and activates additional processes on 5k.

If you do not have L3 module on you device - please do not try to fix that just by removing LAN_BASE_SERVICES_PKG. Removing this license without module is good idea, but you still have to configure "management" under SVI.

Actions

Login or Register to take actions

This Discussion

Posted May 26, 2012 at 3:34 AM
Stats:
Replies:32 Avg. Rating:5
Views:2722 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55