06-21-2012 05:49 AM - edited 03-07-2019 07:22 AM
Hi
I have very strange problem. I have two NK5-C5548UP-Fa where I need to implement the vpc features. I want my peer link go over an SVI. I have Port-Channel 100 configured as a trunk with 3 vlans in it (my VPC-Peer Vlan included in a seperate VRF, and two data vlans).
I have set up the vpc domain 1 and configured the peer-keepalive source, destination and vrf. All seemed fine.
So I had a connection between those Switches and could ping each way in my SVI.
In the moment i set the command vpc peer-link in the port-channel the vlans in the trunk went on err-disable and I lost connection.
SWITCH# sh int trunk
--------------------------------------------------------------------------------
Port Native Status Port
Vlan Channel
--------------------------------------------------------------------------------
Eth1/1 1 trnk-bndl Po100
Eth1/17 1 trnk-bndl Po100
Po100 1 trunking --
--------------------------------------------------------------------------------
Port Vlans Allowed on Trunk
--------------------------------------------------------------------------------
Eth1/1 410-412
Eth1/17 410-412
Po100 410-412
--------------------------------------------------------------------------------
Port Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/1 410-412
Eth1/17 410-412
Po100 410-412
I have the following message in the log:
2012 Jun 21 09:42:31 SWITCH %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 4
10-412 on Interface port-channel100 are being suspended. (Reason: peer-keepalive
not operational, peer never alive)
And I've seen this in debug vpc peer-keepalive
SWITCH(config-if)# 2012 Jun 21 11:58:46.742933 vpc: Added 3 vlans to loc cfg list
2012 Jun 21 11:58:46.743004 vpc: Saving the MCT [1] context in PSS
2012 Jun 21 11:58:46.747084 vpc: Vlans [410-412] in Error vlan list for MCT
Anybody some Ideas how to fix this?
I use this NX-OS: n5000-uk9.5.1.3.N2.1.bin
I am pretty sure, the config is fine... but somewhere I am missing something.
Thanks Chris
Solved! Go to Solution.
06-21-2012 08:48 AM
Hi Christoph
I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.
Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:
HTH,
Alex
06-21-2012 06:38 AM
Hi,
Can you post your config?
06-21-2012 07:21 AM
feature interface-vlan
feature lacp
feature vpc
vrf context VPC-PEER
vrf context management
ip route 0.0.0.0/0 192.168.10.1
vlan 1
vlan 410
name VPC-PEER
vlan 411
name VMotion
vlan 412
name Storage
vpc domain 1
role priority 100
system-priority 100
peer-keepalive destination 192.168.0.2 source 192.168.0.1 vrf VPC-PEER
peer-config-check-bypass
auto-recovery
interface port-channel100
description VPC-Peer-Link
switchport mode trunk
switchport trunk allowed vlan 410-412
spanning-tree port type network
spanning-tree guard loop
speed 10000
vpc peer-link
interface Ethernet1/1
description SWITCH2,Eth1/1
switchport mode trunk
switchport trunk allowed vlan 410-412
channel-group 100 mode active
interface Ethernet1/17
description SWITCH2,Eth1/17
switchport mode trunk
switchport trunk allowed vlan 410-412
channel-group 100 mode active
interface mgmt0
description Mgmt-Vlan
ip address 192.168.10.25/24
I figured out that I can set up the VCP-Peer over the mgmt0 Interface. Then I can switch the configuration to my SVI and it works. But after a reload of the whole system, I have the same problem.
I guess the peer must go over mgmt0
06-21-2012 08:11 AM
I don't see your VPC domain config:
Have a look at this sample config and make the necessary changes to reflect your environment
! enable features
feature vpc
feature lacp
! Define a vrf for the keepalive traffic
vrf context vpc-ka
! Configure vpc domain - this switch (in the vpc-ka vrf) is 10.0.0.1; its partner is 10.0.0.2
vpc domain 1
role priority 100
system-priority 100
peer-keeplive destination 10.0.0.2 source 10.0.0.1 vrf vpc-ka
peer-gateway
! Configure the VPC keepalive interface (port-channel or single interface)
interface Ethernet 1/1
vrf member vpc-ka
ip address 10.0.0.1/31
no shutdown
! Configure the layer 2 interchassis peer-link
interface Ethernet 2/1
channel-group 1 force mode active
no shutdown
interface Ethernet 3/1
channel-group 1 force mode active
no shutdown
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan a,b,c
vpc peer-link
spanning-tree port type normal
no shut
! Configure the actual vPC facing the downstream device
! For the 'vpc xxx' command:
! 1) use a different xxx for each port-channel to a downstream device;
! 2) ensure that the 'partner' port-channel on DST2 uses the same xxx;
! 3) xxx has nothing to do with the vpc domain number configured earlier.
!
interface Ethernet 2/8
channel-group 2 force mode active
no shut
interface Ethernet 3/8
channel-group 2 force mode active
no shut
interface port-channel2
switchport
switchport mode trunk
switchport trunk allowed vlan a,b,c
vpc 102
no shut
06-21-2012 08:48 AM
Hi Christoph
I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.
Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:
HTH,
Alex
06-22-2012 02:01 AM
Hey
I've done it now with the recommended solution. I am still confused why it doesn't work with the SVI, as I had my own VRF. I think the SVI must not run on the actuall VPC Peer Link. I think thats the point.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: