cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3287
Views
10
Helpful
5
Replies

cannot create vpc peerlink between 2 NK5-C5548UP-Fa

Hi

I have very strange problem. I have two NK5-C5548UP-Fa where I need to implement the vpc features. I want my peer link go over an SVI. I have Port-Channel 100 configured as a trunk with 3 vlans in it (my VPC-Peer Vlan included in a seperate VRF, and two data vlans).

I have set up the vpc domain 1 and configured the peer-keepalive source, destination and vrf. All seemed fine.

So I had a connection between those Switches and could ping each way in my SVI.

In the moment i set the command vpc peer-link in the port-channel the vlans in the trunk went on err-disable and I lost connection.

SWITCH# sh int trunk

--------------------------------------------------------------------------------

Port          Native  Status        Port

              Vlan                  Channel

--------------------------------------------------------------------------------

Eth1/1        1       trnk-bndl     Po100

Eth1/17       1       trnk-bndl     Po100

Po100         1       trunking      --

--------------------------------------------------------------------------------

Port          Vlans Allowed on Trunk

--------------------------------------------------------------------------------

Eth1/1        410-412

Eth1/17       410-412

Po100         410-412

--------------------------------------------------------------------------------

Port          Vlans Err-disabled on Trunk

--------------------------------------------------------------------------------

Eth1/1        410-412

Eth1/17       410-412

Po100         410-412

I have the following message in the log:

2012 Jun 21 09:42:31 SWITCH %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 4

10-412 on Interface port-channel100 are being suspended. (Reason: peer-keepalive

not operational, peer never alive)

And I've seen this in debug vpc peer-keepalive

SWITCH(config-if)# 2012 Jun 21 11:58:46.742933 vpc: Added 3 vlans to loc cfg list

2012 Jun 21 11:58:46.743004 vpc: Saving the MCT [1] context in PSS

2012 Jun 21 11:58:46.747084 vpc: Vlans [410-412] in Error vlan list for MCT

Anybody some Ideas how to fix this?

I use this NX-OS: n5000-uk9.5.1.3.N2.1.bin

I am pretty sure, the config is fine... but somewhere I am missing something.

Thanks Chris

1 Accepted Solution

Accepted Solutions

Hi Christoph

I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.

Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999392

HTH,

Alex

View solution in original post

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Can you post your config?

feature interface-vlan

feature lacp

feature vpc

vrf context VPC-PEER

vrf context management

  ip route 0.0.0.0/0 192.168.10.1

vlan 1

vlan 410

  name VPC-PEER

vlan 411

  name VMotion

vlan 412

  name Storage

vpc domain 1

  role priority 100

  system-priority 100

  peer-keepalive destination 192.168.0.2 source 192.168.0.1 vrf VPC-PEER

  peer-config-check-bypass

  auto-recovery

interface port-channel100

  description VPC-Peer-Link

  switchport mode trunk

  switchport trunk allowed vlan 410-412

  spanning-tree port type network

  spanning-tree guard loop

  speed 10000

  vpc peer-link

interface Ethernet1/1

  description SWITCH2,Eth1/1

  switchport mode trunk

  switchport trunk allowed vlan 410-412

  channel-group 100 mode active

interface Ethernet1/17

  description SWITCH2,Eth1/17

  switchport mode trunk

  switchport trunk allowed vlan 410-412

  channel-group 100 mode active

interface mgmt0

  description Mgmt-Vlan

  ip address 192.168.10.25/24

I figured out that I can set up the VCP-Peer over the mgmt0 Interface. Then I can switch the configuration to my SVI and it works. But after a reload of the whole system, I have the same problem.

I guess the peer must go over mgmt0

I don't see your VPC domain config:

Have a look at this sample config and make the necessary changes to reflect your environment

! enable features

feature vpc

feature lacp

! Define a vrf for the keepalive traffic

vrf context vpc-ka

! Configure vpc domain - this switch (in the vpc-ka vrf) is 10.0.0.1; its partner is 10.0.0.2

vpc domain 1

role priority 100

system-priority 100

peer-keeplive destination 10.0.0.2 source 10.0.0.1 vrf vpc-ka

peer-gateway

! Configure the VPC keepalive interface (port-channel or single interface)

interface Ethernet 1/1

vrf member vpc-ka

ip address 10.0.0.1/31

no shutdown

! Configure the layer 2 interchassis peer-link

interface Ethernet 2/1

channel-group 1 force mode active

no shutdown

interface Ethernet 3/1

channel-group 1 force mode active

no shutdown

interface port-channel1

switchport

switchport mode trunk

switchport trunk allowed vlan a,b,c

vpc peer-link

spanning-tree port type normal

no shut

! Configure the actual vPC facing the downstream device

! For the 'vpc  xxx' command:

! 1) use a different xxx for each port-channel to a downstream device;

! 2) ensure that the 'partner' port-channel on DST2 uses the same xxx;

! 3) xxx has nothing to do with the vpc domain number configured earlier.

!

interface Ethernet 2/8

channel-group 2 force mode active

no shut

interface Ethernet 3/8

channel-group 2 force mode active

no shut

interface port-channel2

switchport

switchport mode trunk

switchport trunk allowed vlan a,b,c

vpc 102

no shut

Hi Christoph

I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.

Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999392

HTH,

Alex

Hey

I've done it now with the recommended solution. I am still confused why it doesn't work with the SVI, as I had my own VRF. I think the SVI must not run on the actuall VPC Peer Link. I think thats the point.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco