Hi there. We have nexus 5000 switches uplinked to our core VSS switches. We have recently paired up our nexus 5000 switches and enabled vPC. For example S1 and S2 are now connected via po20 which is the vPC peer link. I have noticed that spanning tree on switch S2 is now blocking on the uplink interface to the VSS, which means that all traffic destined to servers connected off the S2 has to pass through switch S1 and across the vPC link. The vPC link is 2x 10gig bundle. The uplink to the VSS is 4x10gig bundle. The VSS is the root bridge for all vlans.
I have tried changing port costs and port priority so that S2 forwards via the VSS and not over the vPC link but nothing i change can make the VSS uplink port move to forwarding state.
The VSS is running standard PVST, which is required due to legacy attached switches. Is this an interoperability issue between versions of spanning tree running on the nexus and VSS? Or is this behaviour correct due to the bridge assurance feature enabled on the nexus? Obviously this is not a good solution as we want all traffic from the core to the servers to go via the nexus that the servers are attached to.
Has anyone came across this issue before? Or can anyone please advise of a solution to this problem?
Hi there, please see a reply I recieved on another forum from a Cisco engineer. Basically, it is working correctly just that you have to include all uplinks in the vPC setup or else the device (my VSS) sees the nexus5010s as individual switches and spanning tree blocks one of the paths.:
There are two basic topologies that you can create between VSS and vPC (see below) . In the first there is a single port channel on both sides and in the second there are two port channels. In the second case which is what I think you are using there is still a L2 loop and STP will block one of the two port channels. Can you try a confguration with a single port channel on the VSS side with all 8 interfaces (Te1/2/1, Te1/5/5, Te2/1/7, Te2/2/2, Te1/1/5, Te1/2/5, Te2/1/6, Te2/2/6) and then a single vPC port channel on the N5K side (use vPC to tie the the existing po12 on Nexus-S2 - Eth1/1, Eth1/2, Eth1/3, Eth1/4 & the other port channel on the Nexus-S1 - Eth1/1, Eth1/2, Eth1/3, Eth1/4 together into a single 8 port MCEC). This should logically look like case 1 below.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...