Hi RedNectar,

   Thanks for your help, the VPC Interface Policy Group is already linked to an AAEP that is linked to a L3 Domain that is tied to a L3Out, as below, and I can see both vpc nodes and the interfaces used in vpc, but still the path box is not including any thing.

is there is a way I can write it in the box, instead of selecting the interface policy group?

Hi @most_ahdy 

What you can do to verify that the vpc is actually configured, is to connect on Leaf-1 and Leaf-2 and use these commands:

show vpc
show port-channel summary 

If your port-channel is formed and up, and associated to a VPC, then you have a GUI issue.

If you don't see the port-channel formed, the one thing left to be verified is the vpc domain config (Fabric > Access Policies  > Policies >  Switch > Virtual Port Channel Default)

Stay safe,

Sergiu

Hi @Sergiu.Daniluk 

So the port-channel must be up with the other side in order to see it in the path box, right?

vpc domain config (Fabric > Access Policies  > Policies >  Switch > Virtual Port Channel Default)  is ok

If the 

I don't think it needs to be up, but it should be at least `configured`.

What do you see in the commands output?

@Sergiu.Daniluk 

The vpc is ok as below

show vpc extended:

# show vpc extended
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 101
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary, operational secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -

vPC status
-------------------------------------------------------------------------------- -
id Port Status Consistency Reason Active vlans Bndl Grp Name
-- ---- ------ ----------- ------ -------------------- --------------- -

345 Po5 down* success success - Core-PG

7 Po7 down* success success - VxrailTierPG

Hi @most_ahdy ,

Good morning. Seems there's been a bit more discussion overnight.  While @Sergiu.Daniluk seems to be concentrating on the physical side of things, I'm still not 100% convinced that it is not an Access Policy Chain issue, especially since you say you are having problems with EPG assignment as well.

Random thought: You haven't upgraded your system to APIC v6.0 have you? We tried that, strange things happened (we lost sight of FEX ports in ND) so we rolled back.

Back to TS. from the APIC, can you run this command: (it's a reallllllly wide output, so make sure you set your terminal width to at least 176 chars before running the command - and as well as pasting the output, attach it as a text file as well [=I'm really p...d off that Cisco has removed the ability to paste pre-formatted code with horizontal scroll])

apic1# show vpc map

This will prove that your VPC Interface Policy Group has been applied to both Leaf 101 and Leaf 103 

Again from the APIC

apic1# fabric 101,103 show port-channel summary

This will prove that your VPC is up on both leaves - you are looking for the (P) after the interface names.

However these commands are just the beginning - and really just re-enforcing @Sergiu.Daniluk's line of thinking.

To follow the FULL ACCESS POLICY CHAIN, you need the GUI

1. Locate the Leaf Profile for leaf 101 and 103 [I HOPE there is a single leaf profile for both switches]
2. In the work pane, double-click the listed Associated Interface Selector Profile (which will actually be a Leaf Profile - there is NO SUCH OBJECT IN ACI CALLED Interface Selector Profile) [I HOPE there is a single Interface Profile listed]
3. When the Interface Profile opens, locate the Interface Selector that represents your port-channel, and double-click it. This will take you to the Access Port Selector page (don't you just love Cisco's naming consistency?)
4. In the Access Port Selector page, locate the Policy Group, and click the external link button 
   

    

5. This will open a pop-up for your VPC Interface Policy group. On this screen, verify:
   1. The Link Aggregation Type is indeed Virtual Port Channel (VPC)
   2. The Port Channel Policy is a policy that sets LACP to Active (use the external link button to check)
      [Actually, this step has already been verified by the CLI commands, but I'm leaving it here for future readers]
   3. There is indeed a value in the Attached Entity Profile (even though there is NO SUCH OBJECT IN ACI CALLED Attached Entity Profile - instead what you SHOULD see there is an Attachable Access Entity Profile)
6. Click on the external-link button next to the Attachable Access Entity Profile name. This will open a pop-up page for the  Attachable Access Entity Profile 
7. In the Attachable Access Entity Profile page, locate your L3 Domain in the list of Domains for this AAEP.  You can identify that it is a L3 dDomain because it will have (L3) after the name. Double-click on the L3 Domain name. This will open the page for your L3 Domain Profile
8. In the L3 Domain Profile page, locate the VLAN Pool and click the external-link icon next to it. This will open a pop-up page showing your VLAN Pool values
9. In the VLAN Pool page, validate that
   1. The Allocation Method is Static (although with v5.2 onwards it doesn't matter)
   2. The VLANs you wish to use are listed.

If all of the above works as expected, then I'm stumped.

[Edit: 7:38am] Is this related to your issue you had connecting a VPC to an ESXi?  If so, in my step 5.2 above (The Port Channel Policy is a policy that sets LACP to Active) should probably be 
The Port Channel Policy is a policy that sets the policy to MAC Pinning

[/Edit]

Hi @Sergiu.Daniluk 

Thank you for your information, regrading CLI command, I can not provide the output this week, so later I'll share it

if any faults are seen on APIC related to leafs/interfaces/po/vpc.    No I cant see any faults, as in each step covered by @RedNectar  I check the faults tab and I can not see any faults,

My be it something related to this bug

https://bst.cisco.com/bugsearch/bug/CSCvn15506

I wonder if I can enter the vpc policy group manually instead of selecting it

Related to bug, one of the condition is to use "quick start" wizards to configure vpcs. Did you configured them with the wizard or manually? Based on the policies/profiles names, I would say manually, but you can confirm it. And if is like this, bug can be ignored. It's not that one.

I used both manual and wizard, and in both I can not select the vpc interface policy group

@Sergiu.Daniluk 

if any faults are seen on APIC related to leafs/interfaces/po/vpc.

Yes this the issue there was a fault to the interface selector, I enter wrong interfaces IDs

Thanks for your support

@RedNectar Thanks for your detailed information.

I haven't upgraded to APIC v6.0. my version is 5.1(4c)

For CLI output I would not be able to send them this week, I'll send them when available.

1. Locate the Leaf Profile for leaf 101 and 103 [I HOPE there is a single leaf profile for both switches --> yes

2. In the work pane, double-click the listed Associated Interface Selector Profile (which will actually be a Leaf Profile - there is NO SUCH OBJECT IN ACI CALLED Interface Selector Profile) [I HOPE there is a single Interface Profile listed] there is more than one interface profile listed

3. When the Interface Profile opens, locate the Interface Selector that represents your port-channel, and double-click it. This will take you to the Access Port Selector page (don't you just love Cisco's naming consistency?) No

4. In the Access Port Selector page, locate the Policy Group, and click the external link button

This will open a pop-up for your VPC Interface Policy group. On this screen, verify:

1. The Link Aggregation Type is indeed Virtual Port Channel (VPC): yes ok
2. The Port Channel Policy is a policy that sets LACP to Active (use the external link button to check) yes ok

Click on the external-link button next to the Attachable Access Entity Profile name. This will open a pop-up page for the  Attachable Access Entity Profile 

In the Attachable Access Entity Profilepage, locate your L3 Domain in the list of Domainsfor this AAEP.  You can identify that it is a L3 dDomain because it will have (L3)after the name. Double-click on the L3 Domainname. This will open the page for yourL3 Domain Profile   Ok

In the L3 Domain Profile page, locate the VLAN Pool and click the external-link icon next to it. This will open a pop-up page showing your VLAN Pool values

1. In the VLAN Pool page, validate that
   1. The Allocation Method is Static (although with v5.2 onwards it doesn't matter) OK
   2. The VLANs you wish to use are listed. OK

      Is this related to your issue you had connecting a VPC to an ESXi?  If so, in my step 5.2 above (The Port Channel Policy is a policy that sets LACP to Active) should probably be 
      The Port Channel Policy is a policy that sets the policy to MAC Pinning     No, it is VPC to Cat9500 core switch