Hello,
I am currently having the major fault "interface-vpc-down" showing in my vPC Policy Group. I am trying to understand it, since my VMs using this vPC CAN ping the Bridge Domain.
What is this error, and how could I fix it?
I am currently running ACI 5.2(7g) while the switches are using 14.2. (My switches can't go any more than this). Could this version mismatch be the cause of the vPC peering being faulty?
Here are some prints of some other errors that could be related:
Hi @BertiniB ,
The other end is a UCS running ESXi, is necessary to configure anything on its side?
That depends on what you have configured on the ACI side!!! Both sides must be compatible!
- If you have configured LACP Active on the ACI side, the ESXi needs to be configured with LACP Active or LACP Passive (See https://kb.vmware.com/s/article/1004048)
- If you have configured LACP Passive on the ACI side, the ESXi needs to be configured with LACP Active
- If you have configured any of the other non-LACP options (Static ON, MAC Pinning, Explicit) on the ACI side, then don't enable LACP on the ESXi
But often people don't use VPCs to connect dual attached ESXi hosts. Instead they
- create a standard Access Port Policy Group - called say ESXi_APPG and set it up with CDP/LLDP etc (LLDP recommended if using VMM integration) and apply that APPG to both interfaces that connect to the ESXi.
- configure Teaming and failover on the vSwitch on the ESXi for Route based on originating virtual port or Route based on source MAC hash
vSwitch config -not from ACI but same config
EDIT: What you think could be the problem causing the Infra Tenant to be in critical Health Score?
I didn't see any errors in the Infra tenant - at least in the ones that you posted. If you mean this image
https://community.cisco.com/t5/image/serverpage/image-id/195961iB003E24992AEBC94/
then the error is referring to the infra path of the MIT - if you look at the distinguished name of the VPC you will see something like
uni/infra/funcprof/accbundle-name_of_your_VPC
RedNectar's Forum Tip:
When posting on the forum, add your pictures inline - i.e. PASTE your picture right where you want it. If it is a screenshot, you'll probably then want to click on the image and make the image large - like this.
This means you pictures are actually SEEN (a) in the email that gets sent to subscribers and (b) anyone who looks at this post in the future. Adding pictures as attachments... puts your submission into the TL;DR category.
Hi @RedNectar
I have the following setup:
Wouldn`t vPC be used?
So I would configure a vPC in the ACI side in "Interface Configuration" and in the vCenter I would create a LAG?
I did this (created a LAG and moved the NICs of the hosts to the LAG with LAC Active) and one Port-channel came up.
One did not, but I suspect that maybe the NIC of the one that didn`t come up is defective since it doesn`t even show in the cdp neighbors of leaf2 but shows duplicated in the cdp neighbors of leaf 1. Also someone who did this lab in the past here said that one of the NICs were acting strangely.
Update: It seems that changing the policy of vPC in ACI for both vPCs to MAC-Pinning instead of LACP-Active, the faults are removed and the show vpc brief shows both vPCs up.
So let me try to understand it. If I want to use LACP for the vPC I have to configure LACP also on the VDS in vCenter by creating the LAG interfaces and attaching the hosts NICs to them?
If I don`t want such additional complexity, I just use MAC-Pinning on the ACI side and I don`t have to do any additional configuration on the vCenter side?
Sorry for the basic questions, I am new to vPC and how it works.
