09-01-2023 04:51 PM
Hello,
I am currently having the major fault "interface-vpc-down" showing in my vPC Policy Group. I am trying to understand it, since my VMs using this vPC CAN ping the Bridge Domain.
What is this error, and how could I fix it?
I am currently running ACI 5.2(7g) while the switches are using 14.2. (My switches can't go any more than this). Could this version mismatch be the cause of the vPC peering being faulty?
Here are some prints of some other errors that could be related:
09-01-2023 11:40 PM
Hi @BertiniB ,
Firstly, I'd advise against using APIC v5.x with switch software 14.x.
I wrote about this on my blog, youtube and facebook - see links below. Basically you run the risk of allowing ALL traffic to pass a contract if you have a filter for TCP port 22 defined.
But I can't say that the version mismatch is causing your problem. Instead, I'd be looking to see that the LAG protocol/method you are using matches at both ends. My suspicion is that one end is configured for LACP and the other is configured for something else.
References: Sorry for referring to my own blog, but I can't find any official Cisco documentation. The Facebook link is about as official as I can find.
https://rednectar.net/2020/09/05/aci-version-mismatch-alert-dont-use-v5-on-apic-and-v14-on-leaves/
https://www.youtube.com/watch?v=KCKj-eGBR5Y
https://www.facebook.com/groups/1028679983855301/permalink/3549697478420193/
09-02-2023 01:00 PM - edited 09-02-2023 01:04 PM
Thanks for the reply @RedNectar.
The other end is a UCS running ESXi, is necessary to configure anything on its side?
I am using vCenter.
EDIT: What you think could be the problem causing the Infra Tenant to be in critical Health Score?
09-02-2023 02:45 PM
Hi @BertiniB ,
The other end is a UCS running ESXi, is necessary to configure anything on its side?
That depends on what you have configured on the ACI side!!! Both sides must be compatible!
But often people don't use VPCs to connect dual attached ESXi hosts. Instead they
EDIT: What you think could be the problem causing the Infra Tenant to be in critical Health Score?
I didn't see any errors in the Infra tenant - at least in the ones that you posted. If you mean this image
https://community.cisco.com/t5/image/serverpage/image-id/195961iB003E24992AEBC94/
then the error is referring to the infra path of the MIT - if you look at the distinguished name of the VPC you will see something like
uni/infra/funcprof/accbundle-name_of_your_VPC
RedNectar's Forum Tip:
When posting on the forum, add your pictures inline - i.e. PASTE your picture right where you want it. If it is a screenshot, you'll probably then want to click on the image and make the image large - like this.
This means you pictures are actually SEEN (a) in the email that gets sent to subscribers and (b) anyone who looks at this post in the future. Adding pictures as attachments... puts your submission into the TL;DR category.
09-02-2023 03:03 PM - edited 09-02-2023 03:23 PM
Hi @RedNectar
I have the following setup:
Wouldn`t vPC be used?
So I would configure a vPC in the ACI side in "Interface Configuration" and in the vCenter I would create a LAG?
I did this (created a LAG and moved the NICs of the hosts to the LAG with LAC Active) and one Port-channel came up.
One did not, but I suspect that maybe the NIC of the one that didn`t come up is defective since it doesn`t even show in the cdp neighbors of leaf2 but shows duplicated in the cdp neighbors of leaf 1. Also someone who did this lab in the past here said that one of the NICs were acting strangely.
09-02-2023 03:17 PM
Update: It seems that changing the policy of vPC in ACI for both vPCs to MAC-Pinning instead of LACP-Active, the faults are removed and the show vpc brief shows both vPCs up.
So let me try to understand it. If I want to use LACP for the vPC I have to configure LACP also on the VDS in vCenter by creating the LAG interfaces and attaching the hosts NICs to them?
If I don`t want such additional complexity, I just use MAC-Pinning on the ACI side and I don`t have to do any additional configuration on the vCenter side?
Sorry for the basic questions, I am new to vPC and how it works.
09-02-2023 03:32 PM
Hi @BertiniB
Update: It seems that changing the policy of vPC in ACI for both vPCs to MAC-Pinning instead of LACP-Active, the faults are removed and the show vpc brief shows both vPCs up.So let me try to understand it. If I want to use LACP for the vPC I have to configure LACP also on the VDS in vCenter by creating the LAG interfaces and attaching the hosts NICs to them?
If I don`t want such additional complexity, I just use MAC-Pinning on the ACI side and I don`t have to do any additional configuration on the vCenter side?
Sorry for the basic questions, I am new to vPC and how it works.
You've nailed it! Well done.
MAC-Pinning is a great way to go. LACP is complicated to get right all the time
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide