05-07-2017 11:07 PM - edited 03-01-2019 05:13 AM
Hi Guys,
I've connected my test UCS to my test ACI fabric using a vPC per fabric interconnect on my two leaf nodes, and I've connected my test ACI fabric to my N7K pair core using a double-sided vPC to my leaf nodes.
I've created a single BD containing a single EPG and a single VLAN and have deployed the EPG onto the three vPCs (UCS-A-vPC, UCS-B-vPC, and N7K-vPC) using the single VLAN ID as the primary encapsulation.
Unfortunately, the single VLAN trunked on the N7K vPC is entering a blocking state almost immediately on enabling the vPC - I can only assume that BPDUs by the ACI fabric on the N7K vPC are being re-broadcast back out the same vPC.
What is the correct spanning-tree port type and bpduguard/bpdufilter configuration that should be used on an N7K layer 2 vPC to the ACI fabric.
Apologies if this is a stupid question, but I can't seem to find this information documented in any white paper, guide, or best practice.
Cheers,
-Luke
Solved! Go to Solution.
05-08-2017 12:33 AM
Hi Luke,
we have this working on an N7k vPC pair connecting to an ACI fabric:
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan <x,y,z>
spanning-tree port type edge trunk
spanning-tree bpdufilter enable
mtu 9216
vpc 1
Hope this helps
Nik
05-08-2017 12:33 AM
Hi Luke,
we have this working on an N7k vPC pair connecting to an ACI fabric:
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan <x,y,z>
spanning-tree port type edge trunk
spanning-tree bpdufilter enable
mtu 9216
vpc 1
Hope this helps
Nik
05-08-2017 06:06 PM
Thanks Nik, that solved the problem of the N7K vPC entering a blocking state.
However, I found it was also necessary to enable legacy mode on my bridge domain specifying the single VLAN - on checking, I found that the VLAN wasn't being programmed onto the interfaces/vPCs on which the EPG had been statically deployed, although I'm not sure why.
Cheers,
-Luke
05-08-2017 06:52 PM
As a follow-up; I disabled legacy mode on the BD and selected the "Enable Infrastructure VLAN" checkbox in the "default" AAEP (accidentally - I was meaning to enable it in the AAEP associated with the physical domain being used), and surprisingly this seems to have now programmed the VLAN onto the leaves (e.g. sh vlan extended).
I'm not sure how or why this worked - it continued working after I unselected the "enable Infrastructure VLAN" checkbox and I wasn't able to re-produce the issue seen.
05-09-2017 02:31 AM
My All Dear friends,
Could you please help me, I wan to join CCIE Data center classes.I have got new job on Data center but i don't have good command of Nexus.But my expertise in Routing and Switching.
Could you please help me to find best Nexus trainer.
#Thank you so much#
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: