Re: 2 servers can not reach via Nexus 3172T Chassis orphan port

Kwuenph · ‎07-25-2019

Hi all,

We're using 2 Nexus 3172T Chassis in vPC domain, 2 servers running esxi hosts, each server connect to 1 vPC N3k switch using 1 link.

All port-group and standard switch configuration in esxi are fine, but 2 vms in same subnet can not reach each other via vPC Switches.

Could someone help to clear this issue ?

          +-----------------+           +------------------+
          |     n3k1        + keep-alive|     n3k2         |
          |-----------------+-----------+------------------|
          |                 +-----------+                  |
          |                 |  vPC link |                  |
          |                 +-----------+                  |
          |      e 1/2      |           |       e 1/2      |
          +-------+---------+           +----------+-------+
                  |                                |
                  |                                |
                  | trk                      trk   |
                  |                                |
          +-------+------------+        +----------+--------+
          |  vSw-1             |        |   vSw-1           |
          +----------+---------+        |-----+-------------|
          |          |         |        |     +             |
          |          |         |        |     |             |
          |  +-------+-------+ |        | +---+-----------+ |
          |  |               | |        | |               | |
          |  | VM-1          | |        | | VM-2          | |
          |  |172.19.5.49/16 | |        | | 172.19.5.53/16| |
          |  +---------------+ |        | +---------------+ |
          |                    |        |  ESXi Host-2      |
          |   ESXi Host-1      |        +-------------------+
          +--------------------+

-------- N3k -1 vPC config--------

vpc domain 888
peer-switch
role priority 1
system-priority 4000
peer-keepalive destination 1.1.1.6 source 1.1.1.5 vrf KEEP-ALIVE
auto-recovery
ip arp synchronize

-----

BDT-HCM-N3K3# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 888
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : failed
Type-2 inconsistency reason : SVI type-2 configuration incompatible
vPC role : primary
Number of vPCs configured : 9
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po4096 up 1,10,20,30,40,50,691,693,696,706,712,878,1313-131
4,2000,3261-3262

----

show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN Orphan Ports
------- -------------------------
1 Eth1/2, Eth1/9, Eth1/11, Eth1/14, Eth1/16, Eth1/18,
Eth1/19, Eth1/21, Eth1/23
10 Eth1/2
20 Eth1/2
30 Eth1/2
40 Eth1/2
50 Eth1/2
691 Eth1/2
693 Eth1/2
696 Eth1/2
706 Eth1/2
712 Eth1/2
878 Eth1/2
1313 Eth1/2
1314 Eth1/2
2000 Eth1/2
3261 Eth1/2
3262 Eth1/2

-------- N3k -2 vPC config--------

vpc domain 888
peer-switch
role priority 2
system-priority 4000
peer-keepalive destination 1.1.1.5 source 1.1.1.6 vrf KEEP-ALIVE
auto-recovery
ip arp synchronize
vpc 3

-------------

show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 888
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : failed
Type-2 inconsistency reason : SVI type-2 configuration incompatible
vPC role : secondary
Number of vPCs configured : 9
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po4096 up 1,10,20,30,40,50,691,693,696,706,712,878,1313-131
4,2000,3261-3262

----

show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN Orphan Ports
------- -------------------------
1 Eth1/2, Eth1/9, Eth1/11, Eth1/13, Eth1/14, Eth1/15,
Eth1/16, Eth1/17, Eth1/18
10 Eth1/2
20 Eth1/2
30 Eth1/2
40 Eth1/2
50 Eth1/2
691 Eth1/2
693 Eth1/2
696 Eth1/2
706 Eth1/2
712 Eth1/2
878 Eth1/2
1313 Eth1/2
1314 Eth1/2
2000 Eth1/2
3261 Eth1/2
3262 Eth1/2

balaji.bandi · ‎07-28-2019

Do you have any HSRP running for this network :

172.19.5.x

where is the Gateway resides for this network ? and what vlan for this network ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Kwuenph · ‎07-28-2019

Thanks balaji.bandi for your response.

There is no HSRP in switches, just 2 servers in the same subnet access the same vlan 30

balaji.bandi · ‎07-29-2019

Is this only VLAN having issue or none working on Esxi side ?

Then we need to look the configuration on ports connected to Esxi both the side, please post the configuraiton.

Explain how Esxi vSW configured, and have you configured promiscuous mode ? and allowed all the VAN in that vSW.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Kwuenph · ‎07-29-2019

I've tried to Accept Promiscuous mode in both vSwitch.

None of VLANs work at all.

All configuration and testing case as in attachment file