Showing results for 
Search instead for 
Did you mean: 


HSRP with Nexus VPC


We have a slightly odd design, which is just in place for a temporary amount of time during a migration. Diagram below.




The issue we are seeing is that some virtual machines connected to the access switch in vlan 10 are unable to access servers in vlan 11.

Having a VPC vlan single attached is not best practice but I am sure this should work. I have peer gateway enabled. If I add a second link to the access switch to connect to Nexus 2 I am certain it will fix the issue but we really do not want to have to do this. I am also interested as to why it does not work. Running Nexus 9k on very recent code.


Thoughts welcome.

VIP Engager

Hi @AdamDownie12 

First, just wanted to let you know that the design as you draw, should work without a problem.

There are few questions which can help in troublehsooting:

  • was it working before? if yes, what changes have you made before it stopped working?
  • is this a new configuration?
  • do you have other vlans which are working in this setup?
  • do you have other vlans which are not working in this setup?

This you will have to check to confirm that everything works as expected:

  • is the vpc domain up?
  • is the vpc port-channel up on both peers?
  • is the APR resolved for VMs in both vlan 10 and 11, on both peers?
  • is the HSRP neighborship for both vlan 10 and 11 up?
  • Is the HSRP VIP correctly configured as default GW for all VMs (and not the IP address of HSRP active or standby)?
  • Is the subnet mask correctly configured on all VMs?
  • What are the results if you ping:

- from VMs in VLAN 10, both vpc attached and orphan ports attached:

    - HSRP VIP for vlan 10 and 11

    - real IP of SVI 10 and SVI 11 of both vpc peers

- from VMs in VLAN 11, both vpc attached and orphan ports attached:

    - HSRP VIP for vlan 10 and 11

    - real IP of SVI 10 and SVI 11 of both vpc peers


Stay safe,



Hi, @Sergiu.Daniluk 


Thanks for responding. I think i will give you a bit more background. 

The access switch marked on the diagram is actually the current default gateway for vlan 10. When i moved the default gateway too the nexus switches this issue occurred. I had to revert the change due to the issue.


From inside vlan 10 during the migration and before i can ping all other devices. Before the migration from vlan 11 i could ping all 100 devices, after the migration i could only ping 90. All of these where located off the access switch. I did also find two hosts on the access switch in vlan 2 that were working correctly. I do not think its a layer 2 issue for these reasons but i perhaps should mention the spanning-tree route bridge is still on the access switch.


I am still happy to answer your questions but perhaps the above gives a bit more context?




MHM Cisco World

I think the VLAN 10 is not allow in vPC-Link? can you check this point ?

Content for Community-Ad