Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1848
Views
0
Helpful
3
Replies

HSRP with Nexus VPC

AdamDownie12
Level 1
Level 1

‎05-13-2021 02:57 PM

Hello,

We have a slightly odd design, which is just in place for a temporary amount of time during a migration. Diagram below.

 
 

 

diagram.jpg

The issue we are seeing is that some virtual machines connected to the access switch in vlan 10 are unable to access servers in vlan 11.

Having a VPC vlan single attached is not best practice but I am sure this should work. I have peer gateway enabled. If I add a second link to the access switch to connect to Nexus 2 I am certain it will fix the issue but we really do not want to have to do this. I am also interested as to why it does not work. Running Nexus 9k on very recent code.

 

Thoughts welcome.

Labels:
0 Helpful
3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎05-15-2021 01:46 AM

Hi @AdamDownie12 

First, just wanted to let you know that the design as you draw, should work without a problem.

There are few questions which can help in troublehsooting:

  • was it working before? if yes, what changes have you made before it stopped working?
  • is this a new configuration?
  • do you have other vlans which are working in this setup?
  • do you have other vlans which are not working in this setup?

This you will have to check to confirm that everything works as expected:

  • is the vpc domain up?
  • is the vpc port-channel up on both peers?
  • is the APR resolved for VMs in both vlan 10 and 11, on both peers?
  • is the HSRP neighborship for both vlan 10 and 11 up?
  • Is the HSRP VIP correctly configured as default GW for all VMs (and not the IP address of HSRP active or standby)?
  • Is the subnet mask correctly configured on all VMs?
  • What are the results if you ping:

- from VMs in VLAN 10, both vpc attached and orphan ports attached:

    - HSRP VIP for vlan 10 and 11

    - real IP of SVI 10 and SVI 11 of both vpc peers

- from VMs in VLAN 11, both vpc attached and orphan ports attached:

    - HSRP VIP for vlan 10 and 11

    - real IP of SVI 10 and SVI 11 of both vpc peers

 

Stay safe,

Sergiu

 

0 Helpful

AdamDownie12
Level 1
Level 1
In response to Sergiu.Daniluk

‎05-15-2021 05:13 AM

Hi, @Sergiu.Daniluk 

 

Thanks for responding. I think i will give you a bit more background. 

The access switch marked on the diagram is actually the current default gateway for vlan 10. When i moved the default gateway too the nexus switches this issue occurred. I had to revert the change due to the issue.

 

From inside vlan 10 during the migration and before i can ping all other devices. Before the migration from vlan 11 i could ping all 100 devices, after the migration i could only ping 90. All of these where located off the access switch. I did also find two hosts on the access switch in vlan 2 that were working correctly. I do not think its a layer 2 issue for these reasons but i perhaps should mention the spanning-tree route bridge is still on the access switch.

 

I am still happy to answer your questions but perhaps the above gives a bit more context?

 

Thanks

Adam

0 Helpful

MHM Cisco World
VIP
VIP

‎06-05-2021 04:30 PM

I think the VLAN 10 is not allow in vPC-Link? can you check this point ?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card