12-19-2021 06:26 AM - edited 12-19-2021 06:26 AM
hello guys
i setup a vPC scenario as shown in the picture.
server 1.1.1.100 can ping 1.1.1.120 and 130 and vice versa.
the link failover or switch failed will work fine.
but server in vPC switch ( here is server 1.1.1.100) can not ping 1.1.1.1 (3164-A) that is one of my vPC domain peers that act as gateway for all server. all server on orphan switch can ping 1.1.1.1.
when i am shuting down the ports 5-6 on 3164-B then server 1.1.1.100 is able to ping 3064-A (1.1.1.1)
what is the problem
Solved! Go to Solution.
12-19-2021 09:22 AM - edited 12-20-2021 12:55 AM
By any chance, do you have SVI (interface vlan) configured only on Switch-A? Note that since this is a vPC vlan, this is not supported.
You must configure SVI on both vpc peers, and configure a HSRP VIP to act as a gatway.
And yes, peer-gateway contribute to the problem since what happens is that Switch-B will install in its mac table the mac address of SVI configured on Switch-A (28ac.9ea8.3831) - you see the G flag next to it on SW-B. This means that SW-B will try to route the packets even if it doesn't have a SVI locally.
Stay safe,
Sergiu
12-19-2021 07:14 AM
more details
i enabling Peer-gateway on both 3164.
arp status on my client :
1.1.1.1 28-AC-9E-A8-38-31 Reachable ActiveStore
3164-A: show mac address-table
G - 28ac.9ea8.3831 static - F F sup-eth1(R)
G 1 28ac.9ea8.3831 static - F F sup-eth1(R)
3164-B: show mac address-table
G 1 28ac.9ea8.3831 static - F F vPC Peer-Link(R)
i read this :
By enabling vPC Peer-Gateway functionality, each vPC peer device will replicate locally MAC address of interface
VLAN defined on the other vPC peer device with the G flag (Gateway flag).
can peer-gateway be the problem ?
12-19-2021 09:22 AM - edited 12-20-2021 12:55 AM
By any chance, do you have SVI (interface vlan) configured only on Switch-A? Note that since this is a vPC vlan, this is not supported.
You must configure SVI on both vpc peers, and configure a HSRP VIP to act as a gatway.
And yes, peer-gateway contribute to the problem since what happens is that Switch-B will install in its mac table the mac address of SVI configured on Switch-A (28ac.9ea8.3831) - you see the G flag next to it on SW-B. This means that SW-B will try to route the packets even if it doesn't have a SVI locally.
Stay safe,
Sergiu
12-19-2021 10:54 AM
thanks @Sergiu.Daniluk
after a lot search i can solve my problem by one of these work round :
1- use HSRP for correcting my L3 problem by keeping this topology.
2- remove 1.1.1.1 from 3164-A and assing 1.1.1.1 to a other device like new router or firewall rather than 3164-A ro B.
thanks for your reply
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide