Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
3
Replies

vPC and Gateway

Go to solution
soheil.amiri@Live.com
Level 1
Level 1

‎12-19-2021 06:26 AM - edited ‎12-19-2021 06:26 AM

hello guys

i setup a vPC scenario as shown in the picture. 

server 1.1.1.100 can ping 1.1.1.120 and 130 and vice versa. 

the link failover or switch failed will work fine.

but server in vPC switch ( here is server 1.1.1.100) can not ping 1.1.1.1 (3164-A) that is one of my vPC domain peers that act as gateway for all server. all server on orphan switch can ping 1.1.1.1.

when i am shuting down the ports 5-6 on 3164-B then server 1.1.1.100 is able to ping 3064-A (1.1.1.1) 

what is the problem 

Screenshot 2021-12-19 175225.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to soheil.amiri@Live.com

‎12-19-2021 09:22 AM - edited ‎12-20-2021 12:55 AM

By any chance, do you have SVI (interface vlan) configured only on Switch-A? Note that since this is a vPC vlan, this is not supported.

You must configure SVI on both vpc peers, and configure a HSRP VIP to act as a gatway.

And yes, peer-gateway contribute to the problem since what happens is that Switch-B will install in its mac table the mac address of SVI configured on Switch-A (28ac.9ea8.3831) - you see the G flag next to it on SW-B. This means that SW-B will try to route the packets even if it doesn't have a SVI locally.

 

Stay safe,

Sergiu

View solution in original post

0 Helpful
3 Replies 3

Go to solution
soheil.amiri@Live.com
Level 1
Level 1

‎12-19-2021 07:14 AM

more details 

i enabling Peer-gateway on both 3164. 

arp status on my client :

1.1.1.1 28-AC-9E-A8-38-31 Reachable ActiveStore

3164-A: show mac address-table 

G - 28ac.9ea8.3831 static - F F sup-eth1(R)
G 1 28ac.9ea8.3831 static - F F sup-eth1(R)
3164-B: show mac address-table 

G 1 28ac.9ea8.3831 static - F F vPC Peer-Link(R)

i read this : 

By enabling vPC Peer-Gateway functionality, each vPC peer device will replicate locally MAC address of interface
VLAN defined on the other vPC peer device with the G flag (Gateway flag).

can peer-gateway be the problem ?

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to soheil.amiri@Live.com

‎12-19-2021 09:22 AM - edited ‎12-20-2021 12:55 AM

By any chance, do you have SVI (interface vlan) configured only on Switch-A? Note that since this is a vPC vlan, this is not supported.

You must configure SVI on both vpc peers, and configure a HSRP VIP to act as a gatway.

And yes, peer-gateway contribute to the problem since what happens is that Switch-B will install in its mac table the mac address of SVI configured on Switch-A (28ac.9ea8.3831) - you see the G flag next to it on SW-B. This means that SW-B will try to route the packets even if it doesn't have a SVI locally.

 

Stay safe,

Sergiu

0 Helpful

Go to solution
soheil.amiri@Live.com
Level 1
Level 1
In response to Sergiu.Daniluk

‎12-19-2021 10:54 AM

thanks @Sergiu.Daniluk 

after a lot search i can solve my problem by one of these work round :

1- use HSRP for correcting my L3 problem by keeping this topology.

2- remove 1.1.1.1 from 3164-A and assing 1.1.1.1 to a other device like new router or firewall rather than 3164-A ro B.

thanks for your reply

0 Helpful
Customers Also Viewed These Support Documents