04-03-2022 10:49 PM
Hello Dears
I am trying to perform vPC configuration with Linux Server but it's still not being up take in mind the the vPC peer link is up and working normally between two switches and here is the configuration for one of them which is identical to the anther :
!Command: show running-config
!No configuration change since last restart
!Time: Mon Apr 4 05:46:58 2022
version 10.1(1) Bios:version 01.03
hostname Switch-1
vdc TOR-1 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
username admin password 5 $5$LIFDDB$a9Tx/4EU6Ltgt2bU4l6tmWt9kvYvYLBLjcJ/LBj.FjB role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 0xdbf7d32b3a79f4ed9c7afa36273b643c priv aes-128 0xdbf7d32b3a79f4ed9c7afa36273b643c localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1,9,20-24,1000
vlan 9
name MGMT
vlan 20
name OLVM
vlan 21
name APP
vlan 22
name DB
vlan 23
name keepalive
vlan 24
name Mirgation
vlan 1000
name VPC-Peer-link
spanning-tree vlan 1,9,23,99 priority 0
vrf context keepalive
vrf context management
vpc domain 1
peer-keepalive destination 100.64.0.18 source 100.64.0.17 vrf keepalive
interface Vlan1
no shutdown
interface Vlan1000
no shutdown
vrf member keepalive
ip address 100.64.0.17/30
interface port-channel1
description VPC Peer link
switchport
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel20
description To Server-3
switchport
switchport mode trunk
switchport trunk allowed vlan 20
spanning-tree port type network
vpc 20
interface port-channel21s
description To Server
switchport
switchport mode trunk
switchport trunk allowed vlan 20-22
spanning-tree port type network
vpc 21
interface Ethernet1/1
description To Server-3
switchport
switchport mode trunk
switchport trunk allowed vlan 20
channel-group 20 mode active
no shutdown
interface Ethernet1/2
description To Zabbix
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
description VPC Peer Links
switchport
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet1/42
description VPC Peer Links
switchport
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
description To Server-2
switchport
switchport mode trunk
switchport trunk allowed vlan 20-22
spanning-tree port type network
channel-group 21 mode active
no shutdown
interface Ethernet1/46
description To Server-1
switchport
switchport mode trunk
switchport trunk allowed vlan 20-22
spanning-tree port type network
channel-group 21 mode active
no shutdown
interface Ethernet1/47
switchport
switchport mode trunk
no shutdown
interface Ethernet1/48
switchport
switchport mode trunk
no shutdown
Bests
Solved! Go to Solution.
04-05-2022 11:32 PM
BA_Inc means Bridge Assurance Inconsistency. In other words, there are not STP BPDus received on that port-channel.
I noticed you configured the Po21 as stp network type. By doing that, you automatically enable Bridge Assurance. You either change the Po21 back to port type normal or enable port type network on the remote side of Po21.
Stay safe,
Sergiu
04-04-2022 01:54 AM
what is the issue ? you have not provided show outputs to understand. is the Linux not working when you make a VPC PO ?
here is example tested using Windows Server. :
https://www.balajibandi.com/?s=vpc
post show vpc (output) along with other side config also impprtant here.
what Linux distro , what is the config on the Linux box /
04-04-2022 02:31 AM
hello dear
thnx for reply
these are the outputs
Switch-2# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : failed
----
Swtich-2# show vpc consistency-parameters vpc 22
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
STP Port Guard 1 Default Default
STP Port Type 1 Network Port Network Port
STP MST Simulate PVST 1 Default Default
Allow-Multi-Tag 1 Disabled Disabled
Vlan xlt mapping 1 Disabled Disabled
vPC card type 1 N9K TOR N9K TOR
Allowed VLANs - 20-22 20-22
Local suspended VLANs - - -
Type-2 inconsistency reason : SVI type-2 configuration incompatible
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po1 up 1,9,20-24,1000
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
21 Po21 up success success 20-22
22 Po22 down* success success -
04-04-2022 03:32 AM
Type-2 consistency status : failed <- failed meaning the VLAN STP .... mismatch between the member of vPC PortChannel.
show vpc brief
give you what is mismatch.
04-04-2022 04:35 AM
this is the output of show vpc brief
show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : failed
Type-2 inconsistency reason : SVI type-2 configuration incompatible
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po1 up 1,9,20-25,1000
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
21 Po21 up success success 20-22
23 Po23 down* success success -
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
04-04-2022 04:41 AM
One Peer config SVI and UP/UP
other Peer don't config SVI or it Down.
check all VLAN SVI allow through vPC in both peer.
04-04-2022 10:13 PM
Hello dear
I noticed that one of the interfaces in SVI is up and the second is down and do them successfully to be align and make the interface between the two switches L3 interface not using SVI to avoid any issue but i had new issue as show in "show spanning-tree"
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 1 128.4096 (vPC peer-link) Network P2p
Po21 Desg BKN*1 128.4116 (vPC) Network P2p *BA_Inc
Eth1/45 Desg FWD 2 128.177 P2p
Eth1/47 Desg FWD 2 128.185 P2p
could u advise about that ?
04-04-2022 05:16 AM
There are a couple of things which are to be noted in the outputs you provided:
1. PKA is using SVI 1000, and vlan 1000 is allowed over PeerLink - you should modify this type of setup.
2. There is a type 2 mismatch: "Type-2 inconsistency reason : SVI type-2 configuration incompatible" - this indicates an SVI up on one peer and the same SVI down or not configured. Note that this is not a supported config and you should bring up SVI on both peers.
Take care,
Sergiu
04-04-2022 10:54 PM
Hi dear
thnx for interesting info and now the issue is up but i am facing anther issue in STP
"show spanning-tree"
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 1 128.4096 (vPC peer-link) Network P2p
Po21 Desg BKN*1 128.4116 (vPC) Network P2p *BA_Inc
Eth1/45 Desg FWD 2 128.177 P2p
Eth1/47 Desg FWD 2 128.185 P2p
could u advise about that ?
04-05-2022 05:00 AM
Are the Linux Server config with Ether channel?
the vPC must see one MAC address from the Linux Server not two.
04-05-2022 11:32 PM
BA_Inc means Bridge Assurance Inconsistency. In other words, there are not STP BPDus received on that port-channel.
I noticed you configured the Po21 as stp network type. By doing that, you automatically enable Bridge Assurance. You either change the Po21 back to port type normal or enable port type network on the remote side of Po21.
Stay safe,
Sergiu
04-06-2022 12:20 AM
thnx very much , it solved my issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide