10-03-2011 08:13 PM - edited 03-01-2019 07:00 AM
Dear all,
I have two N5K and one core switch.I have conected my two N5K with one Core Switch as per diagram attached.If I connect both redundant link to core switch my traffic is not going properly .As per the debug ip packet traffic is going to peer link and getting dropped instead of Core uplink.Kindly help...
10-03-2011 09:12 PM
You probably need to describe the issue more specifically,
which vlan, ip header, inter-vlan routing issue or same vlan traffic?
Where is the default gateway? any HSRP protocol enabled?
vpc have the protection to drop the packet has non-local mac and traverse via the peer-link.
http://www.jeremyfilliben.com/2010/08/hsrp-vpc-and-vpc-peer-gateway-command.html
but not sure the exact issue you have.
10-03-2011 11:06 PM
Hi Dazhi,
Pls find the attached config of my network eg:.I am trying to SSH to my Primary nexus IP (vlan 133 ip) , i am able to access. But same time if try to access secondary nexus IP (vlan 133). it wont happen.sometimes it will happen viceversa.VPC details I have shared in the diagram. But from the host connected from my nexus 5K i am able to reach all IP's.
I have done debug on both nexus , during the issue packect will forward to port channel 10 (peer link) and getting dropped instead of forwarding to vpc 20.
pls help..
Regards,
Ajith
10-03-2011 11:12 PM
Primary Nexus Config :
NexusPrimary#
NexusPrimary#
NexusPrimary#
NexusPrimary# sh run
!Command: show running-config
!Time: Sat Sep 24 11:31:16 2011
version 5.0(2)N2(1)
feature fcoe
no feature telnet
no telnet server enable
no feature http-server
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
username admin password 5 $1$kxVjQ5Q7$QEbkT8giP8aRgq7Om800a1 role network-admin
username cisco password 5 $1$JJEua1eA$pDJ0d8VQiEZVU4nR2HxAw/ role network-opera
tor
no password strength-check
[7m--More-- [m
ip domain-lookup
ip domain-lookup
hostname NexusPrimary
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
fex 101
pinning max-links 1
description "***N2K-Pri2K***"
fex 102
pinning max-links 1
description "***To -SEC2K**"
[7m--More-- [m
snmp-server user admin network-admin auth md5 0x3c47e8ce70ceb780b7ec0ccac5ac08be
priv 0x3c47e8ce70ceb780b7ec0ccac5ac08be localizedkey
snmp-server user cisco network-operator auth md5 0x3d19380b8d99a3b36e269a32ef72a
c3b priv 0x3d19380b8d99a3b36e269a32ef72ac3b localizedkey
snmp-server enable traps entity fru
vrf context management
ip route 0.0.0.0/0 10.10.10.2
vlan 1,130,133
vpc domain 133
role priority 4096
peer-keepalive destination 10.10.10.2 source 10.10.10.1
interface Vlan1
no shutdown
interface Vlan130
no shutdown
interface Vlan133
no shutdown
ip address 10.100.133.37/24
[7m--More-- [m
[K
interface port-channel10
switchport mode trunk
vpc peer-link
spanning-tree port type network
speed 10000
interface port-channel20
description ***Uplink to CoreSwitch***
switchport mode trunk
vpc 20
speed 1000
interface port-channel30
description ***Uplink to EMC***
switchport mode trunk
vpc 30
speed 10000
interface port-channel40
description ***Uplink to EMC2***
switchport mode trunk
[7m--More-- [m
vpc 40
speed 10000
interface port-channel101
description ***CONNT-N2K-1SEC***
switchport mode fex-fabric
vpc 101
fex associate 101
interface port-channel102
description ***CONNT-N2K-2SEC***
switchport mode fex-fabric
vpc 102
fex associate 102
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
[7m--More-- [m
[K
interface fc2/5
interface fc2/6
interface fc2/7
interface fc2/8
interface Ethernet1/1
switchport mode trunk
speed 1000
channel-group 20
interface Ethernet1/2
switchport mode trunk
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
[7m--More-- [m
[K
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
[7m--More-- [m
speed 1000
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
[7m--More-- [m
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
switchport mode trunk
interface Ethernet1/30
interface Ethernet1/31
description Connected to Nexus 5K
switchport mode trunk
channel-group 10 mode active
interface Ethernet1/32
description Connected to Nexus 5K
switchport mode trunk
channel-group 10 mode active
interface Ethernet2/1
description ***FEX 102***
fex associate 102
[7m--More-- [m
switchport mode fex-fabric
channel-group 102
interface Ethernet2/2
description ***Fex 101***
fex associate 101
switchport mode fex-fabric
channel-group 101
interface Ethernet2/3
switchport mode trunk
channel-group 30 mode active
interface Ethernet2/4
switchport mode trunk
channel-group 40 mode active
interface Ethernet2/5
interface Ethernet2/6
switchport mode trunk
[7m--More-- [m
interface Ethernet2/7
interface Ethernet2/8
interface mgmt0
ip address 10.10.10.1/30
interface Ethernet101/1/1
switchport access vlan 133
interface Ethernet101/1/2
switchport access vlan 133
switchport trunk native vlan 133
interface Ethernet101/1/3
switchport access vlan 133
interface Ethernet101/1/4
switchport access vlan 133
interface Ethernet101/1/5
switchport access vlan 133
[7m--More-- [m
[K
interface Ethernet101/1/6
switchport access vlan 133
interface Ethernet101/1/7
switchport access vlan 133
interface Ethernet101/1/8
switchport access vlan 133
interface Ethernet101/1/9
switchport access vlan 133
interface Ethernet101/1/10
switchport access vlan 133
interface Ethernet101/1/11
switchport access vlan 133
interface Ethernet101/1/12
switchport access vlan 133
[7m--More-- [m
interface Ethernet101/1/13
switchport access vlan 133
interface Ethernet101/1/14
switchport access vlan 133
interface Ethernet101/1/15
switchport access vlan 133
interface Ethernet101/1/16
switchport access vlan 133
interface Ethernet101/1/17
switchport access vlan 133
interface Ethernet101/1/18
switchport access vlan 133
interface Ethernet101/1/19
switchport access vlan 133
interface Ethernet101/1/20
[7m--More-- [m
switchport access vlan 133
interface Ethernet101/1/21
switchport access vlan 133
interface Ethernet101/1/22
switchport access vlan 133
interface Ethernet101/1/23
switchport access vlan 133
interface Ethernet101/1/24
switchport access vlan 133
interface Ethernet101/1/25
switchport access vlan 133
interface Ethernet101/1/26
switchport access vlan 133
interface Ethernet101/1/27
switchport access vlan 133
[7m--More-- [m
[K
interface Ethernet101/1/28
switchport access vlan 133
interface Ethernet101/1/29
switchport access vlan 133
interface Ethernet101/1/30
switchport access vlan 133
interface Ethernet101/1/31
switchport access vlan 133
interface Ethernet101/1/32
switchport access vlan 133
interface Ethernet101/1/33
switchport access vlan 133
interface Ethernet101/1/34
switchport access vlan 133
[7m--More-- [m
interface Ethernet101/1/35
switchport access vlan 133
interface Ethernet101/1/36
switchport access vlan 133
interface Ethernet101/1/37
switchport access vlan 133
interface Ethernet101/1/38
switchport access vlan 133
interface Ethernet101/1/39
switchport access vlan 133
interface Ethernet101/1/40
switchport access vlan 133
interface Ethernet101/1/41
switchport access vlan 133
interface Ethernet101/1/42
[7m--More-- [m
switchport access vlan 133
interface Ethernet101/1/43
switchport access vlan 133
interface Ethernet101/1/44
switchport access vlan 133
interface Ethernet101/1/45
switchport access vlan 133
interface Ethernet101/1/46
switchport access vlan 133
interface Ethernet101/1/47
switchport access vlan 133
interface Ethernet101/1/48
switchport access vlan 133
interface Ethernet102/1/1
switchport access vlan 133
[7m--More-- [m
[K
interface Ethernet102/1/2
switchport access vlan 133
interface Ethernet102/1/3
switchport access vlan 133
interface Ethernet102/1/4
switchport access vlan 133
interface Ethernet102/1/5
switchport access vlan 133
interface Ethernet102/1/6
switchport access vlan 133
interface Ethernet102/1/7
switchport access vlan 133
interface Ethernet102/1/8
switchport access vlan 133
[7m--More-- [m
interface Ethernet102/1/9
switchport access vlan 133
interface Ethernet102/1/10
switchport access vlan 133
interface Ethernet102/1/11
switchport access vlan 133
interface Ethernet102/1/12
switchport access vlan 133
interface Ethernet102/1/13
switchport access vlan 133
interface Ethernet102/1/14
switchport access vlan 133
interface Ethernet102/1/15
switchport access vlan 133
interface Ethernet102/1/16
[7m--More-- [m
switchport access vlan 133
interface Ethernet102/1/17
switchport access vlan 133
interface Ethernet102/1/18
switchport access vlan 133
interface Ethernet102/1/19
switchport access vlan 133
interface Ethernet102/1/20
switchport access vlan 133
interface Ethernet102/1/21
switchport access vlan 133
interface Ethernet102/1/22
switchport access vlan 133
interface Ethernet102/1/23
switchport access vlan 133
[7m--More-- [m
[K
interface Ethernet102/1/24
switchport access vlan 133
interface Ethernet102/1/25
switchport access vlan 133
interface Ethernet102/1/26
switchport access vlan 133
interface Ethernet102/1/27
switchport access vlan 133
interface Ethernet102/1/28
switchport access vlan 133
interface Ethernet102/1/29
switchport access vlan 133
interface Ethernet102/1/30
switchport access vlan 133
[7m--More-- [m
interface Ethernet102/1/31
switchport access vlan 133
interface Ethernet102/1/32
switchport access vlan 133
interface Ethernet102/1/33
switchport access vlan 133
interface Ethernet102/1/34
switchport access vlan 133
interface Ethernet102/1/35
switchport access vlan 133
interface Ethernet102/1/36
switchport access vlan 133
interface Ethernet102/1/37
switchport access vlan 133
interface Ethernet102/1/38
[7m--More-- [m
switchport access vlan 133
interface Ethernet102/1/39
switchport access vlan 133
interface Ethernet102/1/40
switchport access vlan 133
interface Ethernet102/1/41
switchport access vlan 133
interface Ethernet102/1/42
switchport access vlan 133
interface Ethernet102/1/43
switchport access vlan 133
interface Ethernet102/1/44
switchport access vlan 133
interface Ethernet102/1/45
switchport access vlan 133
[7m--More-- [m
[K
interface Ethernet102/1/46
switchport access vlan 133
interface Ethernet102/1/47
switchport access vlan 133
interface Ethernet102/1/48
switchport access vlan 133
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.2.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.2.N2.1.bin
ip route 0.0.0.0/0 10.100.133.1
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
interface fc2/5
interface fc2/6
interface fc2/7
interface fc2/8
[7m--More-- [m
[K
NexusPrimary#
NexusPrimary#
10-03-2011 11:13 PM
Secondary Nexus:
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary# sh [J [Jter len 0
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary# sh run
!Command: show running-config
!Time: Sat Sep 24 11:30:21 2011
version 5.0(2)N2(1)
feature fcoe
no feature telnet
no telnet server enable
no feature http-server
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature fex
username admin password 5 $1$XAcql/pI$rgo509TPZA6LhdRDHKjBG/ role network-admin
no password strength-check
ip domain-lookup
ip domain-lookup
hostname NexusSecondary
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
fex 101
pinning max-links 1
description "***FEX 101***"
fex 102
pinning max-links 1
description "***To -SEC2K**"
snmp-server user admin network-admin auth md5 0xd07e8beae6b3a0324a6e55ea455e7309 priv 0xd07e8beae6b3a0324a6e55ea455e7309 localizedkey
snmp-server enable traps entity fru
vrf context management
ip route 0.0.0.0/0 10.10.10.1
vlan 1,130,133
vpc domain 133
role priority 8192
peer-keepalive destination 10.10.10.1 source 10.10.10.2
interface Vlan1
no shutdown
interface Vlan130
no shutdown
interface Vlan133
no shutdown
ip address 10.100.133.38/24
interface port-channel10
switchport mode trunk
vpc peer-link
switchport trunk native vlan 133
spanning-tree port type network
speed 10000
interface port-channel20
description ***Uplink to CoreSwitch***
switchport mode trunk
vpc 20
speed 1000
interface port-channel30
description ***Uplink to EMC***
switchport mode trunk
vpc 30
interface port-channel40
description ***Uplink to EMC2***
switchport mode trunk
vpc 40
interface port-channel101
description ***CONNT-N2K-1SEC***
switchport mode fex-fabric
vpc 101
fex associate 101
interface port-channel102
description ***CONNT-N2K-2SEC***
switchport mode fex-fabric
vpc 102
fex associate 102
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
interface fc2/5
interface fc2/6
interface fc2/7
interface fc2/8
interface Ethernet1/1
switchport mode trunk
speed 1000
channel-group 20
interface Ethernet1/2
switchport mode trunk
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
switchport access vlan 133
speed 1000
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
switchport mode trunk
interface Ethernet1/30
interface Ethernet1/31
description Connected to Nexus 5K
switchport mode trunk
switchport trunk native vlan 133
channel-group 10 mode active
interface Ethernet1/32
description Connected to Nexus 5K
switchport mode trunk
switchport trunk native vlan 133
channel-group 10 mode active
interface Ethernet2/1
description ***FEX 102***
fex associate 102
switchport mode fex-fabric
channel-group 102
interface Ethernet2/2
description ***Fex 101***
fex associate 101
switchport mode fex-fabric
channel-group 101
interface Ethernet2/3
switchport mode trunk
channel-group 30 mode active
interface Ethernet2/4
switchport mode trunk
channel-group 40 mode active
interface Ethernet2/5
switchport mode trunk
interface Ethernet2/6
interface Ethernet2/7
interface Ethernet2/8
interface mgmt0
ip address 10.10.10.2/30
interface Ethernet101/1/1
switchport access vlan 133
interface Ethernet101/1/2
switchport access vlan 133
interface Ethernet101/1/3
switchport access vlan 133
interface Ethernet101/1/4
switchport access vlan 133
interface Ethernet101/1/5
switchport access vlan 133
interface Ethernet101/1/6
switchport access vlan 133
interface Ethernet101/1/7
switchport access vlan 130
interface Ethernet101/1/8
switchport access vlan 133
interface Ethernet101/1/9
switchport access vlan 133
interface Ethernet101/1/10
switchport access vlan 133
interface Ethernet101/1/11
switchport access vlan 133
interface Ethernet101/1/12
switchport access vlan 133
interface Ethernet101/1/13
switchport access vlan 133
interface Ethernet101/1/14
switchport access vlan 133
interface Ethernet101/1/15
switchport access vlan 133
interface Ethernet101/1/16
switchport access vlan 133
interface Ethernet101/1/17
switchport access vlan 133
interface Ethernet101/1/18
switchport access vlan 133
interface Ethernet101/1/19
switchport access vlan 133
interface Ethernet101/1/20
switchport access vlan 133
interface Ethernet101/1/21
switchport access vlan 133
interface Ethernet101/1/22
switchport access vlan 133
interface Ethernet101/1/23
switchport access vlan 133
interface Ethernet101/1/24
switchport access vlan 133
interface Ethernet101/1/25
switchport access vlan 133
interface Ethernet101/1/26
switchport access vlan 133
interface Ethernet101/1/27
switchport access vlan 133
interface Ethernet101/1/28
switchport access vlan 133
interface Ethernet101/1/29
switchport access vlan 133
interface Ethernet101/1/30
switchport access vlan 133
interface Ethernet101/1/31
switchport access vlan 133
interface Ethernet101/1/32
switchport access vlan 133
interface Ethernet101/1/33
switchport access vlan 133
interface Ethernet101/1/34
switchport access vlan 133
interface Ethernet101/1/35
switchport access vlan 133
interface Ethernet101/1/36
switchport access vlan 133
interface Ethernet101/1/37
switchport access vlan 133
interface Ethernet101/1/38
switchport access vlan 133
interface Ethernet101/1/39
switchport access vlan 133
interface Ethernet101/1/40
switchport access vlan 133
interface Ethernet101/1/41
switchport access vlan 133
interface Ethernet101/1/42
switchport access vlan 133
interface Ethernet101/1/43
switchport access vlan 133
interface Ethernet101/1/44
switchport access vlan 133
interface Ethernet101/1/45
switchport access vlan 133
interface Ethernet101/1/46
switchport access vlan 133
interface Ethernet101/1/47
switchport access vlan 133
interface Ethernet101/1/48
switchport access vlan 133
interface Ethernet102/1/1
switchport access vlan 133
interface Ethernet102/1/2
switchport access vlan 133
interface Ethernet102/1/3
switchport access vlan 133
interface Ethernet102/1/4
switchport access vlan 133
interface Ethernet102/1/5
switchport access vlan 133
interface Ethernet102/1/6
switchport access vlan 133
interface Ethernet102/1/7
switchport access vlan 130
interface Ethernet102/1/8
switchport access vlan 133
interface Ethernet102/1/9
switchport access vlan 133
interface Ethernet102/1/10
switchport access vlan 133
interface Ethernet102/1/11
switchport access vlan 133
interface Ethernet102/1/12
switchport access vlan 133
interface Ethernet102/1/13
switchport access vlan 133
interface Ethernet102/1/14
switchport access vlan 133
interface Ethernet102/1/15
switchport access vlan 133
interface Ethernet102/1/16
switchport access vlan 133
interface Ethernet102/1/17
switchport access vlan 133
interface Ethernet102/1/18
switchport access vlan 133
interface Ethernet102/1/19
switchport access vlan 133
interface Ethernet102/1/20
switchport access vlan 133
interface Ethernet102/1/21
switchport access vlan 133
interface Ethernet102/1/22
switchport access vlan 133
interface Ethernet102/1/23
switchport access vlan 133
interface Ethernet102/1/24
switchport access vlan 133
interface Ethernet102/1/25
switchport access vlan 133
interface Ethernet102/1/26
switchport access vlan 133
interface Ethernet102/1/27
switchport access vlan 133
interface Ethernet102/1/28
switchport access vlan 133
interface Ethernet102/1/29
switchport access vlan 133
interface Ethernet102/1/30
switchport access vlan 133
interface Ethernet102/1/31
switchport access vlan 133
interface Ethernet102/1/32
switchport access vlan 133
interface Ethernet102/1/33
switchport access vlan 133
interface Ethernet102/1/34
switchport access vlan 133
interface Ethernet102/1/35
switchport access vlan 133
interface Ethernet102/1/36
switchport access vlan 133
interface Ethernet102/1/37
switchport access vlan 133
interface Ethernet102/1/38
switchport access vlan 133
interface Ethernet102/1/39
switchport access vlan 133
interface Ethernet102/1/40
switchport access vlan 133
interface Ethernet102/1/41
switchport access vlan 133
interface Ethernet102/1/42
switchport access vlan 133
interface Ethernet102/1/43
switchport access vlan 133
interface Ethernet102/1/44
switchport access vlan 133
interface Ethernet102/1/45
switchport access vlan 133
interface Ethernet102/1/46
switchport access vlan 133
interface Ethernet102/1/47
switchport access vlan 133
interface Ethernet102/1/48
switchport access vlan 133
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.2.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.2.N2.1.bin
ip route 0.0.0.0/0 10.100.133.1
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
interface fc2/5
interface fc2/6
interface fc2/7
interface fc2/8
NexusSecondary#
NexusSecondary#
NexusSecondary#
NexusSecondary#
10-04-2011 01:42 AM
So your problem is:
All hosts under Fex in same vlan 133 can ssh/ping both Nexus SVI.
But host behind(in same vlan or different vlan?) Nortel Core switch or Nortel Core Switch SVI ssh Nexus SVI failed
you need to konw the ssh src/dst-mac, src/dst-ip of the failure/successful scenario.
And check the path of the fowarding/return path of the ssh packet.
From the debug you mentioned, it seems to me the source of the ssh mac address is learnt via peer-link instead of directly connectted vpc 20 locally.
Or better a TAC case to address all the question above.(also possible bug).
10-04-2011 11:43 PM
Hi Dazhi,
I have some restriction to raise the TAC..I am suspecting the problem is deisgn. Is it possible to connect my two uplinks from Nexus 5K to my Core Switch ?If possible whether we need to bind both in same VPC ?Can you pls share me some sample template and diagram with one core switch.
Regards,
Ajith
10-09-2011 07:27 PM
This documentation is a good desigh example with vpc yes-or-no:
http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
binding 2 uplinks(need in same vpc x) to core switch (single Etherchannel) is supported.
E.g.:
Core Switch(example by using cisco switch)
interface port-channel 1
switich mode trunk
interface Te1/1
channel-group 1 mode active
interface Te1/2
channel-group 1 mode active
N5K1: (Eth1/1 <-> Te1/1 on Core)
interface port-channel 1
vpc 1
interface ether 1/1
channel-group 1 mode active
N5K2:(Eth1/1 <-> Te1/2 on Core)
inter port-channel 1
vpc 1
interface ether 1/1
chann-group 1 mode active
some more reference:
http://docwiki.cisco.com/wiki/Nexus_5000_vPC_Design_Best_Practices
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide