Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3987
Views
0
Helpful
3
Replies

Nexus 1000v 4.2.1 - Interface Ethernet3/5 has been quarantined due to Cmd Failure

Go to solution
schlemmer
Level 1
Level 1

‎02-24-2011 03:54 AM

Hello,

i get the error message "Interface Ethernet3/5 has been quarantined due to Cmd Failure" when i try to activate the System Uplink ports on the Nexus 1000v VSM. The symptom occurs under 4.2.1.SV1.4 (has been fresh setup, did before tests with 4.0.4). Unfortunately, the link to the 4.2.1 troubleshooting guide does not work (seems it hasn't been released yet).

Has anyone an idea what the root cause could be?

The VSM and VEM run on a GP DL3xxG7 with 2 x Dual Port 10Gbit CNA Adapters.

     Nexus 1k config:

vlan 1
vlan 260
  name Servers
vlan 340
  name NfsA
vlan 357
  name vMotion
vlan 920
  name Packet_Control
!
port-profile type ethernet SYSTEM-UPLINK
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 1,260,301,303,305,307,357,544,920
  spanning-tree port type edge trunk
  switchport trunk native vlan 1
  channel-group auto mode active
  no shutdown
  system vlan 1,357,920
  state enabled
port-profile type ethernet STORAGE-UPLINK
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 340
  channel-group auto mode active
  no shutdown
  system vlan 340
  state enabled
!

When i do a no shut on the physical ports i get:

switch(config-if)# no shut
2011 Feb 24 11:43:55 switch %PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet3/7 has been quarantined due to Cmd Failure 
2011 Feb 24 11:43:55 switch %PORT-PROFILE-2-INTERFACE_QUARANTINED: Interface Ethernet3/5 has been quarantined due to Cmd Failure

The other etherchannel (Port Profile STORAGE-UPLINK) does work pretty well...

The peer switches are two Nexus 5k with VPC.

config:

port-profile type port-channel VMWare-LAN
  switchport mode trunk
  switchport trunk allowed vlan 260, 301, 303, 305, 307, 357, 544, 920
  spanning-tree port type edge trunk
  switchport trunk native vlan 1
  state enabled
!

interface port-channel18
  inherit port-profile VMWare-LAN
  description CHA vshpvm001 LAN
  vpc 18
  speed 10000
!

interface Ethernet1/18
  description CHA vshpvm001 LAN
  switchport mode trunk
  switchport trunk allowed vlan 260,301,303,305,307,357,544,920
  channel-group 18 mode active

switch# show port-profile sync-status

Ethernet3/5
port-profile: SYSTEM-UPLINK
interface status: quarantine
sync status: out of sync
cached commands: 
errors:
    cached command failed
recovery steps:
    unshut interface

Ethernet3/7
port-profile: SYSTEM-UPLINK
interface status: quarantine
sync status: out of sync
cached commands: 
errors:
    cached command failed
recovery steps:
    unshut interface

kind regards,

andy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sbacheld
Level 1
Level 1

‎02-24-2011 02:32 PM

Hey Andy,

When an interface goes into quarantine state, it means that one of the commands in the port-profile failed to be applied to the interface.

Can you send the output of "show logging logfile | grep INTERFACE_CMD_FAILURE" and "show accounting log"? In the accounting log, you'll want to look for commands that have failed on the quarantined interfaces.

Thanks,

Sean

View solution in original post

0 Helpful
3 Replies 3

Go to solution
sbacheld
Level 1
Level 1

‎02-24-2011 02:32 PM

Hey Andy,

When an interface goes into quarantine state, it means that one of the commands in the port-profile failed to be applied to the interface.

Can you send the output of "show logging logfile | grep INTERFACE_CMD_FAILURE" and "show accounting log"? In the accounting log, you'll want to look for commands that have failed on the quarantined interfaces.

Thanks,

Sean

0 Helpful

Go to solution
schlemmer
Level 1
Level 1
In response to sbacheld

‎02-25-2011 12:21 AM

Sean,

thank you !

"show accounting log" helped me - i had the command spanning-tree port type edge trunk in the config which i somehow didn't realize that we hadn't this command in the 4.0.4 lab setup...so it was a copy/paste error (i copied the port-profile config from the N5k down to the N1k).


Fri Feb 25 07:20:32 2011:update:ppm.13880:admin:configure terminal ; interface Ethernet3/5 ; spanning-tree port type edge trunk (FAILURE)
Fri Feb 25 07:20:32 2011:update:ppm.13890:admin:configure terminal ; interface Ethernet3/5 ; shutdown (FAILURE)

As the N1k doesn't do STP at all (or does it? ) it's no wonder that the cli was complaining ...

Maybe this command should get more attention in the tshoot guide as it seems to be a very helpful one.

Cheers & Thanks,

Andy

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to schlemmer

‎02-25-2011 04:46 PM

Andy,


There is no STP on the N1K.  VPC-HM is the N1K's loop prevention mechanism.

The accounting log is simply a record of user-entered (or pasted ;-) commands.  It's useful on any Cisco platform.  I do agree that it wouldn't hurt to add some information into the T-shooting guide in regards Virtual or Physical interfaces falling into the Quarantined port profile.  Thanks to Sean for detailing "why" ports usually end up there.

I'll get this updated early next week.

Regards,

Robert

0 Helpful
Customers Also Viewed These Support Documents