I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.
I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.
This is causing me a big service disruption headache as I need to do this for a whole Data Centre.
I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.
Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?
If not, do you know of any other ways to prevent vPC going into suspend?
Type 1 inconsistencies are a little difficult to manage... Yes,... root guard is one of type 1 inconsistency... how is your vpc laid out ? Do you have VPC between your N7k's and also to all the access layer N5k's ? why do you want to apply root guard when you have VPC, since STP is kind of not really hazardous with VPC ? I think its a good idea to bring up the root guard , and all other STP related parameters when initially configuring the switch, but if we need to add it on, we might need a downtime.