Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1515
Views
3
Helpful
2
Replies

Nexus 7000 vPC modification - avoiding type1 inconsistencies

oswaldo81
Level 1
Level 1

‎11-17-2012 05:29 AM

Hi Everyone,

I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.

I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.

This is causing me a big service disruption headache as I need to do this for a whole Data Centre.

I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.

Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?

If not, do you know of any other ways to prevent vPC going into suspend?

Thanks in advance for any advice!

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎11-20-2012 07:11 AM

Hi Oswaldo

Type 1 inconsistencies are a little difficult to manage... Yes,... root guard is one of type 1 inconsistency... how is your vpc laid out ? Do you have VPC between your N7k's and also to all the access layer N5k's ? why do you want to apply root guard when you have VPC, since STP is kind of not really hazardous with VPC ? I think its a good idea to bring up the root guard , and all other STP related parameters when initially configuring the switch, but if we need to add it on, we might need a downtime.

Hope this helps..

Raj

oswaldo81
Level 1
Level 1
In response to sachinraja

‎11-20-2012 03:38 PM

Hi Raj,

thankyou for your response.

We have VPC between Core - Aggregation - all 7k and Aggregation to Access (5ks). VPC down from Core all the way to Access and also up all the way from Access to Core.

So from a STP point of view, the topology is a single switch for Core, Aggregation and Access - so no loops.

I agree this limits the potential for trouble if a switch is plugged into the access layer by mistake for example - but the customer is adamant they want it (RootGuard).

Thanks,

Oswaldo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card