Importing the interface

s-tiedemann · ‎11-01-2011

We are currently experiencing an issue where if we perform a show switch-profile buffer (see below)...the buffer is clean. However, when we perform a show switch-profile name status...there are commands pending. Anyone else experience any similar symptoms?? As all commits and/or verifies are failing. These interfaces are members of an etherchannel and the below 'pending' commands are normally performed within config sync. I can't perform any tasks on any of these interfaces via config t or config sync. Anyone have any ideas how to clear? I've tried added them back into the buffer, deleting, abort...with no success.

5K1# show switch-profile 5k buffer

switch-profile : 5k
----------------------------------------------------------
Seq-no Command
----------------------------------------------------------

5K1# show switch-profile 5k status

switch-profile : 5k
----------------------------------------------------------

Start-time: 152794 usecs after Tue Nov 1 11:01:17 2011
End-time: 626559 usecs after Tue Nov 1 11:01:29 2011

Profile-Revision: 60
Session-type: Verify
Session-subtype: -
Peer-triggered: Yes
Profile-status: Verify Failed

Local information:
----------------
Status: Verify Failure
Error(s):
Validation Failed: Config validation failed as found changes on both sides. rcvd_rev: 0, expected_rev: 6
interface Ethernet1/13
        switchport trunk allowed vlan 10, 39, 50, 806
interface Ethernet1/14
        switchport trunk allowed vlan 10, 39, 50, 806
interface Ethernet1/19
        switchport trunk allowed vlan 10, 14, 20, 30, 39-40, 50, 806, 2000-2002

Thanks in advance for your help,

Shawn Tiedemann

jrichar4 · ‎11-22-2011

Hi Shawn,

I have no idea what this will impact, but I have 2 5548UP in the lab which showed the same symptom. I used the following 'big hammer' to restore the feature.

# config sync

# no switch-profile 5k all-config

Warning: Deleting switch-profile will remove those commands from the running-config.

Verification successful...

Proceeding to delete switch-profile. This might take a while depending on amount of configuration under a switch-profile.

Please avoid other configuration changes during this time.

Delete Successful

#

lab1(config-sync)# switch-profile 5k

Switch-Profile started, Profile ID is 1

lab1(config-sync-sp)# int eth 1/19

lab1(config-sync-sp-if)# channel-group 2

n-dadb27S1(config-sync-sp-if)# int p2

n-dadb27S1(config-sync-sp-if)# switchport mode trunk

n-dadb27S1(config-sync-sp-if)# vpc 2

n-dadb27S1(config-sync-sp-if)# commit

Verification successful...

Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.

Please avoid other configuration changes during this time.

Commit Successful

lab1(config-sync)# end

lab1#

Josh Richard

Amit Singh · ‎11-22-2011

Hi Shawn,

Please could you paste the switch profile configuration from both the switches. I beleive that you have made some changes on one of the profile and when you are trying to comit it, changes are no saved and hence the error. What is the NX-OS version you are running on the switches?

Please could you try the following :

Proceeded to remove the sync peer on BOTH sides.

Check out which switch shows the inconsistency or the "bad one" and deleted the config profile there.

Then recreate the config and pasted the configuration from the "good" switch and commit the change.

Add the peers and commit it again.

Cheers,

-amit singh

Kevin Dorrell · ‎10-05-2012

Hi Shawn and Amit.

I am having exactly the same problem. In fact, there is no inconsistency between the switches. If I copy the configs of the two switches to a TFTP server, and then compare them side-by-side using a tool like WinMerge, there are no differences apart from the obvious ones (local IP address, sync peer address, VPC priority, SNMP chasis-id, etc.)

I looks to me thaat it all got messed up when trying to configure something on a VPC port-channel, for example the allowed VLAN list. It looks like such an action does not synchronise properly between the member links. I am convinced this is a bug, and makes it very very difficult to use.

I found I could still do some config changes by fooling the verify. I removed the sync peer on both sides, did a dummy commit on each side, and then put back the sync peers. I still get the verify error in the show switch-profile status, but at least the conf sync does work except for everything but the interfaces mentioned in the status output.

I have a maintenance slot booked in three weeks time, so it would be interesting to see if a reload does the trick then.

Meanwhile, I notice there is a command something like switch-profile resync-database. Does anyone know what that actually does? (in more detail than "it synchronises the database" please ;-) Is it benign? Does it affect the running configuration? What does it resychronise with what exactly?

Kevin Dorrell

CCIE #20765

Luxembourg

miloud griris · ‎10-19-2012

Hi Kevin,

Resync database can be used from within the switch-profile context to update the internal data-structures.

The running config will be not impacted and you can use it safely.

Can you past your vpc config ?

-Miloud-

AlainODea · ‎02-19-2013

I had this happen when I reloaded a 5548UP without first doing "copy run start". Newbie mistake I know, but that's beside the point. Remove the switch profile or peering config in production will result in downtime and creates extra work for you beyond the fires you'll be fighting.

There is a direct and safe solution to this: reverse the offending config lines that "show switch-proifile status" lists.

You get:

Validation Failed: Config validation failed as found changes on both sides. rcvd_rev: 0, expected_rev: 6

interface Ethernet1/13

switchport trunk allowed vlan 10, 39, 50, 806

interface Ethernet1/14

switchport trunk allowed vlan 10, 39, 50, 806

interface Ethernet1/19

switchport trunk allowed vlan 10, 14, 20, 30, 39-40, 50, 806, 2000-2002

The above represents what shouldn't be in your config.

Still in config-sync-sp you type:

interface Ethernet1/13

no switchport trunk allowed vlan 10, 39, 50, 806

interface Ethernet1/14

no switchport trunk allowed vlan 10, 39, 50, 806

interface Ethernet1/19

no switchport trunk allowed vlan 10, 14, 20, 30, 39-40, 50, 806, 2000-2002

commit

The commit will succeed. This should be in the documentation as I nearly had a heart attack when I repeatedly saw the high risk suggestion of stopping peer-sync. I am fairly certain stopping peer-sync is unsafe in production. It is certainly not needed to resolve this merge issue when it happens.

UPDATE: you will need to do this on both switches to fully resolve the issue. Some of the problematic commands listed by "show switch-profile status" may be in regular config. That wasn't the case for me, but it is possible so some "no" commands will need to be issued in "configured terminal" instead of "configure sync".

andrekeuler · ‎08-20-2013

Hi Shawn

I had the same problem and found the following solution: Although the two running configurations matched exactly, the problem was that some configuration was applied using conf t and some configuration using conf sync. Doing a "sh run switch-profile" on both switches showed these differences. To fix is fairly easy:

On both switches:

conf sync

switch-profile

import interface

commit

jgustafzon · ‎05-17-2015

Importing the interface finally solved this issue where the switch-profile wouldn't sync. These Nexus switches were hot in production and there was no way we could "big hammer"-delete the entire switch profile. However, the import interface on the "slave"-switch saved the day. Thank you.

5k config sync issue...