Solved: Cannot ping vlan gateway on Nexus switches when trunking to access layer switch

dgso_admin · ‎05-27-2016

Hello,

I am setting up a new pair of Nexus 9372PX switches in tandem via vPC, and I am wondering if anyone else is having this problem: I cannot ping from the the end device in VLAN 7 on the access switch to the default gateway, which I set up on VLAN 7 in the Nexus 9372PX when the port-channel is set to trunk; the cmd prompt says "destination host unreachable". However, I am able ping from the same end device to the VLAN gateway IP when I set the 9372PX's downstream link to the access switch as switchport mode access; access vlan 7.

I am implementing a spine and leaf architecture (or collapsed core, whichever terminology you want to use) using the 9372PX as my core (spine), and the HP 4204vl as my access (leaf) switch, as you can review in the attached PowerPoint file. The Nexus switch is running in NX-OS mode on version 6.1(2)I3(3a).

I am using 1G multi-mode fiber uplinks from the HP switch to the Nexus (also using GLC-SX-MM 1Gig transceivers) for the trunk uplink to the 9372PX. The HP is dynamically trunking with those uplinks, and I am not sure if I need to change that or how to change that if I need to. The HP switch has many options for tagged and untagged VLANs. I am selecting tagged for my access ports in VLAN 7 and 9 to end devices. I am using Po12 as my test uplink from the HP 4204vl to the Nexus 9372PX. Po20 is my vPC link, which looks fine according to the show vpc and show vpc consistency-parameters global output. I am still using vlan 1 as my native vlan currently on both the HP and Nexus switches. Some output has been omitted or changed for security purposes, but all relevant information is still there.

---------------------------------------------------------------------------------------------------------------------

Here is a partial output of my config file:

!Command: show running-config
!Time: Fri May 27 13:14:31 2016

version 6.1(2)I3(3a)
hostname SW1
vdc Switch1 id 1
allocate interface Ethernet1/1-54
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 512
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8

cfs eth distribute
feature interface-vlan
feature hsrp
feature lacp
feature vpc

ip domain-lookup
ip domain-name omitted.com
copp profile strict
omitted output

rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

vlan 1,6-9
vlan 6
name VLAN6
vlan 7
name VLAN7
vlan 8
name VLAN8
vlan 9
name VLAN9

vrf context management
port-channel load-balance src-dst ip-l4port-vlan
hardware qos ns-buffer-profile mesh
vpc domain 20
peer-switch
peer-keepalive destination 192.168.0.253 source 192.168.0.252
peer-gateway
auto-recovery

interface Vlan1
no shutdown
no ip redirects
no ipv6 redirects

interface Vlan6
no shutdown
no ip redirects
ip address 192.168.6.254/24
no ipv6 redirects

interface Vlan7
no shutdown
no ip redirects
ip address 192.168.7.254/24
no ipv6 redirects

interface Vlan8
no ip redirects
no ipv6 redirects

interface Vlan9
no shutdown
management
no ip redirects
ip address 192.168.9.251/24
no ipv6 redirects

interface port-channel12
description TEST downlink to HP 4202vl on ports D23-D24 1Gig MM Fiber
switchport mode trunk
switchport trunk allowed vlan 7,9
vpc 12

omitted for brevity

interface port-channel20
description eth1/43-44 vPC peer link to SW2 eth1/43-44 on 10G MM Fib
er
switchport mode trunk
spanning-tree port type network
vpc peer-link

interface Ethernet1/1
description TEST link to HP 4204vl on port D23 1 Gig MM Fiber
switchport mode trunk
switchport trunk allowed vlan 7,9
channel-group 12 mode active

omitted for brevity

interface Ethernet1/43
description vPC Peer Link Port-Channel 20 to SW2 on eth 1/43-44 10G MM Fiber
switchport mode trunk
channel-group 20 mode active

interface Ethernet1/44
description vPC Peer Link Port-Channel 20 to SW2 on eth 1/43-44 10G MM Fiber
switchport mode trunk
channel-group 20 mode active

omitted for brevity

interface mgmt0
vrf member management
ip address 192.168.0.252/24
line console
line vty
boot nxos bootflash:/n9000-dk9.6.1.2.I3.3a.bin

---------------------------------------------------------------------------------------------------------------------

I am using the management port on the back of the Nexus switches as the peer-keepalive link. Here is the partial output of the show vpc command:

SW1(config)# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 20
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 10
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po20 up 1,6-9

vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
12 Po12 up success success 7,9

---------------------------------------------------------------------------------------------------------------------

Here is the output of show interfaces trunk:

SW1(config)# show int trunk

--------------------------------------------------------------------------------
Port Native Status Port
Vlan Channel
--------------------------------------------------------------------------------
Eth1/1 1 trnk-bndl Po12
Eth1/43 1 trnk-bndl Po20
Eth1/44 1 trnk-bndl Po20
Po12 1 trunking --
Po20 1 trunking --

--------------------------------------------------------------------------------
Port Vlans Allowed on Trunk
--------------------------------------------------------------------------------
Eth1/1 7,9
Eth1/43 1-4094
Eth1/44 1-4094
Po12 7,9
Po20 1-4094

--------------------------------------------------------------------------------
Port Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/1 none
Eth1/43 none
Eth1/44 none
Po12 none
Po20 none

--------------------------------------------------------------------------------
Port STP Forwarding
--------------------------------------------------------------------------------
Eth1/1 none
Eth1/43 none
Eth1/44 none
Po12 7,9
Po20 1,6-9

--------------------------------------------------------------------------------
Port Vlans in spanning tree forwarding state and not pruned
--------------------------------------------------------------------------------
Eth1/1 none
Eth1/43 none
Eth1/44 none
Po12 7,9
Po20 1,6-9

---------------------------------------------------------------------------------------------------------------------

Here is the partial output to show interfaces switchport:

SW1(config)# show int switchport
Name: Ethernet1/1
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 7,9
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none

omitted output

Name: port-channel12
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 7,9
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none

----------------------------------------------------------------------------------------------------

...and finally, here is the output of show spanning tree:

SW1# show spanning-tree vlan 7

VLAN007
Spanning tree enabled protocol rstp
Root ID Priority 32840
Address 0023.04xx.xxxx
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32840 (priority 32768 sys-id-ext 7)
Address 0023.04xx.xxxx
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po12 Desg FWD 1 128.4107 (vPC) P2p
Po20 Desg FWD 1 128.4115 (vPC peer-link) Network P2p

SW1# show spanning-tree vlan 9

VLAN009
Spanning tree enabled protocol rstp
Root ID Priority 32846
Address 0023.04xx.xxxx
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32846 (priority 32768 sys-id-ext 78)
Address 0023.04xx.xxxx
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po12 Desg FWD 1 128.4107 (vPC) P2p
Po20 Desg FWD 1 128.4115 (vPC peer-link) Network P2p

---------------------------------------------------------------------------------------------------------------------

I was trained on the Cisco Catalyst series switches, and Cisco IOS. The NX-OS platform is new to me, so I don't know if I am missing something or doing something wrong. Any help would be greatly appreciated. Thanks!

-Greg M.

willwetherman · ‎05-27-2016

Hi,

The Nexus configuration looks ok.

The fact that you can ping the Nexus VLAN 7 IP address when the port-channel facing the HP switch is set to mode access in VLAN 7 suggests to me that the HP switch is not tagging the VLAN 7 traffic correctly.

On the HP switches have you set the corresponding port-channel (Trk) interface to tag VLAN 7?

View solution in original post

anoop.verma · ‎05-27-2016

Does your access switch support L3 VLAN?

View solution in original post

willwetherman · ‎05-27-2016

Hi,

The Nexus configuration looks ok.

The fact that you can ping the Nexus VLAN 7 IP address when the port-channel facing the HP switch is set to mode access in VLAN 7 suggests to me that the HP switch is not tagging the VLAN 7 traffic correctly.

On the HP switches have you set the corresponding port-channel (Trk) interface to tag VLAN 7?

dgso_admin · ‎05-27-2016

The trunk is a dynamic trunk, and I can currently only access the CLI of the switch, so I don't know how to modify it from there. It will not let me do anything with it from the menu. I will be doing some more research on the HP switch before I can say anything for sure. Thank you for your quick response!

-Greg M.

dgso_admin · ‎05-27-2016

Ok, there are several options on the switch to tag VLANs. By default, all ports are an untagged member of VLAN 1 (default vlan). All other VLANs are set to 'no' to indicate the ports are not a member of any VLAN. Only one port per VLAN can be Untagged.

I have tried tagging the ports that belong to VLAN 7, and making them an untagged member of VLAN 7. I have tried tagging the trunk with VLAN 7 (after I disabled the port-channel port members, I was able to make them an LACP port channel on Trk12), and untagged as VLAN 7 after it didn't work as VLAN 1 untagged. I have tried assigning an IP address to VLAN 7 in the same network as the Nexus VLAN 192.168.7.254. Nothing I have tried so far has worked.

I will post my config of the HP switch on here a little later. Thank you again for your help. Please let me know if you think of anything.

willwetherman · ‎05-27-2016

Hi,

Can you try the following on the HP switch. Replace port A1 with whatever port is connected to the end host in VLAN 7.

trunk D23-D24 Trk1 LACP
vlan 7
   name "VLAN 7"
   untagged A1
   tagged Trk1
   exit

Once this is configured please check and confirm that the port-channel has established successfully on the N9ks using LACP. This should then tag VLAN 7 traffic correctly between the switches.

anoop.verma · ‎05-27-2016

Does your access switch support L3 VLAN?

dgso_admin · ‎05-27-2016

I believe it supports L3 vlan, but I will have to do some more research to be sure. Thank you for your insight.

-Greg M.

dgso_admin · ‎05-27-2016

Yes, it does support L3 vlan.