cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19003
Views
19
Helpful
10
Replies

%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED

Hi Team,

Can i have reason for this kind logs...Why we are getting?....

Please help me resolve this ISSUE ASAP.

Logs:

=======

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel1 are being suspend

ed. (Reason: Vlan is not allowed on Peer-link)

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel18 are being suspen

ded. (Reason: Vlan is not allowed on Peer-link)

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel16 are being suspen

ded. (Reason: Vlan is not allowed on Peer-link)

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel14 are being suspen

ded. (Reason: Vlan is not allowed on Peer-link)

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel12 are being suspen

ded. (Reason: Vlan is not allowed on Peer-link)

2012 Dec 13 17:54:43 NX7K %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9 on Interface port-channel2 are being suspend

ed. (Reason: Vlan is not allowed on Peer-link)

NX7K#

Regards,

Sen

10 Replies 10

Abzal
Level 7
Level 7

Hi,

From what I see I'm assuming because VLAN 9 is not allowed on some port-channel interfaces. Try to check trunk configuration on these port-channels:

sh run int po1

sh run int po18

sh run int po16

sh run int po14

sh run int po12

sh run int po2

sh int trunk

And add this VLAN on interfaces:

int po1

switchport trunk allowed vlan add 9

And do same action on rest port-channle ports.

Hope it will help

Best regards,
Abzal

NX7K# sh run int po1

!Command: show running-config interface port-channel1

!Time: Wed Dec 19 05:17:38 2012

version 5.2(1)

interface port-channel1

  description VPC - PEER-LINK - PO1

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  spanning-tree port type network

  vpc peer-link

NX7K# sh run int po18

!Command: show running-config interface port-channel18

!Time: Wed Dec 19 05:17:54 2012

version 5.2(1)

interface port-channel18

  description VPC - NOWCPXX-F539002

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  vpc 18

NX7K# sh run int po16

!Command: show running-config interface port-channel16

!Time: Wed Dec 19 05:17:58 2012

version 5.2(1)

interface port-channel16

  description VPC - NOWCNXX-F539002

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  vpc 16

NX7K# sh run int po14

!Command: show running-config interface port-channel14

!Time: Wed Dec 19 05:18:02 2012

version 5.2(1)

interface port-channel14

  description VPC - NOWCPXX-F539001

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  vpc 14

NX7K# sh run int po12

!Command: show running-config interface port-channel12

!Time: Wed Dec 19 05:18:06 2012

version 5.2(1)

interface port-channel12

  description VPC - NOWCNXX-F539001

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  vpc 12

NX7K# sh run int po2

!Command: show running-config interface port-channel2

!Time: Wed Dec 19 05:18:16 2012

version 5.2(1)

interface port-channel2

  description VPC - NOWCPXX-NX7K001-AGG/NX7K-AGG - PO2

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1-699,901-3967

  vpc 2

NX7K#

Hi ,

Thanks for reply...

am getting below error logs on one of the management switch.

The interface FastEthernet1/0/24 is connected with above mentioned 7K am suspecting may be because of this 7K issue  happening

already checked physical connectivity is working fine on managemnt switch.

Dec 13 16:46:25.584: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/24, changed state to down

Dec 13 16:46:26.583: %LINK-3-UPDOWN: Interface FastEthernet2/0/24, changed state to down

Dec 13 16:46:30.945: %LINK-3-UPDOWN: Interface FastEthernet2/0/24, changed state to up

Dec 13 16:46:31.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0/24, changed state to up

Dec 13 16:47:59.788: %LINK-3-UPDOWN: Interface FastEthernet1/0/24, changed state to up

Dec 13 16:48:00.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to up

Dec 13 17:50:29.118: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/24, changed state to down

Dec 13 17:50:30.124: %LINK-3-UPDOWN: Interface FastEthernet1/0/24, changed state to down

MGMT1#

MGMT1#

MGMT1#sh int FastEthernet1/0/24

FastEthernet1/0/24 is down, line protocol is down (notconnect)

  Hardware is Fast Ethernet, address is 34a8.4e16.bf9a (bia 34a8.4e16.bf9a)

  Description: NOWCPXX-NX7K002

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, media type is 10/100BaseTX

  Media-type configured as  connector

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 5d10h, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     173622 packets input, 31629592 bytes, 0 no buffer

     Received 161446 broadcasts (77618 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 77618 multicast, 0 pause input

     0 input packets with dribble condition detected

     1383107 packets output, 155572637 bytes, 0 underruns

     0 output errors, 0 collisions, 3 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

MGMT1#

MGMT1#

MGMT1#sh run int FastEthernet1/0/24

Building configuration...

Current configuration : 94 bytes

!

interface FastEthernet1/0/24

description NX7K2

switchport access vlan 3240

end

Regards,

Sen

Hi,

Post here you topology. How is MGMT switch connected with 7K switches?

Abzal

Best regards,
Abzal

Hi Abzal,

Thanks for update....

Which is connected with Nexus 7k through patching with two ports...

But it's showing amber light..

Regards,

Sen

Hi,

As per this document http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_vPC.html#wp1558288 :

Peer-Keepalive Link and Messages

"The Cisco NX-OS software uses the peer-keepalive link between the vPC  peers to transmit periodic, configurable keepalive messages. You must  have Layer 3 connectivity between the peer devices to transmit these  messages; the system cannot bring up the vPC peer link unless the  peer-keepalive link is already up and running.

You must create all VLANs on both the primary and secondary vPC devices, or the VLAN will be suspended. "

So I think because interface on MGMT switch goes down VPC peers stops receiving vpc keepalive messages so it suspends VLANs to prevent loops.

check if any issues with vpc:

show vpc brief

I don't have expirience working with Nexus. So I'm just guessing.

Hope it will help.

Best regards,
Abzal

Hi Abzal,

Thanks for your reply...

I can see Vlan9 interface configured on other Datacenter 7K switch's But i can't see in current issue 7K switch.

Logs:

--------

NX7K002# sh vpc brief

Legend:

                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1

Peer status                       : peer adjacency formed ok

vPC keep-alive status             : peer is alive

Configuration consistency status  : success

Per-vlan consistency status       : success

Type-2 consistency status         : success

vPC role                          : secondary, operational primary

Number of vPCs configured         : 5

Peer Gateway                      : Enabled

Peer gateway excluded VLANs       : -

Dual-active excluded VLANs        : -

Graceful Consistency Check        : Enabled

Auto-recovery status              : Enabled (timeout = 240 seconds)

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans

--   ----   ------ --------------------------------------------------

1    Po1    up     1,960-967,972,974,980-981,1100-1103,1105-1108,1110

                   -1113,1115-1118,1120-1123,1125-1128,1130-1133,1135

                   -1138,1140,1145,1150,1155,1160,1165,1300-1303,1305

                   -1308,1310-1313,1315-1318,1320-1323,1325-1328,1330

                   -1333,1335-1338,1340,1345,1350,1355,1360,1365,1500 ....

vPC status

----------------------------------------------------------------------

id   Port   Status Consistency Reason                     Active vlans

--   ----   ------ ----------- ------                     ------------

2    Po2    up     success     success                    1,960-967,9

                                                          72,974,980-

                                                          981,1100-11

                                                          03,1105-110

                                                          8,1110-1113 ....

12   Po12   up     success     success                    1,960-967,9

                                                          72,974,980-

                                                          981,1100-11

                                                          03,1105-110

                                                          8,1110-1113 ....

14   Po14   up     success     success                    1,960-967,9

                                                          72,974,980-

                                                          981,1100-11

                                                          03,1105-110

                                                          8,1110-1113 ....

16   Po16   up     success     success                    1,960-967,9

                                                          72,974,980-

                                                          981,1100-11

                                                          03,1105-110

                                                          8,1110-1113 ....

18   Po18   up     success     success                    1,960-967,9

                                                          72,974,980-

                                                          981,1100-11

                                                          03,1105-110

                                                          8,1110-1113 ....

NX7K002#

Current 7K Don't have interface Vlan9:


vpc domain 1

  role priority 12000

  system-priority 4000

  peer-keepalive destination 10.133.253.193 source 10.133.253.194 vrf vpc-keepalive

  peer-gateway

  auto-recovery

From other Location 7K configuartion got Vlan9 interface

interface Vlan9

  no shutdown

  no ip redirects

  ip address 172.16.254.251/24

Thanks....

Regards,

Sen

Hi,

Ok I see. I need some explanation what is purpose of VLAN 9? Are these Nexuses acting like core of your network? Have you created VLAN 9 on both Nexuses? Because if there is no access port with VLAN 9 or trunk port that allows VLAN 9 it will not come up. And if there is no VLAN 9 in VLAN database.

On both Nexus:

sh vlan

sh int trunk

On NX7K:

sh vpc brief

Hope it will help.

Best regards,
Abzal

Arun Yadav
Cisco Employee
Cisco Employee

In this scenario , VLAN must be down for that keepalive and if you check the logging log , you will see an error message for that VLAN like below:

ETHPORT-3-IF_ERROR_VLANS_ERROR: VLANs 1
86 on Interface port-channel1 are in error state. (Reason: peer-keepalive not operational, peer never alive)


just to make sure vpc peer keep alive VLAN shouldn't pass thorught peer-link and we have to pass keepalive separately.
try to create new subnet or VLAN just for keep-alive and that would bring the VLAN up on both of the sides

 

Review Cisco Networking for a $25 gift card