Nexus 5k config sync local commit failure

jeremys8137 · ‎01-31-2013

I have 2 nexus 5K's with 2 2K's in an active active toplogy and I'm trying to use config sync across the 2 5k's to simplify the fex configuration process and minimize the chance for errors. I've got it setup but on the local switch that I imput the command I get a commit failure and when i do a "show switch-profile status" I get this output. Now the odd thing is that the other switch is updated with the proper config as shown in the output under Peer Information "sync-status: In Sync" and verified by the show int status command -by the way the command I was running was just switchport access vlan 8. Anyone have any idea?

(Update) This happens on both switches

switch-profile : PROD

----------------------------------------------------------

Start-time: 212050 usecs after Thu Jan 31 10:20:53 2013

End-time: 261330 usecs after Thu Jan 31 10:20:59 2013

Profile-Revision: 1

Session-type: Commit

Session-subtype: -

Peer-triggered: No

Profile-status: Commit Failed

Local information:

----------------

Status: Commit Failure

Error(s):

Failed command(s):

config terminal

% Permission denied

`end`

Peer information:

----------------

IP-address: 10.125.0.11

Sync-status: In sync

Status: Commit Success

Error(s):

Kevin Dorrell · ‎01-31-2013

I have had problems with conf sync, but I did eventually get them resolved. It looks as if you have managed to get conf term into your switch-profile buffer, but I don't know how.

Try uploading your config on each switch to a TFTP server and do a stare and compare. It is quite interesting to see how the configuration is shared out between the conf term mode and the conf sync mode.

Try deleting the conf sync buffer and then commit. Commands are conf sync, then switch-profile, then buffer -delete all. This will only delete the comands that are pending a commit. Then try commit with the empty buffer.

As a last resort you can use resync-database but not on a production system.

Sent from Cisco Technical Support Android App

jeremys8137 · ‎01-31-2013

That Kinda worked, the system isn't in production just yet I just named the profile that because it soon will be. So I deleted the config sync buffer and got a commit successful with nothing in the buffer then i did another switchport access vlan xx and got a commit successful but it didn't update on the other switch even though when i do a show switch-profile status on the second switch it says commit successful. Then I tried running the command again immediately after switchport access vlan xx and got a commit failed again for the same reason config ter permission denied. I'm all confused now lol

Kevin Dorrell · ‎02-07-2013

I'm a bit confused about the conf term message. Normally you would not be going anywhere near conf term. Normally you would be doing all the configuration of your dual-homed FEX ports within the context of the switch-profile. Can you post the terminal log please?

Sent from Cisco Technical Support Android App

jeremys8137 · ‎02-07-2013

I opened a TAC case for the issue and I was informed that this is a bug in the nexus code. when config sync is configured along with AAA, config sync fails. The issue has been fixed in a later code version or i can just disable AAA

Affected Verisons

5.0(2)N2(1)

5.0(3)N1(1)

Fixed:

5.0(3)N2(1)

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn05741&from=summary

Kevin Dorrell · ‎02-07-2013

Thanks for the update Jeremy.

Sent from Cisco Technical Support Android App