Pointing out the problem with

Andreas Wildenauer · ‎07-19-2017

I have 2 Nexus 7710 with NX-OS 8 which have a routed VPC Peerlink in between.

To this two devices there is a Cisco 3850 connected. Following config is used:

Nexus-switch1 & 2 #

interface Ethernet1/7
description testswitch
switchport
switchport mode trunk
switchport trunk allowed vlan 100,2101
spanning-tree bpduguard disable
spanning-tree guard root
channel-group 1102 mode active
no shutdown

interface port-channel1102
description testswitch
switchport
switchport mode trunk
switchport trunk allowed vlan 100,2101
ip dhcp snooping trust
vpc 1102

Config on 3850:

interface GigabitEthernet1/1/1
description Nexus1
switchport trunk allowed vlan 100,2101
switchport mode trunk
switchport nonegotiate
udld port
channel-group 1 mode active
spanning-tree portfast disable
spanning-tree bpduguard disable
ip dhcp snooping trust

interface TenGigabitEthernet1/1/4
description Nexus2
switchport trunk allowed vlan 100,2101
switchport mode trunk
switchport nonegotiate
udld port
channel-group 1 mode active
spanning-tree portfast disable
spanning-tree bpduguard disable
ip dhcp snooping trust

interface Port-channel1
description NXexus1/2
switchport trunk allowed vlan 100,2101
switchport mode trunk
switchport nonegotiate
spanning-tree bpduguard disable
ip dhcp snooping trust

When I am located in Vlan 100 and trying to reach a host in Vlan2101 it does not work, but i can reach all 3 glbp IPs (Vip, primary, standby) as soon i shut down one link everything is working:

Both links active:

U:\>ping 172.20.101.108

Ping wird ausgeführt für 172.20.101.108 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.

shutting down one link:

U:\>ping 172.20.101.108

Ping wird ausgeführt für 172.20.101.108 mit 32 Bytes Daten:
Antwort von 172.20.101.108: Bytes=32 Zeit=1ms TTL=127
Antwort von 172.20.101.108: Bytes=32 Zeit=1ms TTL=127

Strange behaviour: only some of the hosts in the other network are not reachable, as soon one link is down all are reachable again.

Both Vlans having their routing instance on the nexus with glbp as standby protocol.

nazimkha · ‎07-20-2017

Pointing out the problem with no access and little information is difficult.

One thing which I could see is port-channel 1 on 3850. For forming a port-channel, you can only combine similar interfaces with equal speeds. I see you have used ten1/1/1 and g1/1/1 on 3850. have you adjusted the speed to 1G ?

Regards,

Nazim

Andreas Wildenauer · ‎07-23-2017

Hi, i found the Problem myself. On the Trunk i had one more Vlan configured (which i have deleted in the update above due to security reason).

This Vlan was on both uplinks but not configured on one of the 7700. I did a shut/no shut a couple of times on the Connections but never received an error, after leaving down the Interface over night and reactivated it in the morning i received a log message of inconsistend Vlans.

It seems to be a bug as i did receive a message only after leaving the Port down for a while.

Secondly i also don't understand why the Vlan is not automatically created when it gets configured on a port... My be a Feature request ;-)

Nazim, the 3850 has a 4x1G/ 2x10G Module, even if use only a 1G SFP in the TE Slot i have to configure the TE Interface not the 1G.. It's very confusing as the CDP command also shows a TE Interface on the neigbohr, but in fact it is a 1G.

Anyway, Problem solved, thank you for the Reply!

Nexus 7700 no connections of some hosts in different vlans over vpc connected switch