Nexus 7k vPC and orphan ports


we have two nexus 7k connected via vPC peer. We have edge switch connected to the core using HSRP via vPC.

Now we have 1 orphan port connected to each Nexus (WLC).

The problem is i cant seem to connect / ping the WLC (only 1 of them) that is connected to the orphan port  and i think it is probably due to the packet arriving at the secondary HSRP and traversing through peer-link and dropping the packet.

HSRP address on Core:

vlan 10 - N7k1 -

Vlan 10 - N7k2 -

Edge Sw - - Vlan 10

WLC 1 - Vlan 100 -

WLC 2 - Vlan 100 -

HSRP ADdress for Vlan 100 -

N7k1 - Primary vPC

n7k2 - Secondary vPC

WLC1 (orphan port)



N7k1 ------vPC---------N7k2 -------WLC2 (orphan port)

  |                              |

  |                              |

  |                              |

  |-------EDGE SW-------|

          (vlan 10 -

Now what is the best practise for HSRP with vPC for orphan ports ?

The problem is i can only ping 1 wlc from a machine. on doing a traceroute i find that the packets seems reach N7k1 and reach wlc that is connected to its own port but not to the WLC that is connected to N7k2 due to the packet travesing through peer-link and dropping at the peer-link.

Now what is the best practise to sort this out and reach both WLC at the same time ?  Do i move the WLC 2  to N7k1 ?

any thoughts please?




Is there any update about this problem?

I got the similar problem when doing a POC(proof of concept before deployment).

After enabling peer gateway, this problem got solved.

But during deployment, enable peer gateway makes all the traffic went wrong.

Everything is fine after disabling peer gateway, even orphan ports(not single attached, STP blocked one port)

That makes me very confuse about peer gateway...

So I am wondering what is the result you issue this command.

BTW, do you use peer-switch too?

Hello Mason,

I'd like to understand you topology and the symptoms you were seeing. Maybe start another thread to talk through those.

Peer-gateway should have no impact on traffic that uses the MAC/IP address of the VIP.

In regards to peer-switch, it's only recommended in a complete vPC environment.


think this worked by adding vpc peergateway. Thanks David