04-17-2013 12:40 AM - edited 03-07-2019 12:51 PM
Hello,
i have:
two nexus 5596 connected each other
the mgmt0 is NOT in use
SVI for keepalives with IP address and /30 netmask
vpc-keepalives running over fiber in e1/1. this works well
uplinks to datacenter distribution switch (Cat 6500 VSS) over fiber on port-channel 1 (e1/2 and e1/10), also carrying the management VLAN (vlan 14).
SVI with an IP address for management purposes
I can't get this to work. i can ping my whole network from the nexus, but not the nexus from my network. also pinging inside the mgmt vlan is not possible.
any ideas on that?
show vpc looks nice, show interface trunk looks nice,
04-17-2013 01:36 AM
Hi,
Are you using the VRF in any way on this switch? Can you post a show run and show ip route output?
Regards
04-17-2013 04:12 AM
I do not use the management VRF in any other way.
Here is the relevant part of the sh running:
!
vrf context management
spanning-tree loopguard default
udld aggressive
port-channel load-balance ethernet source-dest-port
vpc domain 5
role priority 1000
system-priority 4000
peer-keepalive destination 10.233.40.14 source 10.233.40.13 vrf default precedence 7
peer-config-check-bypass
auto-recovery
!
interface Vlan1
!
interface Vlan14
no shutdown
ip address 10.232.10.62/24
!
interface Vlan26
no shutdown
ip address 10.233.40.13/30
!
interface port-channel1
description Uplink to VSS
switchport mode trunk
switchport trunk native vlan 236
switchport trunk allowed vlan 14,236
spanning-tree port type network
speed 10000
storm-control broadcast level 2.00
storm-control multicast level 2.00
vpc 1
!
interface port-channel2
description vpc-peer-link
switchport mode trunk
switchport trunk allowed vlan 1,14,236
spanning-tree port type network
speed 10000
vpc peer-link
!
ip route 0.0.0.0/0 10.232.10.200
!
And the routing table:
sh ip route vrf all
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
0.0.0.0/0, ubest/mbest: 1/0, pending
*via 10.232.10.200, Vlan14, [1/0], 00:00:55, static
10.232.10.0/24, ubest/mbest: 1/0, attached, pending
*via 10.232.10.62, Vlan14, [0/0], 00:00:55, direct
10.232.10.62/32, ubest/mbest: 1/0, attached, pending
*via 10.232.10.62, Vlan14, [0/0], 00:00:55, local
10.233.40.12/30, ubest/mbest: 1/0, attached, pending
*via 10.233.40.13, Vlan26, [0/0], 00:00:55, direct
10.233.40.13/32, ubest/mbest: 1/0, attached, pending
*via 10.233.40.13, Vlan26, [0/0], 00:00:55, local
IP Route Table for VRF "management"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
04-17-2013 05:07 AM
Mate check the ip addressing for te mgmt vlan. Along with the mask. Unable to ping within the mgmt vlan needs to be checked out. Chek if the uplink is allowin the mgmt vlan
04-17-2013 02:46 PM
Hi,
It's late, but do your VLANs match?
It seems you have VLAN 14 and 26, but your port-channel is configured for VLANs 14 and 236. Is that a fat finger adding a 3 or a tied eye reading it incorrectly?
Regards
Sent from Cisco Technical Support Android App
04-18-2013 12:24 AM
Yes, thats correct. Vlan 14 is management ip address and vlan 26 is for the keepalive link.
in the meantime i reconfigured the switches the recommended way (keepalive over mgmt0) and the problem persists. after a reboot, everything works as expected...
now i will reconfigure the switches with my prefered config again. let's see what will happen....
04-18-2013 01:17 AM
Hi,
My point is that you do not allow VLAN 26 on the port-channel. The only VLANs allowed are 14 and 236 (two hundred and thirty six).
Regards
Sent from Cisco Technical Support iPhone App
04-18-2013 01:35 AM
Ah ok. i forgot to tell you this part of my config:
!
interface Ethernet1/1
description vPC Keepalive
switchport access vlan 26
speed 1000
storm-control broadcast level 2.00
storm-control multicast level 2.00
!
:-)
Do not allow the keepalive vlan on the VPC Link. this will break the communication and when the vpc link went down, you will have a split brain scenario! To avoid this, you can configure an extra vrf for the keepalive. see my final config.
My final config now is a separate VRF for the keepalive. this makes some things easer.
vrf context VPC-KEEPALIVE
peer-keepalive destination 10.233.40.14 source 10.233.40.13 vrf VPC-KEEPALIVE precedence 7
!
interface Vlan14
no shutdown
management
ip address 10.232.10.62/24
!
interface Vlan26
no shutdown
vrf member VPC-KEEPALIVE
ip address 10.233.40.13/30
!
What we have now is: Keepalive over fiber (e1/1 nexus 5k-1 to e1/1 nexus 5k-2) and an inband management over a trunked vlan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide