Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1460
Views
5
Helpful
55
Replies

problem VRRP, LACP Nexus 3048TP LAN1K9

JulianDD
Level 1
Level 1

‎05-05-2024 03:26 PM

Hi, i have problem of synced betewin my 2 switchs nexus 7.0.3.i7.3

I use feature BGP, LACP and VRRP (also VPC etc..)

But it's impossible of configure correctly the protocol

I have many errors :

One : In log :

%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 9-10 on Interface port-channel3 are being suspended. (Reason: peer-keepalive no
t operational, peer never alive)

I See that : https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc06939

Two : show vrrpv3 brief
First switch (ok)

Vlan10 1 IPv4 100 0 N Y MASTER xxx.xxx.xxx.001(local) xxx.xxx.xxx.254

Second switch (missing ip?)
Vlan10 1 IPv4 100 0 N Y INIT AF-UNDEFINED xxx.xxx.xxx.254

Three : show vrrp
Switch 1 :
Vlan10 - Group 1 - Address-Family IPv4
State is MASTER
State duration 4 days 22 hours 19 mins
Virtual IP address is xxx.xxx.xxx.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1000 msec
Preemption enabled, delay min 30 secs (0 msec remaining)
Priority is 100
Master Router is xxx.xxx.xxx.254 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 629 msec)
Master Down interval is unknown

 

Switch 2 :
Vlan10 - Group 1 - Address-Family IPv4
State is INIT (Interface Down)
State duration 19 mins 0.629 secs
Virtual IP address is xxx.xxx.xxx.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1000 msec
Preemption enabled, delay min 30 secs (0 msec remaining)
Priority is 100
Master Router is unknown, priority is unknown
Master Advertisement interval is unknown
Master Down interval is unknown

Four : sh vpc role
Switch 1 :
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 84:b8:02:92:31:bc
vPC local role-priority : 0
vPC local config role-priority : 1
vPC peer system-mac : 00:00:00:00:00:00
vPC peer role-priority : 0
vPC peer config role-priority : 0


Switch 2 :
vPC role : none established
Dual Active Detection Status : 0
vPC system-mac : 00:00:00:00:00:00
vPC system-priority : 32667
vPC local system-mac : a4:4c:11:6b:ca:bc
vPC local role-priority : 0
vPC local config role-priority : 2
vPC peer system-mac : 00:00:00:00:00:00
vPC peer role-priority : 0
vPC peer config role-priority : 0

 

Could you help me ?
Regars

Julian

Labels:
0 Helpful
55 Replies 55

balaji.bandi
Hall of Fame
Hall of Fame

‎05-05-2024 05:18 PM

what is port-channel 3 ?

Looks like you have vPC configuration issue, you need to post both the nexus configuration here:

show run

show cdp neigh

show vpc brief

show vpc role

show vpc peer-keepalive

check the vPC best practice, same for all nexus devices :

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

DanielP211
VIP
VIP

‎05-06-2024 01:28 AM

Hello,

Please display all configuration regarding portchannel and vpc.

BR

****Kindly rate all useful posts*****
0 Helpful

JulianDD
Level 1
Level 1

‎05-06-2024 09:22 AM - edited ‎05-18-2024 01:38 PM

Thx Guys,

Show my 2 conf (switch br1 and br2)

Descriptions : My Br1 is work actually and no communicating to br2.
Also, at 24 april, i replace my BR2 material by same model and i uploaded my conf file backuped. But not work ...

Thank you for your support

Julian

0 Helpful

MHM Cisco World
VIP
VIP
In response to JulianDD

‎05-06-2024 09:25 AM 

peer-keepalive destination 10.0.0.1 source 10.0.0.0 vrf pka1

The source is 10.0.0.0 ???

MHM 

0 Helpful

JulianDD
Level 1
Level 1
In response to MHM Cisco World

‎05-06-2024 09:28 AM

Hi MHM,

Yes, the ip address 10.0.0.0 is br1, it's possible.


Regards,

Julian

0 Helpful

MHM Cisco World
VIP
VIP
In response to JulianDD

‎05-06-2024 09:31 AM

No friend

You use /31 for p2p and that not work 

You need for keepalive 

Four IP

One for each NSK 

And one network Id and other broadcast IP

I.e. you need to use /30 at least 

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to JulianDD

‎05-06-2024 11:21 AM 

Also, at 24 april, i replace my BR2 material by same model and i uploaded my conf file backuped. But not work ...

is that working before April 24 ?

Do you have high level rough diagram what ports connected each other ?

My observation on the config :

1. have you created VRF ? i do not see in the config that VRF context created.

create VRF context on both the switches :

vrf context pka1

vrf context management

2. i would suggest small changes on the config and test it (make sure some of the configuration you changing may have convergence,) so understand the config apply in the maintenance window.

BR1 :

vpc domain 1
role priority 1
peer-keepalive destination 10.0.0.2 source 10.0.0.1 vrf pka1
peer-switch
peer-gateway
auto-recovery
ipv6 nd synchronize
ip arp synchronize

interface Vlan9
description interco-routers
no shutdown
mtu 9216
ip address 10.0.0.9/29    -- this changed may be required associated config 

interface port-channel2
description keepalive
no switchport
vrf member pka1
ip address 10.0.0.1/29

BR2:

vpc domain 1
role priority 2
peer-keepalive destination 10.0.0.1 source 10.0.0.2 vrf pka1
peer-switch
peer-gateway
auto-recovery
ipv6 nd synchronize
ip arp synchronize


interface Vlan9
description interco-routers
no shutdown
mtu 9216
ip address 10.0.0.10/29

interface port-channel2
description keepalive
no switchport
vrf member pka1
ip address 10.0.0.2/29

Note : i am more focusing on bringing the VPC up before we can test other stuff

Also thinking that Layer 2 connection up and interface connected right port each other.

 

I have also requested other information as below :

show cdp neigh

show vpc brief

show vpc role

show vpc peer-keepalive

Also some reference ,my vPC testing :

https://www.balajibandi.com/?p=618

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JulianDD
Level 1
Level 1
In response to balaji.bandi

‎05-06-2024 11:54 AM

Hi BB,

Yes work since 2018
Photo in datacenter about switchs (sorry for quality)

VRF here
vrf context management
ip route 0.0.0.0/0 192.168.0.254
vrf context pka1
description vPC1 keepalive

Tell me if you have questions.

Regards,

Julian

 

Preview file
580 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to JulianDD

‎05-06-2024 02:06 PM - edited ‎05-06-2024 02:13 PM

that's fine - i did not find the information on your show run hence the question.

i would like to see below information if you need more assistance

 have also requested other information as below : from both the switches.

show cdp neigh

show vpc brief

show vpc role

show vpc peer-keepalive

show ip interface brief

EDIT- rather another post 

how ip address 10.0.0.9/29 -- this changed may be required associated config ?

instead of /31 i changed IP address to /29 to be clear

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JulianDD
Level 1
Level 1
In response to balaji.bandi

‎05-06-2024 02:24 PM

BR1

show cdp neigh
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute

Device-ID Local Intrfce Hldtme Capability Platform Port ID
sw2(xxxxxxx) Eth1/45 120 R S s N3K-C3048TP-1 mgmt0
sw2(xxxxxxx) Eth1/46 120 R S I s N3K-C3048TP-1 Eth1/1
br2.domain.com(xxxxxxx)
Eth1/49 123 R S I s N3K-C3048TP-1 Eth1/49
br2.domain.com(xxxxxxx)
Eth1/50 123 R S I s N3K-C3048TP-1 Eth1/50

show vpc brief
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 1
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : primary
Number of vPCs configured : 46
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po3 up -

vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
1001 Po1001 down failed Peer-link is down -

1002 Po1002 down failed Peer-link is down -

1003 Po1003 up success Type checks were 10
bypassed for the vPC
1004 Po1004 down failed Peer-link is down -

1005 Po1005 down failed Peer-link is down -

1006 Po1006 down failed Peer-link is down -

1007 Po1007 down failed Peer-link is down -

1008 Po1008 down failed Peer-link is down -

1009 Po1009 up success Type checks were 10
bypassed for the vPC
1010 Po1010 up success Type checks were 10
bypassed for the vPC
1011 Po1011 up success Type checks were 10
bypassed for the vPC
1012 Po1012 up success Type checks were 10
bypassed for the vPC
1013 Po1013 down failed Peer-link is down -

1014 Po1014 down failed Peer-link is down -

1015 Po1015 down failed Peer-link is down -

1016 Po1016 down failed Peer-link is down -

1017 Po1017 down failed Peer-link is down -

1018 Po1018 up success Type checks were 10
bypassed for the vPC
1019 Po1019 down failed Peer-link is down -

1020 Po1020 down failed Peer-link is down -

1021 Po1021 down failed Peer-link is down -

1022 Po1022 up success Type checks were 10
bypassed for the vPC
1023 Po1023 down failed Peer-link is down -

1024 Po1024 down failed Peer-link is down -

1025 Po1025 down failed Peer-link is down -

1026 Po1026 down failed Peer-link is down -

1027 Po1027 down failed Peer-link is down -

1028 Po1028 down failed Peer-link is down -

1029 Po1029 down failed Peer-link is down -

1030 Po1030 down failed Peer-link is down -

1031 Po1031 down failed Peer-link is down -

1032 Po1032 down failed Peer-link is down -

1033 Po1033 down failed Peer-link is down -

1034 Po1034 down failed Peer-link is down -

1035 Po1035 down failed Peer-link is down -

1036 Po1036 down failed Peer-link is down -

1037 Po1037 down failed Peer-link is down -

1038 Po1038 down failed Peer-link is down -

1039 Po1039 down failed Peer-link is down -

1040 Po1040 down failed Peer-link is down -

1041 Po1041 down failed Peer-link is down -

1042 Po1042 down failed Peer-link is down -

1043 Po1043 down failed Peer-link is down -

1044 Po1044 down failed Peer-link is down -

1045 Po1045 up success Type checks were 10
bypassed for the vPC
1046 Po1046 up success Type checks were 10
bypassed for the vPC


show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 84:b8:02:92:31:bc
vPC local role-priority : 0
vPC local config role-priority : 1
vPC peer system-mac : 00:00:00:00:00:00
vPC peer role-priority : 0
vPC peer config role-priority : 0

show vpc peer-keepalive
PC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 84:b8:02:92:31:bc
vPC local role-priority : 0
vPC local config role-priority : 1
vPC peer system-mac : 00:00:00:00:00:00
vPC peer role-priority : 0
vPC peer config role-priority : 0

show vpc peer-keepalive

vPC keep-alive status : Suspended (Destination IP not reachable)
--Send status : Success
--Last send at : 2024.05.06 23:15:57 606 ms
--Sent on interface :
--Receive status : Failed
--Last update from peer : (508793) seconds, (801) msec

vPC Keep-alive parameters
--Destination : 10.0.0.1
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : pka1
--Keepalive udp port : 3200
--Keepalive tos : 192

show ip interface brief

vPC keep-alive status : Suspended (Destination IP not reachable)
--Send status : Success
--Last send at : 2024.05.06 23:15:57 606 ms
--Sent on interface :
--Receive status : Failed
--Last update from peer : (508793) seconds, (801) msec

vPC Keep-alive parameters
--Destination : 10.0.0.1
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : pka1
--Keepalive udp port : 3200
--Keepalive tos : 192

show ip interface brief

IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan9 10.0.0.2 protocol-down/link-down/admin-up
Vlan10 xxx.xxx.xxx.252 protocol-up/link-up/admin-up
Eth1/51 149.14.0.50 protocol-up/link-up/admin-up

 


BR2

Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute

Device-ID Local Intrfce Hldtme Capability Platform Port ID
br1.domain.com(xxxxxx)
Eth1/49 162 R S I s N3K-C3048TP-1 Eth1/49
br1.domain.com(xxxxxx)
Eth1/50 162 R S s N3K-C3048TP-1 Eth1/50

Total entries displayed: 2

show vpc brief

vPC domain id : 1
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : none established
Number of vPCs configured : 46
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po3 up -

vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
1001 Po1001 down failed Peer-link is down -

1002 Po1002 down failed Peer-link is down -

1003 Po1003 down failed Peer-link is down -

1004 Po1004 down failed Peer-link is down -

1005 Po1005 down failed Peer-link is down -

1006 Po1006 down failed Peer-link is down -

1007 Po1007 down failed Peer-link is down -

1008 Po1008 down failed Peer-link is down -

1009 Po1009 down failed Peer-link is down -

1010 Po1010 down failed Peer-link is down -

1011 Po1011 down failed Peer-link is down -

1012 Po1012 down failed Peer-link is down -

1013 Po1013 down failed Peer-link is down -

1014 Po1014 down failed Peer-link is down -

1015 Po1015 down failed Peer-link is down -

1016 Po1016 down failed Peer-link is down -

1017 Po1017 down failed Peer-link is down -

1018 Po1018 down failed Peer-link is down -

1019 Po1019 down failed Peer-link is down -

1020 Po1020 down failed Peer-link is down -

1021 Po1021 down failed Peer-link is down -

1022 Po1022 down failed Peer-link is down -

1023 Po1023 down failed Peer-link is down -

1024 Po1024 down failed Peer-link is down -

1025 Po1025 down failed Peer-link is down -

1026 Po1026 down failed Peer-link is down -

1027 Po1027 down failed Peer-link is down -

1028 Po1028 down failed Peer-link is down -

1029 Po1029 down failed Peer-link is down -

1030 Po1030 down failed Peer-link is down -

1031 Po1031 down failed Peer-link is down -

1032 Po1032 down failed Peer-link is down -

1033 Po1033 down failed Peer-link is down -

1034 Po1034 down failed Peer-link is down -

1035 Po1035 down failed Peer-link is down -

1036 Po1036 down failed Peer-link is down -

1037 Po1037 down failed Peer-link is down -

1038 Po1038 down failed Peer-link is down -

1039 Po1039 down failed Peer-link is down -

1040 Po1040 down failed Peer-link is down -

1041 Po1041 down failed Peer-link is down -

1042 Po1042 down failed Peer-link is down -

1043 Po1043 down failed Peer-link is down -

1044 Po1044 down failed Peer-link is down -

1045 Po1045 down failed Peer-link is down -

1046 Po1046 down failed Peer-link is down -

show vpc role

vPC Role status
----------------------------------------------------
vPC role : none established
Dual Active Detection Status : 0
vPC system-mac : 00:00:00:00:00:00
vPC system-priority : 32667
vPC local system-mac : a4:4c:11:6b:ca:bc
vPC local role-priority : 0
vPC local config role-priority : 2
vPC peer system-mac : 00:00:00:00:00:00
vPC peer role-priority : 0
vPC peer config role-priority : 0

show vpc peer-keepalive

vPC keep-alive status : Suspended (Destination IP not reachable)
--Send status : Success
--Last send at : 2024.05.06 23:19:08 295 ms
--Sent on interface :
--Receive status : Failed
--Last update from peer : (562) seconds, (863) msec

vPC Keep-alive parameters
--Destination : 10.0.0.4
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : pka1
--Keepalive udp port : 3200
--Keepalive tos : 192

show ip interface brief

IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan9 10.0.0.3 protocol-down/link-down/admin-up
Vlan10 xxx.xxx.xxx.253 protocol-down/link-down/admin-up
Eth1/51 212.85.148.15 protocol-up/link-up/admin-up

Regards

Julian

0 Helpful

JulianDD
Level 1
Level 1
In response to balaji.bandi

‎05-06-2024 02:03 PM

Hi,

how ip address 10.0.0.9/29 -- this changed may be required associated config ?

Regards

0 Helpful

JulianDD
Level 1
Level 1
In response to balaji.bandi

‎05-12-2024 09:15 AM

Hi,

I try with peer-switch and change mask and IP.
No result

Have you an other idea ?

Regards

Julian

0 Helpful

JulianDD
Level 1
Level 1

‎05-06-2024 09:38 AM

Thank you for your answer,

So you want i change thoses values only ?

interface Vlan9
description interco-routers
no shutdown
mtu 9216
ip address 10.0.0.3/30

interface port-channel2
description keepalive
no switchport
vrf member pka1
ip address 10.0.0.1/30

Regards

Julian

0 Helpful

MHM Cisco World
VIP
VIP
In response to JulianDD

‎05-06-2024 09:49 AM

I think you confuse here

The keepalive is l3 port and it not need to be SVI and PO

Single link like 

Gigabitethernet 0/0  is enough 

And config will be in both Nexus 

interface GigabitEthernet0/0

No switchport 
description keepalive
no switchport
vrf member pka1
ip address 10.0.0.1/30 (10.0.0.2/30 for other NSk)

No shut 

 

That it

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card