Vlan interface line protocol down on 9500 switch IOS XE 17.3.5

MREHMAN · ‎02-15-2023

Hi,

This seems like a very simple problem but I can't seem to figure out why it isn't working. The topology is very simple.

One Nexus 9k switch connected to a stack of two 9500 switches over two ports (port-channel). The port-channel is configured as trunk and vlans are created and allowed on both ends.

On the nexus the vlan interface is UP UP and can ping itself. On the 9500 the VLAN interface is UP DOWN.

The mac address table on 9500 is showing learnt mac addresses from the Trunk link.

I'm assuming there is some configuration on IOS-XE that I'm missing.

9500 ( (CAT9K_IOSXE), Version 17.3.5)

Nexus 9k ( System version: 7.0(3)I4(5)0

Pasting the relevant configuration and outputs below for reference:

---------------------------

NEXUS SWITCH

----

vlan 781

interface Vlan781
description L3_781
no shutdown
ip address 10.2.199.2/29

interface port-channel23
switchport mode trunk
switchport trunk allowed vlan 781-783

----------------

N9K-SW-C# show vlan id 781

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
781 VLAN0781 active Po23, Eth1/3, Eth1/4

N9K-SW-C# show mac address-table vlan 781
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 781 a19c.c1f8.2a3a static - F F sup-eth1(R)

N9K-SW-C# show interface vlan 781
Vlan781 is up, line protocol is up, autostate enabled
Hardware is EtherSVI, address is a19c.c1f8.2a3a
Description: L3_781 Internet Address is 10.2.199.2/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
L3 in Switched:
ucast: 0 pkts, 0 bytes

N9K-SW-C# show spanning-tree vlan 781

VLAN0781
Spanning tree enabled protocol rstp
Root ID Priority 25483
Address a19c.c1f8.2a3a
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 25483 (priority 24576 sys-id-ext 781)
Address a19c.c1f8.2a3a
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po41 Desg FWD 3 128.4143 P2p
Po23 Desg FWD 1 128.4165 P2p
Eth1/2 Desg FWD 4 128.1 P2p

-------

9500 SWITCH

-------

interface Vlan781
description L3_781
ip address 10.2.199.1 255.255.255.248
end

interface Port-channel60
description PO-N9K-9500
switchport trunk allowed vlan 781,888
switchport autostate exclude
switchport mode trunk
spanning-tree portfast edge trunk

SW-9500-N#show vlan id 781

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
781 L3_BB_CORE active Po60

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
781 enet 100781 1500 - - - - - 0 0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

SW-9500-N#show mac address-table vlan 781
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
781 5c31.9250.9cbf STATIC Vl781
781 a89d.21f8.2f8e DYNAMIC Po60
Total Mac Addresses for this criterion: 2
SW-9500-N#

SW-9500-N#show spanning-tree vlan 781

Spanning tree instance(s) for vlan 781 does not exist.

SW-9500-N#
SW-9500-N#show interfaces vlan 781
Vlan781 is up, line protocol is down , Autostate Enabled
Hardware is Ethernet SVI, address is 5c31.9250.9cbf (bia 5c31.9250.9cbf)
Description: L3_781
Internet address is 10.2.199.1/29
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 07:31:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 2 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
SW-9500-N#

MHM Cisco World · ‎02-15-2023

spanning-tree portfast edge trunk <<- remove this command
share the below
show lacp internal
show lacp sys-id

Richard Burts · ‎02-15-2023

Would you post the output of the commands show interface status and show interface trunk from the 9500?

HTH

Rick

MREHMAN · ‎02-15-2023

Hi and thanks for the response. Please find the outputs below:

--------------

SW-9500-N#show interfaces status vlan 781

Port Name Status Vlan Duplex Speed Type
Twe1/0/17 notconnect 781 auto auto unknown
SW-9500-N#
SW-9500-N#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Po60 on 802.1q trunking 1

Port Vlans allowed on trunk
Po60 781-888

Port Vlans allowed and active in management domain
Po60 781-888

Port Vlans in spanning tree forwarding state and not pruned
Po60 781-888
SW-9500-N#

balaji.bandi · ‎02-15-2023

is the nexus in vPC ? you need to configure Po23

interface port-channel23 (both the switches)

vpc23

what is the outcome when you shutdown one of the link going to nexus to cat 9500 ?

can you manually add vlan 781 (on Cat 9500 ?) - not required just to confirm vlan in the vlan database.

also, I see the inconsistency vlan allowed list in the port-channel (you may be see warning in the logs)

what is the logs show on both the switches, when you shut and unshut port 23 ?

The router VLAN interfaces have to fulfill the following general conditions to be up/up:

* VLAN exists and is in active status on the switch VLAN database.

* VLAN interface exists on the router and is not administratively down.

* At least one L2 (access port or trunk) port exists and has a link up on this VLAN. The latest implementation of the autostate feature allows synchronization to Spanning-Tree Protocol (STP) port status.A VLAN interface will be brought up after the L2 port has had time to converge (that is, transition from listening-learning to forwarding). This will prevent routing protocols and other features from using the VLAN interface as if it were fully operational. This also prevents other problems, such as routing black holes, from occurring.

* At least one L2 (access port or trunk) port is in spanning-tree forwarding state on the VLAN.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MREHMAN · ‎02-15-2023

Hi and thank for the response. I have removed the portfast now. I had added that as a troubleshooting step. The outputs are :

SW-9500-N#
SW-9500-N#show lacp internal
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode

Channel group 23
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Twe1/0/24 SA bndl 32768 0x3C 0x3C 0x319 0x3D
Twe2/0/24 SA bndl 32768 0x3C 0x3C 0x519 0x3D
SW-9500-N#
SW-9500-N#show lacp sys-id
32768, 5c31.9250.9cbf
SW-9500-N#

MHM Cisco World · ‎02-15-2023

show etherchannl summary <<- in both NSK and C9k