02-25-2015 05:48 AM - edited 03-07-2019 10:50 PM
Hi All,
I have running VPC with two nexus 5k with down host like a triangle.
Now concern is i have a vpc 30 and only 1 member both side. But in morning i have allowed (Already created) one more new vlan in port channel 30 on nexus 5k1. But forgot to allowed same vlan in port channel 30 on nexus 5k2. But its allowed on peer link.
Now Nexus 5k1 throwing message:
%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 1593 on Interface port-channel30 are being suspended. (Reason: Vlan is not configured on remote vPC interface.
In my VPC domain i enabled the graceful consistency check.
I read in documentation when this feature is enabled. Then Secondary peer device will suspend the particular VPC (in my case PO 30) and primary will forward the traffic.
But here primary vpc peer device has suspended the vlan 1593 on port channel 30. And secondary vpc 30 is UP(Screenshot attached)
Can anybody expalin why secondary didn't down its vpc 30? In what scenario secondary will down its vpc during type 1 inconsistency?
02-25-2015 06:09 AM
Are you sure the 5k2 is the secondary ?
What does a "sh vpc role" show ?
Jon
02-25-2015 06:22 AM
Yeah I cross checked
N5k2 is secondary in "sh vpc role".
Kindly explain? what happened in my case?
But in some post i read or i consulted from my teacher she said to me
"Allowed VLANs" is neither a Type 1 or Type 2 parameter."
You should be able to modify the allowed VLAN list without problems, but obviously try to keep things consistent regardless, otherwise you'll still have issues, even though the vPC doesn't get suspended.
02-25-2015 06:32 AM
According to the docs I read the allowed vlan range is a type 1 consistency check globally but a 2 consistency check on the interface ie. the port channel.
Is the vPC still not forwarding on one of the 5ks ?
If so can you post "sh vpc brief"
Jon
02-25-2015 06:48 AM
Thanks
No its not forwarding on both 5k's.
In n5k1 its suspended and on n5k2 i didn't allow yet.
Can you explain the meaning what you mentioned in above post.
"allowed vlan range is a type 1 consistency check globally but a 2 consistency check on the interface ie. the port channel."
sh vpc brief: screenshot attached.
 
					
				
		
02-25-2015 07:12 AM
Hello Garg,
If a graceful consistency check is applied, with regards to type-1, the primary switch keeps the vPC up while the secondary switch brings it down. Type-2 will generate a syslog warning message informing what might be wrong with vPC.
Depending on the severity of the misconfiguration, vPC may either warn the user (Type-2 misconfiguration) or suspend the PortChannel (Type-1 misconfiguration). In the specific case of a VLAN mismatch, only the VLAN that differs between the vPC member ports will be suspended on all the vPC PortChannels.
Hope this helps
Bilal
02-25-2015 07:24 AM
Thanks Bilai
Actually ur mean vlan mismatch not coming under type 1 or 2 inconsistency. that's why secondary vpc didn't suspend its whole po 30 in my case.
Am i right?
 
					
				
		
02-25-2015 07:29 AM
Yes, this is my understanding. Specifically for VLAN mismatch it is little different in the way it behaves in comparison with type-1/2.
Hope this helps
Bilal
02-25-2015 07:40 AM
Great
Thanks for reply.
i'd like if you know same anywhere documented in cisco site.if yes kindly provide the link.
Anyways thanks for great help.
Regards
Rishav
 
					
				
		
02-25-2015 08:03 AM
Hi Rishav, my apologies for calling you by your second/last name (garg), I'm so used to having firstname.surname with email addresses.
I think this is documented in the Design Guides for 5K's.
Please see here: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/design_guide_c07-625857.html
Bilal
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide