cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
65764
Views
40
Helpful
17
Replies

Nexus 7000 vPC suspended VLAN problem

Nicholas Poole
Level 1
Level 1

I am trying to connect a Cat3560G switch to an N7K pair via a vPC.  The VLANs I wish to trunk are being suspended, I am getting the following error messages:

2010 Jun 22 17:03:36 N7K-Core1 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 2,301 on Interface port-channel2 are being suspended. (Reason: Vlan is not allowed on Peer-link)

The VLANs do exist , but a STP instance isnt created for it (I am using RPVST);
N7K-Core1# sh vlan id 2

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
2    VLAN0002                         active    Po2, Po75

N7K-Core1# sh spanning-tree vlan 2
ERROR: Spanning tree instance(s) for vlan does not exist.


Port       Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/9     none
Eth1/10    none
Eth1/17    2,301
Eth1/18    2,301
Eth1/25    2,301
Eth1/26    2,301
Eth2/2     none
Eth10/1    none
Eth10/2    2,301
Po2        2,301
Po75       2,301
Po99       none


The VLANs are allowed on the trunk (it by default allows all)
interface port-channel1
  description * vPC Peer-Link *
  vpc peer-link
  spanning-tree port type network
I have turned off bridge assurance as a test but no no avail.
Any ideas?

17 Replies 17

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

Allow the vlan 2 and 301 over the trunk using the below command

Nk-1(config-if)# switchport trunk allowed vlan 2,301

http://conft.com/en/US/prod/collateral/switches/ps9441/ps9670/configuration_guide_c07-543563.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

it trunks all vlans by default

my bad, spotted the obvious mistake

Can you send the po2 config on Nexus?

cperkins2
Level 1
Level 1

I'm having the same issue between a pair of vPC'd 5020s going to a 6500 using a vPC.

All VLANs which are supposed to go over the trunk/vPC, are showing as err-disable on trunk.  I've checked all configs and they are the same... allowed vlans match on all po interfaces and physical interfaces.

6509:

interface Port-channel78

description Connection to n5020s @ in the MDC

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 2240

switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024,2026,2240

switchport trunk allowed vlan add 2244,2248,2252,2254,4050,4052,4054

switchport mode trunk

end


N5020-1:

interface port-channel100

  description Uplink to dist01 @ A building

  switchport mode trunk

  switchport trunk native vlan 2240

  switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024

  switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050

  switchport trunk allowed vlan add 4052,4054

  vpc 100


N5020-2:
interface port-channel100
  description Uplink to dist01 @ A building
  switchport mode trunk
  switchport trunk native vlan 2240
  switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024
  switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050
  switchport trunk allowed vlan add 4052,4054
  vpc 100
All member ports reflect the correct config.
Both 5020s have the same config for the peer-link:
interface port-channel2
  description VPC Peer-link
  vpc peer-link
  spanning-tree port type network
Output form 'show interface trunk"
n5020-1# sh int tru

--------------------------------------------------------------------------------
Port          Native  Status        Port
              Vlan                  Channel
--------------------------------------------------------------------------------
Eth1/1        2240    trnk-bndl     Po100
Eth1/2        1       trnk-bndl     Po200
Eth1/17       2240    trnk-bndl     Po78
Eth1/18       2240    trnk-bndl     Po78
Eth1/19       2240    trnk-bndl     Po87
Eth1/20       2240    trnk-bndl     Po87
Po78          2240    trunking      --
Po87          2240    trunking      --
Po100         2240    trunking      --
Po200         1       trunking      --

--------------------------------------------------------------------------------
Port          Vlans Allowed on Trunk
--------------------------------------------------------------------------------
Eth1/1        2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Eth1/2        180-183
Eth1/17       180-183
Eth1/18       180-183
Eth1/19       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Eth1/20       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po78          180-183
Po87          2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po100         2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
050,4052,4054
Po200         180-183

--------------------------------------------------------------------------------
Port          Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------
Eth1/1        2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Eth1/2        180-183
Eth1/17       180-183
Eth1/18       180-183
Eth1/19       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Eth1/20       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po78          180-183
Po87          2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po100         2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
254,4050,4052,4054
Po200         180-183

--------------------------------------------------------------------------------
Port          STP Forwarding
--------------------------------------------------------------------------------
Eth1/1        none
Eth1/2        none
Eth1/17       none
Eth1/18       none
Eth1/19       none
Eth1/20       none
Po78          none
Po87          none
Po100         none
Po200         none
Thank you,
Chris Perkins
INX Inc.

You did what I did, omitted the trunk command on the vPC peer-link.  Your config is:

interface port-channel2
  description VPC Peer-link
  vpc peer-link
  spanning-tree port type network

...so add:
switchport mode trunk

Hi - thanks for the quick reply!

I also noticed that running the command "switchport trunk allowed vlan all" told the peer-link to allow all vlans.  I didn't see it doing that by default... ?

Also, I changed the port-type to "normal" for the spanning-tree config.  I had an issue with one of the downstream devices wanting to be STP root for some VLANs... I changed the peer-links to "spanning-tree port type normal" and that solved the problem of the 5010 wanting to be root instead of our 6509 upstream.

Thanks,

Chris

Radium Fu
Level 1
Level 1

Answer

interface port-channel1

  description * vPC Peer-Link *

  vpc peer-link

  spanning-tree port type network

You do need one more command. to turn peer link as trunk. otherwise it will not transfer any vlan through Peer-link

"switchport mode trunk"

Hi,

I got the same issue but the difference is the configuration is in fabricpath.

interface port-channel1

  switchport

  switchport mode fabricpath

  spanning-tree port type network

  vpc peer-link

%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 971 on Interface port-channel1 are being suspended. (Reason: Vlan is not allowed on Peer-link)

We have some issues with creating new vlans on the N7K switches. This is due to a bug (CSCtr08143) on the current software version we are running.

The permanent fix is to upgrade the switches to new version as we are running a really old code but there is a simple workaround that resolves the issue if you see it..

 

Here is the workaround:

-Create vlan on both switches

-Confirm that both switches have vlan created by using command ‘show vlan’ or ‘show vlan id xxxx

-Perform a ‘no spanning-tree vlan xxxx

-Then perform ‘spanning-tree vlan xxxx

-Use ‘show spanning-tree vlan xxxx’ to see if the vlan has now been created and if forwarding

 

Cheers!!

Vinod

Vinod Kumar
Level 1
Level 1

We have some issues with creating new vlans on the N7K switches. This is due to a bug (CSCtr08143) on the current software version we are running.

The permanent fix is to upgrade the switches to new version as we are running a really old code but there is a simple workaround that resolves the issue if you see it..

 

Here is the workaround:

-Create vlan on both switches

-Confirm that both switches have vlan created by using command ‘show vlan’ or ‘show vlan id xxxx

-Perform a ‘no spanning-tree vlan xxxx

-Then perform ‘spanning-tree vlan xxxx

-Use ‘show spanning-tree vlan xxxx’ to see if the vlan has now been created and if forwarding

 

Cheers!!

Vinod

NEVER disable spanning tree on a production switch!

You will create a loop!

If you create a loop you may need to reboot the switch in order to recover from it!

What version has this issue ? I'm having the same issue while creating a new VLAN. it's showing suspend.

Just want to ask if you have included the "peer-switch" configuration under vpc? I think both vPC Peers should have the same STP priority (per vlan) on both N7K1 and N7K2. Please see attached power point file. Hope this will help.

 

Cheers,

 

Jarvin

Review Cisco Networking for a $25 gift card