Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1310
Views
0
Helpful
4
Replies

HSRP and STP Issue in Nexus 7K

Muhammad Anser Khan
Level 1
Level 1

‎04-27-2014 08:23 AM - edited ‎03-07-2019 07:14 PM

Hi,

I am facing issues in inconsistencies between two Nexus 7K. Nexus1 and Nexus2 are connected with VPC fabricpath and NonVPC as well.

HSRP on Nexus1 for VLAN 97 is not getting its standby(Nexus2) however Nexus2 is getting its active(Nexus1).

 

Below are the configuration & issues.

Nexus1:

vlan 97
  mode fabricpath

interface Vlan97
  no ip redirects
  ip address 10.30.6.60/27
  no ipv6 redirects
  ip ospf passive-interface
  ip router ospf 100 area 0.0.0.100
  hsrp version 2
  hsrp 97 
    authentication md5 key-string edn
    preempt 
    priority 120
    ip 10.30.6.62 
  no shutdown


interface port-channel90
  description vPC+ peer-link
  switchport
  switchport mode fabricpath
  vpc peer-link

 

interface port-channel51
  description Non_vPC_LINK
  switchport
  switchport mode trunk
  switchport trunk native vlan 4
  switchport trunk allowed vlan 730,734
  spanning-tree port type network

 

spanning-tree vlan 97 priority 0

 

interface port-channel115

switchport trunk allowed vlan 97

vpc 115


 sh spanning-tree vlan 97

VLAN0097
  Spanning tree enabled protocol rstp
  Root ID    Priority    97
             Address     c84c.75fa.6000
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    97     (priority 0 sys-id-ext 97)
             Address     c84c.75fa.6000
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po115            Desg FWD 200       128.4210 (vPC) P2p Peer(STP)

sh hsrp interface vlan 97

Vlan97 - Group 97 (HSRP-V2) (IPv4)
  Local state is Active, priority 120 (Cfged 120), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 120 
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.702000 sec(s)
  Virtual IP address is 10.30.6.62 (Cfged)
  Active router is local
  Standby router is unknown 
  Authentication MD5, key-string "edn"
  Virtual mac address is 0000.0c9f.f061 (Default MAC)
  7 state changes, last state change 01:15:04
  IP redundancy name is hsrp-Vlan97-97 (default)

 

Some Logs:

%STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel51 VLAN0097

 %STP-2-L2GW_BACKBONE_UNBLOCK: L2 Gateway Backbone port inconsistency cleared unblocking port port
-channel115 on VLAN0097

 

 

Nexus2:

vlan 97
  mode fabricpath

interface Vlan97
  no ip redirects
  ip address 10.30.6.61/27
  no ipv6 redirects
  ip ospf passive-interface
  ip router ospf 100 area 0.0.0.100
  hsrp version 2
  hsrp 97 
    authentication md5 key-string edn
    preempt 
    ip 10.30.6.62 
  no shutdown


interface port-channel90
  description vPC+ peer-link
  switchport
  switchport mode fabricpath
  vpc peer-link

interface port-channel4051
  description Non_vPC_LINK
  switchport
  switchport mode trunk
  switchport trunk native vlan 4
  switchport trunk allowed vlan 730,734
  spanning-tree port type network

 

spanning-tree vlan 97 priority 8192

 

interface port-channel115

switchport trunk allowed vlan 97

vpc 115

 

sh spanning-tree vlan 97

VLAN0097
  Spanning tree enabled protocol rstp
  Root ID    Priority    8289
             Address     c84c.75fa.6000
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8289   (priority 8192 sys-id-ext 97)
             Address     c84c.75fa.6000
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po115            Desg FWD 200       128.4210 (vPC) P2p Peer(STP) 

 

Vlan97 - Group 97 (HSRP-V2) (IPv4)
  Local state is Standby, priority 100 (Cfged 100), may preempt
    Forwarding threshold(for vPC), lower: 1 upper: 100 
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.212000 sec(s)
  Virtual IP address is 10.30.6.62 (Cfged)
  Active router is 10.30.6.60, priority 120 expires in 1.002000 sec(s)
  Standby router is local 
  Authentication MD5, key-string "edn"
  Virtual mac address is 0000.0c9f.f061 (Default MAC)
  11 state changes, last state change 00:32:16
  IP redundancy name is hsrp-Vlan97-97 (default)

 

  Some Logs:

%STP-2-L2GW_BACKBONE_UNBLOCK: L2 Gateway Backbone port inconsistency cleared unblocking port port
-channel51 on VLAN0097.

 

Appreciate your support.

 

Regards,

Anser

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-27-2014 09:15 AM

Hi,

I am not familiar with fabicpath, but I don't see vlan 97 in your vpc-peerlink. (po90).

Also, is vpc peerlink up and running?

sh vpc

have you tried removing authentication for vlan 97 on both switches?

What is the output of "sh run vpc"?

What device is vpc primary?

HTH

 

0 Helpful

Muhammad Anser Khan
Level 1
Level 1
In response to Reza Sharifi

‎04-27-2014 10:53 PM

Hi,

Nexus1 is primary in VPC role. See the below output as required from Nexus 1:

 

sh vpc brief 
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1000
vPC+ switch id                    : 1000
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
vPC fabricpath status             : peer is reachable through fabricpath
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : primary                       
Number of vPCs configured         : 5   
Peer Gateway                      : Enabled
Peer gateway excluded VLANs       : -
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
Fabricpath load balancing         : Disabled
Port Channel Limit                : limit to 244

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po90 up     16-22,24-27,30-34,96-98

 

how running-config vpc
!Time: Mon Apr 28 08:25:19 2014

version 6.1(4a)
feature vpc

vpc domain 1000
  role priority 1000
  peer-keepalive destination 172.x.x.x source 172.x.x.x vrf vpc-keepalive
  peer-gateway
  auto-recovery
  fabricpath switch-id 1000

interface port-channel115

  vpc 115

interface port-channel90

  vpc peer-link

 

I am not getting an authentication issues. 

 

Regards,

Anser

0 Helpful

Muhammad Anser Khan
Level 1
Level 1
In response to Muhammad Anser Khan

‎04-28-2014 02:02 AM

Adding one point that port-channel 115 is between Cisco 3750 and Nexus 7K (Nexus 1 & 2) and this is the path to reach the servers. 

0 Helpful

ERIK LAWAETZ
Level 1
Level 1

‎05-03-2014 01:15 PM

What is the purpose of Po51 / Po4051 and why is it not a vPC when you're running the switches in vPC+ mode?

My guess from the log messages would be that you haven't configured "spanning-tree pseudo-information" such that the FP cloud is the root for all VLANs and acts as a single logical switch to the non-FP world.

Cisco FabricPath Best Practices provides an excellent checklist for FP implementation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card