No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Failed to Add a CISCO Nexus Switch to eSight Due to a vPC Feature Problem

Publication Date:  2019-04-12 Views:  214 Downloads:  0

Issue Description

An enterprise uses Huawei eSight to centrally manage network devices, IT devices, and database applications. When two CISCO Nexus 9000 switches are added to eSight, only one of the switches can be added to eSight.

Alarm Information

The device has been added

Handling Process

Run the show spanning-tree bridge command to diagnose the faulty device.

Check the bridge MAC address of core switch 01.

ZWCW_HX_SW_1# show spanning-tree bridge

 

                                                   Hello  Max  Fwd

Vlan                         Bridge ID              Time  Age  Dly  Protocol

---------------- --------------------------------- -----  ---  ---  --------

VLAN0001            24577 (24576,1) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0011           24587 (24576,11) 1c6a.7a1f.343f    2    20   15  rstp        

VLAN0012           24588 (24576,12) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0013           24589 (24576,13) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0100          24676 (24576,100) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0301          24877 (24576,301) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0401          24977 (24576,401) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0501          25077 (24576,501) 1c6a.7a1f.343f    2    20   15  rstp

 

Check the bridge MAC address of core switch 02.

ZWCW_HX_SW_2# show spanning-tree bridge

 

                                                   Hello  Max  Fwd

Vlan                         Bridge ID              Time  Age  Dly  Protocol

---------------- --------------------------------- -----  ---  ---  --------

VLAN0001            28673 (28672,1) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0011           28683 (28672,11) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0012           28684 (28672,12) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0013           28685 (28672,13) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0100          28772 (28672,100) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0301          28973 (28672,301) 1c6a.7a1f.343f    2    20   15  rstp        

VLAN0401          29073 (28672,401) 1c6a.7a1f.343f    2    20   15  rstp       

VLAN0501          29173 (28672,501) 1c6a.7a1f.343f    2    20   15  rstp 

 

The bridge MAC addresses of the two CISCO Nexus 9000 switches are the same.

Send the diagnosis information to 400. 400 responds that eSight reads the root bridge ID through 1.3.6.1.2.1.17.1.1 (common MIB field). Since the bridge MAC address of a switch is globally unique, eSight identifies a device as a unique device in the layer-2 Ethernet network topology based on the bridge MAC address. Since the MAC addresses of the two CISCO Nexus 9000 switches, eSight identifies them as one device. As a result, only one of the switches can be added to eSight.

According to collected feature documents of CISCO Nexus 9000, the vPC function of the proprietary protocol may set the bridge IDs of the two switches to the MAC address of the primary device, as shown in the following figure.

The vPC configuration of the CISCO Nexus 9000 device is as follows:

vpc domain 10

  peer-switch  [After this line is deleted, the function of unifying the bridge MAC address is disabled.]

  role priority 1

  peer-keepalive destination 10.255.1.2 source 10.255.1.1 vrf pkal

  delay restore 400

  peer-gateway

  auto-recovery

  ip arp synchronize

In the information, peer-switch is used to unify the bridge MAC address of the vPC feature.

Root Cause

The function of unifying the bridge MAC address of the vPC feature on CISCO Nexus 9000 conflicts with the device identification mechanism of eSight. As a result, the second switch cannot be added to eSight

Solution

Run the no peer-switch command in the vPC feature configuration of CISCO Nexus 9000. After the related configuration is deleted, the bridge MAC addresses of the switches are restored to the original bridge MAC addresses of the switches.

Suggestions

When adding CISCO Nexus switches to eSight, check whether the vPC feature is enabled for the switches. If yes, you are advised to disable the function of unifying the bridge MAC address.

END