OPERATIONAL DEFECT DATABASE
...
...
After upgrading N9K from 7.0(3)I5(2) to 7.0(3)I7(1), dual homed AA FEX HIF access ports are in "inactive" state Note: trunk interfaces are unaffected. N9K-2-E84# show interface status fex 102 -------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth102/1/1 <<< NYKRS1702-HMC2 connected trunk full 100 Eth102/1/2 NYKRS0312-HMC1 inactive 50 full 100 Eth102/1/3 WBECS01 inactive 116 full 1000 Eth102/1/4 WBECS01 inactive 116 full 1000 Eth102/1/5 -- inactive 202 full 1000 Eth102/1/6 wdbsecnvr - IP:10. inactive 72 full auto Eth102/1/7 NYKLX6000 inactive 50 full 100 Eth102/1/8 BMS INTEGRATOR inactive 70 full auto Eth102/1/9 BMS INTEGRATOR inactive 70 full auto Eth102/1/10 BMS INTEGRATOR inactive 70 full auto Eth102/1/11 wbrmdsbrokers3 inactive 62 full 1000 Eth102/1/12 WBTL03 inactive 70 full 1000 Eth102/1/13 wbtl02 inactive 116 full 1000 Eth102/1/14 -- inactive 40 full 1000 Eth102/1/15 NYKRS4030 - 10.110 inactive 50 full 1000 Eth102/1/16 nykrs2230 - IP:10. inactive 106 full 1000 Eth102/1/17 WBFMFP750-1-HMC1 - inactive 72 full 100 Eth102/1/18 -- inactive 1 full 1000 Eth102/1/19 -- inactive 1 full 1000 Eth102/1/20 -- inactive 1 full 1000 Eth102/1/21 -- inactive 1 full 1000 Eth102/1/22 hpblent02 nic2 inactive 172 full 100 Eth102/1/23 -- inactive 1 full 1000 Eth102/1/24 wb-mc01-01 - e0i inactive 16 full 1000
Condition: 1) FEX is dual-homed 2) Upgrade is performed 3) 'spanning-tree guard root' is configured under FEX HIF By default, FEX HIF ports are configured with bpduguard so guard root is not needed/not doing anything. However, some customers have this additional config, in which it triggers this bug.
Workaround: - Before upgrading, remove spanning-tree guard root N9K-2-E84(config)# int eth 101/1/1 N9K-2-E84(config-if)# no spanning-tree guard - If the interfaces are already in inactive state, the FEX must be deleted and recreated on both 9Ks
After upgrading a pair of vPC N9Ks, the second N9K will be missing the 'spanning-tree guard root' config that was configured prior to upgrade. As the config is missing from one vPC peer, this triggers a vPC type-1 inconsistency in which the VLAN on that port will be suspended, hence the "inactive" state.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
