Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
After upgrading N9K from 7.0(3)I5(2) to 7.0(3)I7(1), dual homed AA FEX HIF access ports are in "inactive" state Note: trunk interfaces are unaffected. N9K-2-E84# show interface status fex 102 -------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth102/1/1 <<< NYKRS1702-HMC2 connected trunk full 100 Eth102/1/2 NYKRS0312-HMC1 inactive 50 full 100 Eth102/1/3 WBECS01 inactive 116 full 1000 Eth102/1/4 WBECS01 inactive 116 full 1000 Eth102/1/5 -- inactive 202 full 1000 Eth102/1/6 wdbsecnvr - IP:10. inactive 72 full auto Eth102/1/7 NYKLX6000 inactive 50 full 100 Eth102/1/8 BMS INTEGRATOR inactive 70 full auto Eth102/1/9 BMS INTEGRATOR inactive 70 full auto Eth102/1/10 BMS INTEGRATOR inactive 70 full auto Eth102/1/11 wbrmdsbrokers3 inactive 62 full 1000 Eth102/1/12 WBTL03 inactive 70 full 1000 Eth102/1/13 wbtl02 inactive 116 full 1000 Eth102/1/14 -- inactive 40 full 1000 Eth102/1/15 NYKRS4030 - 10.110 inactive 50 full 1000 Eth102/1/16 nykrs2230 - IP:10. inactive 106 full 1000 Eth102/1/17 WBFMFP750-1-HMC1 - inactive 72 full 100 Eth102/1/18 -- inactive 1 full 1000 Eth102/1/19 -- inactive 1 full 1000 Eth102/1/20 -- inactive 1 full 1000 Eth102/1/21 -- inactive 1 full 1000 Eth102/1/22 hpblent02 nic2 inactive 172 full 100 Eth102/1/23 -- inactive 1 full 1000 Eth102/1/24 wb-mc01-01 - e0i inactive 16 full 1000
Condition: 1) FEX is dual-homed 2) Upgrade is performed 3) 'spanning-tree guard root' is configured under FEX HIF By default, FEX HIF ports are configured with bpduguard so guard root is not needed/not doing anything. However, some customers have this additional config, in which it triggers this bug.
Workaround: - Before upgrading, remove spanning-tree guard root N9K-2-E84(config)# int eth 101/1/1 N9K-2-E84(config-if)# no spanning-tree guard - If the interfaces are already in inactive state, the FEX must be deleted and recreated on both 9Ks
After upgrading a pair of vPC N9Ks, the second N9K will be missing the 'spanning-tree guard root' config that was configured prior to upgrade. As the config is missing from one vPC peer, this triggers a vPC type-1 inconsistency in which the VLAN on that port will be suspended, hence the "inactive" state.