Symptom

If a new vlan is created on a Nexus 7000 running NX-OS version 7.3(6)D1(1) and later versions , the new vlan will not be forwarding on the private-vlan trunk until the vlan is allowed again using the command ?switchport private-vlan trunk allowed vlan add 1467? . Due to this behavior , VPC puts those vlans into suspended state and does not recover. 2020 Nov 9 05:41:03 N7K-C7009-2-OTV %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLAN/BDs 1467 on Interface port-channel2 are being suspended. (Reason: Vlan is not configured on remote vPC interface)

Conditions

This only affects new vlans already configured as allowed in the allowed vlan list. Only private-vlan trunks are affected.

Workaround

- Even though the vlan is already part of the allowed vlan list, We still go ahead and add the vlan using the command ?switchport private-vlan trunk allowed vlan add 1467? - Once this is done, CBL is programmed to forwarding and hence the data plane starts to work and also vlan 1467 is removed out of the suspended state - Bouncing of the VPC port-channel / Physical interface DOES NOT fix the issue and we need to add the vlan command to fix it. Behavior is not seen on 6.2(10) Tested on 6.2(10) , We do see VLAN suspend errors, However it recovers quickly which doesn’t happen on the newer versions

Further Problem Description