Symptom
If a new vlan is created on a Nexus 7000 running NX-OS version 7.3(6)D1(1) and later versions , the new vlan will not be forwarding on the private-vlan trunk until the vlan is allowed again using the command ?switchport private-vlan trunk allowed vlan add 1467? .
Due to this behavior , VPC puts those vlans into suspended state and does not recover.
2020 Nov 9 05:41:03 N7K-C7009-2-OTV %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLAN/BDs 1467 on Interface port-channel2 are being suspended. (Reason: Vlan is not configured on remote vPC interface)
Conditions
This only affects new vlans already configured as allowed in the allowed vlan list.
Only private-vlan trunks are affected.
Workaround
- Even though the vlan is already part of the allowed vlan list, We still go ahead and add the vlan using the command ?switchport private-vlan trunk allowed vlan add 1467?
- Once this is done, CBL is programmed to forwarding and hence the data plane starts to work and also vlan 1467 is removed out of the suspended state
- Bouncing of the VPC port-channel / Physical interface DOES NOT fix the issue and we need to add the vlan command to fix it.
Behavior is not seen on 6.2(10)
Tested on 6.2(10) , We do see VLAN suspend errors, However it recovers quickly which doesn’t happen on the newer versions
Further Problem Description
