Preview Tool

Cisco Bug: CSCup76149 - PVLAN-vPC:Incorrect egress cbl when po moved out of vpc and added again

Last Modified

Feb 12, 2018

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases


Description (partial)

For PVLAN host mode and promiscuous mode VPC if following steps are done, the egress CBL is incorrect. This issue will be seen in releases 6.2.2, 6.2.6, 6.2.8.and 6.2.10.

Example scenario: For a pvlan promiscuous mode VPC, vlan 10 is the primary vlan and vlans 30,40,50 are secondary associated vlans. All of these vlan mappings are also configured on both the VPC leg port-channels.

1.	Both vpc legs are in mode promiscuous and are up. CBL state is forwarding for 10,30,40,50. Access switch has the po in access mode vlan 10.

switch-two(config)# show vpc brief | grep Po10
1     Po10         up     success     10
switch-two(config)# show running-config interface Po10

!Command: show running-config interface port-channel10
!Time: Wed Jul 23 21:39:06 2014

version 7.1(0)D1(1)

interface port-channel10
  switchport mode private-vlan promiscuous
  switchport private-vlan mapping 10 30,40,50
  vpc 1

2.	Shut down vpc secondary.
3.	Move secondary po out of vpc by configuring "no vpc". Primary is down due to no vPC peer .
4.	Move secondary back to vPC [it is still admin shut]  by configuring "vpc 1". Primary vpc comes up and CBL is forwarding only for primary vlan 10. 30,40,50 are disabled. Ingress traffic goes through [vlan 10 in access switch reaches another promiscuous port in primary] . But egress from a pvlan port [a community host port 30 in primary ] out of vpc does not work. [because 30,40,50 is disabled]
5.	No shut vpc secondary. Primary CBL is still in faulty state with only vlan 10 fwding, where as the correct CBL state should be that all the vlans 10,30,40,50 should be forwarding in egress direction.

The symptom will be that the secondary vlan traffic will not egress out of the switch from this promiscuous port. 
Similarly, if the VPC is a community host vpc, then also, secondary vlan traffic will not flow correctly in this port.

1. This will be seen when Promiscuous VPC is configured and up, and a "no vpc" "vpc X" configuration is done on the VPC secondary leg port-channel".


2. This will be seen when community host VPC is configured and up, and a "no vpc " "vpc X" configuration is done on the VPC secondary leg port-channel


Similar issue might be seen when changing a trunk/pvlan trunk mode VPC to a private-vlan host/promiscuous mode VPC.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.