Preview Tool

Cisco Bug: CSCvi50709 - KK-MR3: port-security mac added as "PEER_STATIC" on vPC primary and causes traffic failure

Last Modified

Apr 27, 2018

Products (1)

  • Cisco Nexus 6000 Series Switches

Known Affected Releases


Description (partial)

On a system with port-security enabled, traffic loss may be observed when static secure mac addresses are configured on vpc pair.

VPC switch reload on both peers sequentially, first on primary followed by secondary switch.

Use below command to check whether mac address is missing on secondary vpc peer and on primary vpc peer, the mac is incorrectly added as  PEER_STATIC (instead of STATIC) :

show port-security address interface <interface name>

Example :
N5K-LEAF3(config)# show vpc role 

vPC Role status
vPC+ role                       : primary                       
Dual Active Detection Status    : 0
vPC system-mac                  : 00:23:04:ee:c0:26             
vPC system-priority             : 32667
vPC local system-mac            : 00:2a:6a:25:3b:81             
vPC local role-priority         : 32667

N5K-LEAF3(config)# show port-security address interface port-channel 700

                    Secure Mac Address Table
Vlan    Mac Address    Type      Remaining  Remotely Remotely Ports
                                 age        learnt   aged
                                 (mins)              out
----    -----------   ------     ------     -------  -----    ----
1114   5802.0100.0001 PEER_STATIC  0          Yes      No     port-channel700  << Should be STATIC instead of PEER_STATIC
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.