I'm running two Nexus 3048 switches as network core and I got an issue when linking another switch (specifically a 2960-X) on the vPC links. Consider the scenario:
+-------+ +-------+
| NX #1 |===| NX #2 |
+-------+ +-------+
| |
+-------+
| 2960X |
+-------+
On the 2960X there's a Port-Channel configured in active mode. When setting the interfaces on nexus as: spanning-tree port type network
, Bridge Assurance comes in action and blocks the ports.
At this moment I'm running it on "normal type" so it won't disable the links.
I've read something over the web that I can't use spanning-tree port type network
but I don't know if my mind is playing on me or if it's exactly the case. If yes, why I can't do this? Network ports shouldn't be used for inter switch connections?
Thanks,
Additional Configurations for the exemplify the issue:
NX #1
interface port-channel9
description Downlink TCC6-1
switchport mode trunk
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
spanning-tree port type normal
spanning-tree guard root
vpc 9
interface Ethernet1/9
description Downlink TCC6-1 #1
switchport mode trunk
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
channel-group 9 mode active
no shutdown
NX #2
interface port-channel9
description Downlink TCC6-1
switchport mode trunk
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
spanning-tree port type normal
spanning-tree guard root
vpc 9
interface Ethernet1/9
description Downlink TCC6-1 #2
switchport mode trunk
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
channel-group 9 mode active
no shutdown
2960-X
interface Port-channel1
description Uplink Core-CC
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust
end
interface GigabitEthernet1/0/47
description Uplink Core-CC (Port Channel Interface #1)
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
switchport mode trunk
ip arp inspection trust
channel-group 1 mode active
ip dhcp snooping trust
end
interface GigabitEthernet1/0/48
description Uplink Core-CC (Port Channel Interface #2)
switchport trunk native vlan 256
switchport trunk allowed vlan 146,172,256,666
switchport mode trunk
ip arp inspection trust
channel-group 1 mode active
ip dhcp snooping trust
end
Best Answer
Spanning-tree port type network activates bridge assurance on the link. Since the 2960X doesn't support bridge assurance, you can't run this link as port type network. Just run it in normal mode. About the only place you want to run port type network is on the vPC peer-link where it is enabled by default.
From the best practices design guide: