04-06-2020 06:28 AM
Hello Cisco Community -
I just encountered this "Interface configured as L2" fault when configuring a new L3Out (routed sub-interfaces).
As soon as I unchecked "The Infrastructure VLAN has been enabled on the AEP" under the AEP configuration, the fault cleared and the routed sub-interface was created and functional (prior to unchecking this, besides the fault, the subinterface also was not created per the CLI "show interface status" output).
Can you shed more light on why this caused an issue when enabled? Is this as simple as the system believes I want to apply to VLAN's to a routed sub-interface, which is not compatible?
CC: @RedNectar - similar to issue in https://community.cisco.com/t5/application-centric/aci-l3-out-ospf/td-p/3058834/page/2
Thanks, --Peter
Solved! Go to Solution.
04-06-2020 02:12 PM
Hi @peter2727 ,
Great idea creating a new thread - gets more people invoved.
I'll assume that you are familiar with the difference between routed interfaces and switched interfaces. Many Cisco L3 switches have the ability to turn a switched interface into a routed interface by issuing the command no switchport in the configuration.
ACI switch interfaces have the same ability, but the no switchport command is no so obvious, hence the confusion.
Now, when you configure the Interface Profile in the L3Out, you get 3 choices as to the interface type:
Now when you create the L3Out, you link the L3Out to a L3 Domain, and that Domain is linked to a VLAN Pool and an AAEP.
interface ethernet 1/1... but that's not all. If the associated AAEP has been configured to permit the Infrastucture VLAN (say VLAN zzzz) then the configuration will change slightly because the AAEP has been configured to carry the infrastucture VLAN on every associated interface, so EVERY interface linked to the AAEP will carry a little extra configuration. In our example, it will change the above to:
switchport mode trunk
switchport trunk allowed vlan xxx
interface vlan xxx ip address x.x.x.x/24
interface ethernet 1/1 switchport mode trunk switchport trunk allowed vlan xxx, zzzz interface vlan xxx ip address x.x.x.x/24which will work just fine.
interface ethernet 1/1 no switchport !forces the port into access mode - i.e. all frames leave untagged ip address x.x.x.x/24and life will be fine...
interface ethernet 1/1 switchport mode trunk switchport trunk allowed vlan zzzz no switchport ip address x.x.x.x/24... and, well - that just doens't work. You can't have switchport and no switchport both configured at the same time. Like the old saying goes, you can't have your cake and eat it too!
interface ethernet 1/1.xxx encapsulation dot1q xxx...hopefully you'll see the above configuration snippet is absolutely crazy and could never work!
switchport mode trunk switchport trunk allowed vlan zzzz no switchport ip address x.x.x.x/24
which is WHY ACI threw a fault.
I hope this helps
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
04-06-2020 07:07 AM - edited 04-06-2020 10:35 PM
Hey,
When you check the "Enable Infrastructure VLAN" on the AEP, this will allow the infrastructure VLAN to be passed over the links that are associated with this AEP (configured as switchport trunk).
Example below, I enabled infra vlan on a specific AEP which is allowed on a interface not used in the fabric.
Leaf1# show int e 1/23 switchport Name: Ethernet1/23 Switchport: Enabled Switchport Monitor: not-a-span-dest Operational Mode: trunk Access Mode Vlan: unknown (default) Trunking Native Mode VLAN: unknown (default) Trunking VLANs Allowed: 20 -> infra-vlan
The moment you want to configure the interface with a L3 subinterface, the APIC will try to configure the interface as a routed port, but before that it will perform a check if the interface is already configured or not. Since is already L2 configured, it will rise the fault.
Once you remove the conflicting configuration (infra vlan), the port can be changed to routed port and the subinterface config can be pushed to leaf:
Leaf1# show int e 1/23 stat ---------------------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type ---------------------------------------------------------------------------------------------- Eth1/23 -- connected routed full 10G SFP-H10GB-ACU2M Leaf1# show int e 1/23 switchport Name: Ethernet1/23 Switchport: Disabled Leaf1# show int br | grep 23 Eth1/23 -- eth routed up none 10G(D) -- Eth1/23.21 3682 eth routed up none 10G(D) --
Regards,
Sergiu
04-06-2020 02:12 PM
Hi @peter2727 ,
Great idea creating a new thread - gets more people invoved.
I'll assume that you are familiar with the difference between routed interfaces and switched interfaces. Many Cisco L3 switches have the ability to turn a switched interface into a routed interface by issuing the command no switchport in the configuration.
ACI switch interfaces have the same ability, but the no switchport command is no so obvious, hence the confusion.
Now, when you configure the Interface Profile in the L3Out, you get 3 choices as to the interface type:
Now when you create the L3Out, you link the L3Out to a L3 Domain, and that Domain is linked to a VLAN Pool and an AAEP.
interface ethernet 1/1... but that's not all. If the associated AAEP has been configured to permit the Infrastucture VLAN (say VLAN zzzz) then the configuration will change slightly because the AAEP has been configured to carry the infrastucture VLAN on every associated interface, so EVERY interface linked to the AAEP will carry a little extra configuration. In our example, it will change the above to:
switchport mode trunk
switchport trunk allowed vlan xxx
interface vlan xxx ip address x.x.x.x/24
interface ethernet 1/1 switchport mode trunk switchport trunk allowed vlan xxx, zzzz interface vlan xxx ip address x.x.x.x/24which will work just fine.
interface ethernet 1/1 no switchport !forces the port into access mode - i.e. all frames leave untagged ip address x.x.x.x/24and life will be fine...
interface ethernet 1/1 switchport mode trunk switchport trunk allowed vlan zzzz no switchport ip address x.x.x.x/24... and, well - that just doens't work. You can't have switchport and no switchport both configured at the same time. Like the old saying goes, you can't have your cake and eat it too!
interface ethernet 1/1.xxx encapsulation dot1q xxx...hopefully you'll see the above configuration snippet is absolutely crazy and could never work!
switchport mode trunk switchport trunk allowed vlan zzzz no switchport ip address x.x.x.x/24
which is WHY ACI threw a fault.
I hope this helps
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide