Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
377
Views
0
Helpful
0
Replies

Getting a Layer-2 ExpressRoute Talking with Cisco in the Middle

Matthew Martin
Level 5
Level 5

‎04-09-2025 01:23 PM - edited ‎04-09-2025 01:31 PM

Hello All,

Sorry for the odd subject line. But it's hard to describe this in a quick 1 Sentence Title...

Here's what's at play. We purchased a Layer-2 Azure ExpressRoute from Comcast that has one uplink port for us. We also have 2 "Socket" devices from our new SD-WAN and VPN access provider (*Cato Networks) in a HA pair. Since we only have the one uplink port, the idea was to plug the ExpressRoute circuit in our 4510 (*this is getting swapped out for 9500s over the summer during a maintenance period) and then connect the Socket devices' "Alt-WAN - Layer-2" ports to the 4510 as well.

However, I could not seem to get this to work.

When we first got the circuit, we connected the ExpressRoute to the 4510, and then I created a Vlan Interface with the Primary /30 subnet. We set the ExpressRoute circuit interface on the 4510 to use that Vlan, and we were able to ping across to the Azure side's gateway address.

Today, we were able to get BGP established by plugging the ExpressRoute directly into the SD-WAN Socket device. But if we do this, there's no redundancy. If anything happened to the primary, someone would need to physically move the cable to the secondary Socket device...

This is what I had configured before we moved the circuit directly into the SD-WAN device:

Cisco Side:

4510R-HQ#show run int Gi1/45
Building configuration...

Current configuration : 137 bytes
!
interface GigabitEthernet1/45
 description To Comcast Azure ExpressRoute Circuit
 switchport trunk native vlan 120
 switchport mode trunk
end

4510R-HQ#
4510R-HQ#show int status | inc 1/45
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/45    To Comcast Azure E connected    trunk      a-full a-1000 10/100/1000-TX

4510R-HQ# show run int Gi7/4
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet7/4
 description SD-WAN Primary - Alt WAN Port 6 - For ExpressRoute
 switchport trunk native vlan 120
 switchport mode trunk
end

4510R-HQ#
4510R-HQ# show int status | inc 7/4
Port      Name               Status       Vlan       Duplex  Speed Type
Gi7/4     Cato Primary - Alt connected    trunk      a-full a-1000 10/100/1000-TX

4510R-HQ#

 

SD-WAN Device Side:
And then in the SD-WAN device we configured the port as an "Alternative WAN (Layer-2)" with the following:
    Interface IP = 10.120.1.1
    Gateway = 10.120.1.2
    Network = 10.120.1.0/30
    Vlan ID = 120

Azure Side - Private Peering Config:
After the circuit had been provisioned successfully we configured the following.
    Primary: 10.120.1.0/30
   Secondary: 10.120.1.4/30
   Vlan: 120

If what we were trying to do is possible. I'm assuming I'm missing something on the Cisco side of things. But not sure what...?

I've also attached a simple diagram I quickly threw together. 
Any thoughts or suggestions would be greatly appreciated!

Thanks in Advance,
Matt

Labels:
Preview file
79 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents