Re: Issue with ISR 4000 series routed port

michaelflood · ‎09-14-2023

Hello,

Is there a way to convert a routed port to a switchport on an ISR 4000 series router? I tried a few different workarounds but haven’t had any luck.

thanks for any help!

MHM Cisco World · ‎09-14-2023

I think you can not use wan as lan.

I was think you can but it seem no.

Instead use subinterface instead of vlan

michaelflood · ‎09-14-2023

I tried using encapsulation and setting one of the vlans as native, but no luck.

MHM Cisco World · ‎09-14-2023

Share config you use for encapsulate I will check it

Joseph W. Doherty · ‎09-14-2023

W/o a L2 switch module, possibly the closest you change a L3 port to L2 would be defining the port for bridging (a feature which I believe a 4K supports but also possibly using new syntax).

Joseph W. Doherty · ‎09-14-2023

Some additional references info:

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/200650-Understanding-Bridge-Virtual-Interface.html

https://learnduty.com/articles/bridge-domain-interface-bdi-explained-configuration-cisco-ios-xe/

Richard Burts · ‎09-14-2023

In general there is not a way to convert a routed port to a switchport. There have been a couple of suggestions that might provide a solution (sort of). The suggestion from M02@rt37 to insert a card with layer 2 ports into the ISR would give you the layer 2 capabilities, but it is not "converting" any port it is simply adding resources to the router. The suggestion from @Joseph W. Doherty to define the port for bridging is about Integrated Routing and Bridging. IRB would enable layer 2 forwarding on the layer 3 port and in that sense it does seem to satisfy your requirement. But IRB requires at least one other routed port to be in the bridge group and I suspect that is not included in your requirement.

Perhaps you can tell us a bit more about what you are trying to accomplish and that might let us give you better advice.

HTH

Rick

Joseph W. Doherty · ‎09-14-2023

"The suggestion from @Joseph W. Doherty to define the port for bridging is about Integrated Routing and Bridging. IRB would enable layer 2 forwarding on the layer 3 port and in that sense it does seem to satisfy your requirement. But IRB requires at least one other routed port to be in the bridge group and I suspect that is not included in your requirement."

BTW, I too have doubts that it satisfies OP's requirement, which is why I wrote ". . . possibly the closest you change a L3 port to L2 would be defining the port for bridging . . .", because, like Rick, we don't know exactly what you're trying to achieve. That said, if you're trying to pass L2 through the router, it might be what you need.

Rick, though, does bring up an interesting point, i.e. whether actually two ports would be required. For bridging purposes, that's how it's generally done. But, personally, I'm unsure whether you could have a bridge interface active on just one port. Assuming you could, it would bring forward, why you might do that rather than have a L3/routed port, as a single L2 port, alone, isn't very useful.

michaelflood · ‎09-14-2023

I currently have 2 layer switch modules installed on the router, and I’m hoping to use the 2 SFP ports on the router ( g0/0/0 and g0/0/2) as layer 2 ports… to be connected to the same broadcast domain as my modules. This is because I have media restrictions that require optical connections to a few switches downstream vs rj45, and media converts are not an option. Thanks for the help!

Joseph W. Doherty · ‎09-14-2023

I don't know if it's possible to bridge (internally within the router) between your L2 module and the router ports. (I would suspect not.)

I think it could be possible to bridge externally on the router between your L2 module and the router ports, but I would also suspect you would quickly run out of ports.

You've ruled out media converters, but does that also include a small, and inexpensive, L2 switch, next to the router, that could provide additional connectivity between the router's L2 module and downstream L2 devices? Or (I don't know what particular 4K ISR you're using) perhaps an upgraded or additional module added to the router?

Giuseppe Larosa · ‎09-15-2023

Hello @michaelflood ,

you would need two WAN ports :

one port configured with media type RJ 45 and IRB and member of bridge domain(s)

one port configured with media type SFP and IRB and member of same bridge domain(s)

the first port should be connected to a LAN port on the L2 module.

But there is a big warning here : LAN modules work in hardware and take advantage of the multigigabit switching fabric , WAN ports likely do not.

So the risk would be to have great performance issues.

The best move as suggested by @Joseph W. Doherty is to add an external small L2 switch with SFP ports and few RJ 45 ports to do the job leaving the ISR 4000 not involved in L2 forwarding.

Hope to help

Giuseppe

Joseph W. Doherty · ‎09-15-2023

@Giuseppe Larosa wrote:

you would need two WAN ports :

one port configured with media type RJ 45 and IRB and member of bridge domain(s)

one port configured with media type SFP and IRB and member of same bridge domain(s)

the first port should be connected to a LAN port on the L2 module.

Exactly what I had in mind when I wrote "I think it could be possible to bridge externally on the router between your L2 module and the router ports. . .", but as I also wrote ". . . I would also suspect you would quickly run out of ports.", i.e. I wonder whether OP has need for more than one downstream fiber connection.

@Giuseppe Larosa wrote:

But there is a big warning here : LAN modules work in hardware and take advantage of the multigigabit switching fabric , WAN ports likely do not.

So the risk would be to have great performance issues.

Giuseppe raises an excellent point about possible performance issues.

Recently, in another thread, I've looked a bit deeper into ISR 4K architecture, and I found they provide MGF (multigigabit fabric), to better support setups like your two L2 modules in the router, and/or between those module and other router components, like the WAN ports, I don't believe "raw" bandwidth will be as much of an issue as it was on earlier ISRs.

However, understand "fabric" bandwidth is much like the link bandwidth, such that a Cat6 cable doesn't guarantee the interfaces using it are capable of 10g. I.e. PPS (packets per second) comes into consideration too, and here too, router's PPS (for lack of special hardware) is often much less than found on a switch.

I suspect your two L2 modules can exchange data rather rapidly across the MGF, but to/from WAN ports? There you might hit a PPS limit (including a 4K's license bandwidth limit) before, even possibly well before, you run into a fabric bandwidth limit.

Lastly, from my years (decades) of experience, when you use device features that are not commonly used, you're more likely to run into a bug. I suspect using the bridging feature of a router is the kind of feature that you're more likely to find you've become a "gamma tester". Which is all well and good if you truly need and benefit from that feature, but you may want to still consider less technical "optimal" approaches that are more "stable/solid" too.

M02@rt37 · ‎09-14-2023

Hello @michaelflood,

You cannot. That's why NIM card module is needed to have L2 port. NIM-ES2-4 as example.

https://www.network-options.co.ke/wp-content/uploads/2019/07/nim-es2-4-datasheet.pdf

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

michaelflood · ‎09-21-2023

I have the modules, I need to bridge the L2 modules to the L3 ports so I have 1 broadcast domain. Using a BDI I'm able to bridge the routed ports and even the UCSE ports together, but I'm not able to bridge the L2 ports to that domain. I tried setting up a vlan interface and give it a "service instance 45 ethernet", "encaps untagged", "bridge-domain 45", but had no luck sadly.