WAN Interface in VLAN COnfiguration

Joy3 · ‎05-03-2022

Hallo,

I have an ISR 1100 Router connected to two C9200 switches. However, I have observed that all three devices are flapping a lot. On checking further, one of the C9200 ports connected to the ISR router's WAN port (Gi0/0/0) is in VLAN800 but Gi0/0/0 is not in any VLAN. I am not sure if this is good practice or whether it can work but can the WAN port be configured to be in VLAN800?

Thanks for the help.

Flavio Miranda · ‎05-03-2022

It seems that something is not right. Can you share config:

show run int G0/0/0 from both sides? You can take IP off.

sh run int vlan 800 - on the switch

If you can share show run from both devices even better.

Joy3 · ‎05-03-2022

Hallo @Flavio Miranda Perhaps a diagram will give you an idea of what the topology is like. The C9200 it isn't configured with SVI.

SW1#sh run vlan 800
Building configuration...

Current configuration:
!
vlan 809
name TRANSFER_DSL
end

SW1#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/22, Gi1/0/23
800 TRANSFER_DSL active Gi1/0/20

For the C1100 router:

R1#sh run int gi0/0/0
Building configuration...

Current configuration : 210 bytes
!
interface GigabitEthernet0/0/0
description INTERNET-UPLINK
vrf forwarding INTERNET
ip address dhcp
no ip redirects
no ip proxy-arp
negotiation auto
service-policy output WAN-EDGE-4-CLASS
end

R1#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Wl0/1/4
800 TRANSFER_DSL active
R1#

VLAN800 in the router has no port configured

Flavio Miranda · ‎05-03-2022

What about

show run int Gi1/0/20

I dont see any diagram.

Jon Marshall · ‎05-03-2022

The WAN port on the ISR is a L3 port so it won't be in a vlan but presumably there is an SVI on the switch for vlan 800 ?

Jon

Joy3 · ‎05-03-2022

@Jon Marshall good to know that, thanks. Please check the topology I posted. VLAN800 is just used to bundle up the router and switches to connect to the DSL connection. But there is constant loss of connection and the peformance is so poor.

MHM Cisco World · ‎05-03-2022

"flap a lot"

Are flap is L3 or L2 ??
for L3
show ip route | include , 00:00

this give you which route is flap, do this command three times.

Richard Burts · ‎05-03-2022

It might be helpful to see the configuration of interface Gi1/0/20 on the switch.

Assuming that Gi0/0/20 on the switch is an access port in vlan 800 I would expect that connecting the router to the access port should not be a problem.

I am a bit surprised to see that the router interface description says description INTERNET-UPLINK but is connected to the switch access port? Also a bit surprised to see that interface uses dhcp to get an IP address.

I am a bit puzzled that the diagram shows the switch port 48 identified as uplink. How is the router port which connects to 48 configured?

There is a service policy configured on the router interface. I wonder if the service policy might have anything to do with the flapping?

HTH

Rick

Joy3 · ‎05-03-2022

@MHM Cisco World The flapping is on L3. I am able to connect to the device remotely but it loses connection so quickly. I get no output from the command you have suggested but this is a snippet of the #sh logg command

May 3 2022 21:06:24.277 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to down
May 3 2022 21:06:45.282 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel100, changed state to up
May 3 2022 21:06:45.554 CEST: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up
May 3 2022 21:06:48.506 CEST: %BGP-3-NOTIFICATION: sent to neighbor x.x.x.x (hold time expired) 0 bytes
May 3 2022 21:06:52.001 CEST: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
May 3 2022 21:07:03.278 CEST: %BGP-5-NBR_RESET: Neighbor x.x.x.x reset (BGP Notification sent)
May 3 2022 21:07:03.284 CEST: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP Notification sent
May 3 2022 21:07:03.285 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast topology base removed from session BGP Notification sent
May 3 2022 21:07:13.491 CEST: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x active 6/7 (Connection Collision Resolution) 0 bytes
May 3 2022 21:07:13.491 CEST: %BGP-5-NBR_RESET: Neighbor x.x.x.x active reset (BGP Notification received)
May 3 2022 21:07:13.491 CEST: %BGP-5-ADJCHANGE: neighbor x.x.x.x active Down BGP Notification received
May 3 2022 21:07:13.491 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast topology base removed from session BGP Notification received
May 3 2022 21:07:16.612 CEST: %SYS-6-LOGOUT: User njorogj-a has exited tty session 1(x.x.x.x)
May 3 2022 21:07:19.685 CEST: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

MHM Cisco World · ‎05-03-2022

you advertise the network use to reach the BGP peer neighbor via BGP,
and make router use bgp route, this network then drop connection.

i.e.
R1-R2
R1 use 10.0.0.0 to reach R2
but you also advertise under bgp 10.0.0.0 in R2
this make R1 receive 10.0.0.0 and use it if AD is lower.

Richard Burts · ‎05-03-2022

The log messages posted are interesting. It looks like what is flapping is a tunnel interface rather than the router interface that was the focus in the original post.

So now we see that there is some tunnel and there is BGP that is involved in the instability. We need more information about this environment.

HTH

Rick

Joy3 · ‎05-03-2022

@Richard Burts The Gi1/0/20 is as below:

SW1#sh run int gi1/0/20
Building configuration...

Current configuration : 114 bytes
!
interface GigabitEthernet1/0/20
description TRANSFER_DSL
switchport access vlan 800
switchport mode access
end

And as you have said, this should work although the concept is not very clear to me just yet (if you can shed some light, I will really appreciate). Here is more info on the router config:

R1#sh run int gi0/0/0
Building configuration...

Current configuration : 210 bytes
!
interface GigabitEthernet0/0/0
description INTERNET-UPLINK
vrf forwarding INTERNET
ip address dhcp
no ip redirects
no ip proxy-arp
negotiation auto
service-policy output WAN-EDGE-4-CLASS
end

R1#sh run int tunn100
Building configuration...

Current configuration : 584 bytes
!
interface Tunnel100
bandwidth 18000
bandwidth receive 50000
ip address x.x.x.x
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN-I1
ip nhrp network-id 100
ip nhrp nhs x.x.x.x nbma x.x.x.x multicast
ip nhrp registration timeout 60
ip nhrp redirect
zone-member security DMVPN
ip tcp adjust-mss 1360
delay 1000
cdp enable
if-state nhrp
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 100
tunnel vrf INTERNET
tunnel protection ipsec profile DMVPN-PROFILE-1
end

R1#sh run | sec bgp
router bgp 65500
bgp router-id x.x.x.x
bgp log-neighbor-changes
neighbor AUS-HUB peer-group
neighbor AUS-HUB remote-as 65500
neighbor AUS-HUB timers 20 60
neighbor KEN-HUB peer-group
neighbor KEN-HUB remote-as 65500
neighbor KEN-HUB timers 20 60
neighbor x.x.x.x peer-group AUS-HUB
neighbor x.x.x.x peer-group KEN-HUB
!
address-family ipv4
bgp redistribute-internal
redistribute connected route-map RM-REDIST-CONNECTED-TO-BGP
neighbor AUS-HUB send-community
neighbor AUS-HUB weight 50000
neighbor AUS-HUB next-hop-self all
neighbor AUS-HUB soft-reconfiguration inbound
neighbor KEN-HUB send-community
neighbor KEN-HUB weight 50000
neighbor KEN-HUB next-hop-self all
neighbor KEN-HUB soft-reconfiguration inbound
neighbor x.x.x.x activate
neighbor x.x.x.x activate
distance bgp 201 19 250
exit-address-family
R1#sh run | i ip route
ip route vrf INTERNET 0.0.0.0 0.0.0.0 dhcp

Please let me know if any more info is need.

MHM Cisco World · ‎05-03-2022

this not all config, there is missing config of IP SLA ?

MHM Cisco World · ‎05-03-2022

#show ip route next-hop-override | section H|% <- can you share output of this command

Richard Burts · ‎05-04-2022

So far we have seen a flap of the tunnel interface. Are there any other interfaces that flap? The snippet from show log does show a flap of the tunnel interface. Perhaps a larger selection of the log messages might show something else?

I am trying to understand what you show in the diagram. Clearly G0/0/0 connects to access port 20 in vlan 800. So G0/0/0 gets an IP address in vlan 800. Are there other devices in vlan 800? The diagram show a connection in port 48 to port 2 (?) of the router. Can you tell us about this? Is it a trunk carrying multiple vlans? Then the uplink exits the router on port 3 and connects to port 48 on the second switch. Is this connection a trunk with multiple vlans or is it a single vlan to an access port?

HTH

Rick