Can you please help me to verify what IOS should I use?

Below is the sh ver of the current Switch

sw1#sh ver

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 22-Feb-07 14:40 by myl

Image text-base: 0x00003000, data-base: 0x00EB11A0

ROM: Bootstrap program is C3560 boot loader

BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1)

sw1 uptime is 1 week, 9 hours, 51 minutes

System returned to ROM by power-on

System image file is "flash:c3560-ipbase-mz.122-25.SEE3/c3560-ipbase-mz.122-25.SEE3.bin"

cisco WS-C3560G-24TS (PowerPC405) processor (revision D0) with 118784K/12280K bytes of memory.

Processor board ID FOC1116Y0LD

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)

Gee whiz!  That's an old IOS.

Try 12.2(55)SE8.

Oh I see,

does 12.(55)SE8 support Portchannel subinterface?

does 12.(55)SE8 support Portchannel subinterface?

All IOS will support Etherchannel/Port-Channel.

I do not believe port-channel SUB interface is supported in switches and routers.

What are you actually trying to achieve ? Is it to run VRRP between the Huawei and the Cisco switch for the same vlans ?

If so then it doesn't make sense to configure the Huawei as a L3 port channel with subinterfaces because how can that provide a gateway. This may be a bit difficult to visualise but if the port channel is L3 then only the actual subinterface can be in that subnet on the actual Huawei switch  (what happens on the 3560 depends on how you configure that end). So no ports on the Huawei could be allocated into the same IP subnet (think vlan) because the subnet terminates on the physical interface. Unless of course Huawei switches mean a different thing.

Another way to look at it is with L3 port channel think of it as a router with subinterfaces. On the actual router itself you cannot assign other ports into the same subnet because the subnet only exists in that one subinterface. So you run a switch with a L2 trunk and assign your clients into that.

Maybe that is what the setup is meant to be but if it is why are you trying to configure subinterfaces on the 3560.

So can you clarify exactly what it is you are trying to do between the 3560 and the Huawei and why you are connecting them up in the first place.

Just for reference you can upgrade your IOS but L3 etherchannel should be supported in IP Base ie. i don't believe it is an advanced L3 feature.

Jon

jon.marshall wrote:
What are you actually trying to achieve ? Is it to run VRRP between the Huawei and the Cisco switch for the same vlans ? 

No Sir, Huawei Router has a redundant as well as my cisco switch

SW1 ============HT Router 1
   ||
SW2 ============HT Router 2

The issue is when I tried to configure port-channel11 LACP facing HT routers, the HT router VRRP messed up

See Alarm from HT router below:

Jan  3 2014 15:36:26+08:00 CNR-CS-RTR-002 %%01VRRP/4/STATEWARNINGEXTEND(l)[0]:Virtual Router state MASTER changed to BACKUP, because of priority calculation. (Interface=Eth-Trunk11.250, VrId=7, InetType=IPV4)

Jan  3 2014 15:36:26+08:00 CNR-CS-RTR-002 %%01VRRP/4/STATEWARNINGEXTEND(l)[1]:Virtual Router state BACKUP changed to MASTER, because of protocol timer expired. (Interface=Eth-Trunk11.250, VrId=7, InetType=IPV4)

Jan  3 2014 15:36:25+08:00 CNR-CS-RTR-002 %%01VRRP/4/STATEWARNINGEXTEND(l)[2]:Virtual Router state MASTER changed to BACKUP, because of priority calculation. (Interface=Eth-Trunk11.251, VrId=8, InetType=IPV4)

Jan  3 2014 15:36:25+08:00 CNR-CS-RTR-002 %%01VRRP/4/STATEWARNINGEXTEND(l)[3]:Virtual Router state BACKUP changed to MASTER, because of protocol timer expired. (Interface=Eth-Trunk11.251, VrId=8, InetType=IPV4)

Jan  3 2014 15:35:24+08:00 CNR-CS-RTR-002 %%01VRRP/4/STATEWARNINGEXTEND(l)[4]:Virtual Router state MASTER changed to BACKUP, because of priority calculation. (Interface=Eth-Trunk11.252, VrId=9, InetType=IPV4)

That's why they recommend to do portchannel subinterface **port-channel11.(VLANID)

Also, that I can't do with my 3560.

Did I make it clear SIr?

SW1 ============HT Router 1
   ||
SW2 ============HT Router 2

So are you trying to use the switches to interconnect the HT routers ? And are the HT routers meant to be routing the vlans on your switches ?

If so you have to configure the uplinks to the HT routers as L2 etherchannels just as you have done. There is no other way to do this. You need to make sure that all the links shown above are L2 etherchannels on the switches and that they are also trunk links which allow the vlans across.

If the HT routers are meant to route for the vlans on the switches then you cannot use L3 etherchannel on the switches as this just won't work.

Have you configured the entire path shown in your diagram above ?

Can you confirm whether or not the HT routers are meant to be routing for the vlans on the switches ?

Jon

Have you configured the entire path shown in your diagram above ?
Can you confirm whether or not the HT routers are meant to be routing for the vlans on the switches ? 
Jon

Yes Sir I've done the configuration, flapping stopped but problem now occured in their side/as I said the VRRP error in HT router after I made the Port-channel configuration.

They said that is the standard configuration in this kind of proj

Also why I can't configure "no switchport" in int port-channel11. It says "Incomplete command" and It's not allowed to put IP ADDRESS in portchannel interface.

Is it kind of limitation fot this iOS / Switch?

BTW Thank you Jon

It's still not clear.

Can you answer each question -

1) are the HT routers meant to be routing for the vlans on the switches ?

2) have you configured all the links (shown in your diagram) as etherchannel trunk links with the allowed vlans

3) if 1) is true then i assume you are not running VRRP on any vlan interfaces on the switches

if the HT routers are meant to be routing for the vlans then forget about L3 etherchannel. Even if you could configure a L3 port channel with subinterfaces it would not work. For it to work (assuming the HT routers are routing for the vlans) those links have to be L2 etherchannel trunks.

You configure "no switchport" under the physical interfaces but like i say i don't think this is what you need.

So if you could answer each question and then we will know exactly what you are trying to achieve and we can go from there.

Jon

Hi Jon

1. I think so, kindly see their config below:

See below for Huawei router config

#

interface Eth-Trunk11

description For ITP Link

mode lacp-static

#

interface Eth-Trunk11.250

vlan-type dot1q 250

description For ITP Signaling

shutdown

ip binding vpn-instance SIGTRAN

ip address

vrrp vrid 7 virtual-ip

vrrp vrid 7 priority 140

statistic enable

#

interface Eth-Trunk11.251

vlan-type dot1q 251

description For ITP Application

shutdown

ip binding vpn-instance BE

ip address

vrrp vrid 8 virtual-ip

vrrp vrid 8 priority 140

statistic enable

#

interface Eth-Trunk11.252

vlan-type dot1q 252

description For ITP OM

shutdown

ip binding vpn-instance OM

ip address

vrrp vrid 9 virtual-ip

vrrp vrid 9 priority 140

statistic enable

#

#

#

interface GigabitEthernet5/1/4

description To ITP L3 Switch2

undo shutdown

eth-trunk 11

#

interface GigabitEthernet5/1/5

description To ITP L3 Switch2

undo shutdown

eth-trunk 11

#

2. Yes I already did that.

3. Im not running VRRP on any interfaces.

I am wondering with this kind of configuration in the switch, why suddenly VRRP error on HT router occur?. If I remove the etherchannel, the vrrp error on HT router stops.

I am confused a little by this, can you explain?

When you say "I think so" in answer to question 1) does that mean you don't actually know ? I'm not criticising but you should know whether or not the HT routers are meant to be routing for your vlans. Otherwise how can you set it up properly.

FYI I'm not handling HT routers. I do not know HT router so that's why I am not sure if the config is meant to route vlans. But It is supposed to.

What the VRRP messages seem to be suggesting is that the VRRP hellos are not getting through via your switches. They should be because there is a L2 path all the way through.
I am wondering with this kind of configuration in the switch, why suddenly VRRP error on HT router occur?. If I remove the etherchannel, the vrrp error on HT router stops
  
what i'm not clear about is this statement from you. You seem to be suggesting that if you remove the etherchannel the messages stop but i would have thought if you remove the etherchannel then there is no L2 path between the HT routers so they would not be able to communicate.

I made a mistake on the statement above. The VRRP error exist from the start whether the two ports in the switch is in trunk mode or on port-channel facing HT router.

Also VRRP error exist only in HT router2. No vrrp error seen in HT router1 **according to router guys

Can you tell me why there are hellos From HT router sent going to the switch? Is it for link checking like  "track in HSRP?"

We can do some troubleshooting in terms of switch outputs etc, and i am happy to help but you need to be clear on what you are trying to achieve as we could be trying to solve an issue that is totally different from the one you are trying to solve.
So the easiest way to confirm this is what default gateway are clients in those vlans using. Is it the IP address assigned to the HT subinterface for that vlan or is some other IP address. 

The clients default gateway are the SVIs in the SW not the HT subint IP for the vlans.

so we used the sw to have intervlan connection.

is it supposed to be HT subinterface IP to use?

Josh

Josh

FYI I'm not handling HT routers. I do not know HT router so that's why I am not sure if the config is meant to route vlans. But It is supposed to.

No problem, i was just asking really why you need to connect them up.

Okay, so the switches are doing inter vlan routing for the clients vlans. So this confuses things.

The question i would have now is if the switches are doing inter vlan routing what are the HT routers for ie. what is their purpose. That's what i was trying to ask before. You don't just connect up devices without knowing why you are doing it. Again no criticism is intended, i am just trying to understand what you are trying to achieve.

My best guess at the moment is that the HT routers are used to give you access to remote networks from the client vlans and for remote networks to get to the client vlans. If that is correct and i need you to confirm this then i am not clear why they are using subinterfaces with VRRP.

Is the idea that the switches only use one of the HT routers (ie the VRRP master) to route to remote networks and then if the active HT router fails it moves over to the other one ?

If so i am not clear on why they are using subinterfaces ie. you only need one L3 interface per HT router for the routing.

Ideally you could not run VRRP at all and just use L3 interfaces to connect between the switches and the HT routers and then each HT router could be used at the same time. But like i say, you may only want to use one HT router as primary and only use the other one if the primary fails.

I want to try and help but i am still just guesssing at the purpose of the HT routers. So i need you to clarify why you are connecting your switches to those HT routers. And what the idea is, ie. do you only want to use one HT router and have the other as backup or use both at the same time ?

Jon