Hi All,
I'm hoping here might be the right place to find some advice for an issue I'm having at the moment with ISR4331 & SM-X-ES3-16-P.
Router/Switch 1 and Router/Switch 2 are the 4331 and the SP-X-ES3-16-P.
Gi0/0/0 on both routers are connected to a VPLS which is on the subnet 192.168.204.0/24 network which is area 0 on the OSPF. There are additional routers connected to this network.
The 4331’s are configured with a Trunk port to the SP-X-ES3-16-P as per the installation guide.
The configuration is as follows: Router 1
interface GigabitEthernet0/0/0
ip address 192.168.204.160 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group nrtsout out
negotiation auto
no cdp enable
!
interface Ethernet-Internal1/0/0
switchport trunk allowed vlan 60
switchport mode trunk
!
interface Vlan60
ip address 10.156.31.1 255.255.255.252
ip ospf hello-interval 1
!
router ospf 160
router-id 10.156.31.8
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Ethernet-Internal1/0/0
no passive-interface Vlan60
network 10.156.31.0 0.0.0.3 area 160
network 10.156.31.8 0.0.0.0 area 160
network 192.168.204.0 0.0.0.255 area 0
SM1:
ip routing
!
interface Loopback0
ip address 10.156.31.9 255.255.255.255
!
interface GigabitEthernet0/2
switchport access vlan 620
no cdp enable
!
interface GigabitEthernet0/5
switchport access vlan 640
no cdp enable
!
interface GigabitEthernet0/8
switchport access vlan 660
no cdp enable
!
interface GigabitEthernet0/16
switchport access vlan 670
no cdp enable
!
interface GigabitEthernet0/17
switchport protected
!
interface GigabitEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
switchport protected
!
interface Vlan60
ip address 10.156.31.2 255.255.255.252
ip ospf hello-interval 1
!
interface Vlan620
ip flow ingress
ip address 10.156.2.200 255.255.255.0 secondary
ip address 10.156.2.252 255.255.255.0
ip access-group interrcc in
no ip redirects
no ip unreachables
no ip proxy-arp
ntp broadcast
vrrp 62 ip 10.156.2.254
vrrp 62 priority 254
vrrp 62 track 10 decrement 100
!
interface Vlan640
ip flow ingress
ip address 192.168.42.9 255.255.255.248
no ip proxy-arp
ntp broadcast
!
interface Vlan660
ip flow ingress
ip address 10.156.31.254 255.255.255.240
no ip proxy-arp
ntp broadcast
!
interface Vlan670
ip flow ingress
ip address 10.156.31.29 255.255.255.240
no ip proxy-arp
ntp broadcast
vrrp 65 ip 10.156.31.30
vrrp 65 priority 254
vrrp 65 track 10 decrement 100
!
router ospf 160
router-id 10.156.31.9
redistribute static subnets route-map OSPF_REDST_SWRCC_FW
passive-interface default
no passive-interface Vlan60
no passive-interface GigabitEthernet0/18
network 10.156.2.0 0.0.0.255 area 160
network 10.156.31.0 0.0.0.3 area 160
network 10.156.31.9 0.0.0.0 area 160
network 10.156.31.16 0.0.0.15 area 160
network 10.156.31.240 0.0.0.15 area 160
Router2:
interface GigabitEthernet0/0/0
ip address 192.168.204.161 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group nrtsout out
negotiation auto
no cdp enable
!
interface Ethernet-Internal1/0/0
switchport trunk allowed vlan 60
switchport mode trunk
!
interface Vlan60
ip address 10.156.31.5 255.255.255.252
ip ospf hello-interval 1
!
router ospf 160
router-id 10.156.31.10
passive-interface default
no passive-interface GigabitEthernet0/0/0
no passive-interface Ethernet-Internal1/0/0
no passive-interface Vlan60
network 10.156.31.4 0.0.0.3 area 160
network 10.156.31.10 0.0.0.0 area 160
network 192.168.204.0 0.0.0.255 area 0
SM2:
ip routing
!
interface GigabitEthernet0/2
switchport access vlan 620
no cdp enable
!
interface GigabitEthernet0/5
switchport access vlan 640
no cdp enable
!
interface GigabitEthernet0/8
switchport access vlan 660
no cdp enable
!
interface GigabitEthernet0/16
switchport access vlan 670
no cdp enable
!
interface GigabitEthernet0/18
switchport trunk encapsulation dot1q
switchport mode trunk
switchport protected
!
interface Vlan60
ip address 10.156.31.6 255.255.255.252
ip ospf hello-interval 1
!
interface Vlan620
ip flow ingress
ip address 10.156.2.251 255.255.255.0
ip access-group interrcc in
no ip redirects
no ip unreachables
no ip proxy-arp
ntp broadcast
vrrp 62 ip 10.156.2.254
vrrp 62 priority 200
vrrp 62 track 10 decrement 100
!
interface Vlan640
ip flow ingress
ip address 192.168.42.9 255.255.255.248
no ip proxy-arp
ntp broadcast
!
interface Vlan660
ip flow ingress
ip address 10.156.31.254 255.255.255.240
no ip proxy-arp
ntp broadcast
!
interface Vlan670
ip flow ingress
ip address 10.156.31.27 255.255.255.240
no ip proxy-arp
ntp broadcast
vrrp 65 ip 10.156.31.30
vrrp 65 priority 200
vrrp 65 track 10 decrement 100
!
router ospf 160
router-id 10.156.31.11
redistribute static subnets route-map OSPF_REDST_SWRCC_FW
passive-interface default
no passive-interface Vlan60
no passive-interface GigabitEthernet0/18
network 10.156.2.0 0.0.0.255 area 160
network 10.156.31.4 0.0.0.3 area 160
network 10.156.31.11 0.0.0.0 area 160
network 10.156.31.16 0.0.0.15 area 160
network 10.156.31.240 0.0.0.15 area 160
The issue we are having is that Vlans 620,640,650,670 are showing as up and OSPF is routing these vlans even though there are no physical connections to the gi interfaces for the associated vlans.
I understand why - because there is a trunk port - but if you run the command switchport autostate exclude then all VLANs (Including vlan 60) go down, meaning no traffic can flow to the Layer 3 switch module.
Is there another way to configure the internal interfaces to only keep VLAN 60 up, or to configure it as a layer 3 interface and not a trunk interface? (Our 2911s and SM-ES3G-16-P where configured this way but it doesn't seem possible on these ISRs.)
I tried to run the command switchport “switchport trunk allowed vlan 60” however this will not apply as the command rejected - cannot be run on this interface.
Thanks
Joe.
