L2 Etherchannel with manageable devices in-between

jacques_henry696 · ‎12-05-2012

Hello,

Attached you'll see what I need:

- Two distant LANs have to communicate through a Layer-2 WAN with fault-tolerance (hence the stacked C2960).

- On each side I have 2 VLANs (2 and 3) and a management VLAN (50) in order to manage layer-2 devices which are between the switches.

- These devices are transparent so etherchannel frames won't be disturbed.

- I have 2 WAN links, that's why I use etherchannel in order to bring the redundancy.

- The etherchannel is between the two stacks of 2960's. The layer-2 devices in-between are not capable of doing 802.3ad.

My question is the following (I tried to simulate it with Cisco Packet Tracer but I failed... ) :

Can I configure an etherchannel for only VLAN 2 and 3 while using the VLAN 50 to manage my devices? Because of the load-balancing, the management packets coming from my management station are load-balanced on the etherchannel link so I have hazardous behaviours when I try to address them...

Is it feasible? Or do you see a better solution?

Thanks a lot in advance!

PS: Ok, for those who ask themselves, the L2 devices in-between are encryption units (and they don't have redundancy capabilities, like VRRP)

cadet alain · ‎12-05-2012

Hi,

the bundled ports in an etherchannel must be on the same devices which is not your case( as i understand fom screenshot). anyway if you had an etherchannel for only 2 vlans then you would have to use a non bundled physical link to transport your management vlan frames.

Regards.

Alain

Don't forget to rate helpful posts.

jacques_henry696 · ‎12-05-2012

Hi Alain,

The bundled ports are on the same logical device: on each side I use stacked 2960's. This works fine.

The second part of your answer frightens me more: so you are saying that I cannot use the same physical link (where the etherchannel is attached to) to transport VLAN 50?

Thanks again!

cadet alain · ‎12-05-2012

Hi,

From your diagram,each physical link that was bundled was going to a different device and that is not possible to do an etherchannel this way.

Concerning second part: if you only allow vlan2 and 3 on the portchannel then of course vlan 50 won't be able to use this logical link so either one of the bundled physical links.So you'll have to use another link dedicated for the vlan 50 that is not bundled.

But normally traffic for each vlan in the bundle should be using a different port, test the different load-balancing algorithms and see if it segregates the vlan 50 traffic on one particular link.

Regards.

Alain

Don't forget to rate helpful posts.

jacques_henry696 · ‎12-05-2012

Hi,

> From your diagram,each physical link that was bundled was going to a different device and that is not possible to do an etherchannel this way.

I see what you mean. I'll try to make myself clear: the etherchannel protocol concerns only the switches (on the right and left side). The 4 devices are operating a L2: they do not interfere with the LCAP messages between the switches. The devices act like a transparent bridge so it is like the switches are directly connected through 2 links. From a LACP point of view, device #1-4 is not seen, it is a cable.

>Concerning second part: if you only allow vlan2 and 3 on the portchannel then of course vlan 50 won't be able to use this logical link so either one of the bundled physical links. So you'll have to use another link dedicated for the vlan 50 that is not bundled.

Yes VLAN 50 is not included into the PortChannel because I don't want any resiliency for this VLAN as I have to address 4 devices individually and the load-balancing methods can interfere with the way the packet are sent. I'll rephrase my question: On a switch, on the two interfaces can I configure a port channel for VLAN 2 and 3 (for resiliency) and VLAN 50 which will not be load-balanced but "routed" "normally", i.e. to its correct destination, on the correct interface.

The configuration for one switch would look like something like that:

interface FastEthernet1/0/1

channel-group 2 mode active

switchport trunk allowed vlan 2-3,50

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet2/0/1

channel-group 2 mode active

switchport trunk allowed vlan 2-3,50

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel2

switchport trunk allowed vlan 2,3

switchport trunk encapsulation dot1q

switchport mode trunk

!

Regards

cadet alain · ‎12-05-2012

Hi,

ok I understood the diagram now.

For your config:

interface Port-channel2

switchport trunk allowed vlan 2,3

This will be copied to both physical links and so no more vlan 50 allowed, as far as I know what you want to achieve is not possible, you'll need an extra link for your management vlan outside of the etherchannel.

Regards.

Alain

Don't forget to rate helpful posts.

jacques_henry696 · ‎12-05-2012

Many thanks for your quick answer.

Ok, so everything I set up in the Port-Channel interface will overwrite what I put in the physical link configuration.

So just to make sure I understood: even if I put "switchport trunk allowed vlan 2-3,50" in the physical interface, it will be overwritten by "switchport trunk allowed vlan 2-3" leaving VLAN 50 outside the link, right?

Unfortunately I don't have a management port on the devices... I'll have to think to another design to achieve this link redundacy.

Regards

cadet alain · ‎12-05-2012

Hi,

Yes as far as I know this is how it works , I'll test it on a pair of switches this evening to confirm but I haven't got 2960, only

3550s.

Regards.

Alain

Don't forget to rate helpful posts.