cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4015
Views
0
Helpful
22
Replies

L2 Switch to L3 Switch

jasongr33nway
Level 1
Level 1

I have two 3850s (Stacked) at our DR site. Everything is working fine from our OPS site to our DR site. There are a few more devices we need to add to our DR site and our 3850s are out of INTs. I visited yesterday and trunked a L2 (2960-s) switch to one of the 3850s. My issue is, I cannot pass any traffic from the L2 switch to any of the SVIs on the 3850 unless I create and SVI on the L2 switch for each SVI on the 3850. I thought I would be able to trunk the L2, add vlans and pass traffic over the trunk without creating SVIs on the L2 switch.

 

3850:
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan7
 description DR-Hotsite vlan
 ip address 10.7.254.1 255.255.0.0
 ip helper-address 10.6.240.11
 no ip proxy-arp
!
interface Vlan12
 description dr-voice-vlan
 ip address 10.12.254.1 255.255.0.0
 no ip proxy-arp
!
interface Vlan57
 description SJ RPA-WAN Vlan 57
 ip address 10.5.7.254 255.255.255.0
 no ip proxy-arp
!
interface Vlan108
 description DR ISCSI Vlan 108
 ip address 10.108.254.1 255.255.0.0
 no ip proxy-arp
!
interface Vlan109
 description DR ISCSI Vlan 109
 ip address 10.109.254.1 255.255.0.0
 no ip proxy-arp
!
interface Vlan252
 description L2_MANAGEMENT_INT
 ip address 10.8.252.1 255.255.255.0
!
interface Vlan614
 ip address 172.16.188.2 255.255.255.252
 no ip proxy-arp

 

C3850-STACK-DR-M0-1#sh int gi 2/0/23 switchport
Name: Gi2/0/23
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

 

C3850-STACK-DR-M0-1#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/14    on               802.1q         trunking      1
Gi1/0/18    on               802.1q         trunking      1
Gi1/0/20    on               802.1q         trunking      1
Gi2/0/19    on               802.1q         trunking      1
Gi2/0/23    on               802.1q         trunking      1
Po1         on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/14    614
Gi1/0/18    7,12
Gi1/0/20    7,12,800
Gi2/0/19    7,12,800
Gi2/0/23    1-4094
Po1         7,12,800

Port        Vlans allowed and active in management domain
Gi1/0/14    614
Gi1/0/18    7,12
Gi1/0/20    7,12,800
Gi2/0/19    7,12,800
Gi2/0/23    1,7,10,12,57,108-109,614,800,900
Po1         7,12,800

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/14    614
Gi1/0/18    7,12
Gi1/0/20    7,12,800
Gi2/0/19    7,12,800
Gi2/0/23    1,7,10,12,57,108-109,614,800,900
Po1         7,12,800

 

2960:

DR_2960-S(config)#do sh int gi 1/0/47 switchport
Name: Gi1/0/47
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

 

DR_2960-S#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/47    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/47    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/47    1,7,10,12,57,108-109,252,614,800,900

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/47    1,7,10,12,57,108-109,252,614,800,900

 

 

 

22 Replies 22

Your 4500 is receiving a /30 advertisement for that network when it's configured as a /16 on your 3850.

No it is showing up as /30 in sh ip route

 

C        172.16.188.0/30 is directly connected, Vlan614
L        172.16.188.2/32 is directly connected, Vlan614

 

interface Vlan614
 ip address 172.16.188.2 255.255.255.252
 no ip proxy-arp

Sorry, got my networks mixed up. We've got the 10.7.0.0/16 network on the 2960, right?

No worries. Yes, that is correct.

 

Every single device on the 10.7 can get across MPLS, except that switch.

!A means "Administratively Prohibited". Possible ACL on that device?

Its possible. I have no idea what that device is. I have no access to it. Ill find out what it is before looking any further.

 

Thank you both for your help!

I was able to find that device is a vendors router. I was able to get them to shut down that interface. I still had the same issue trying to pass traffic over the WAN from the L2 device.

Trying to traceroute to 172.16.188.1

 

DR_2960-S#traceroute 172.16.188.1
Type escape sequence to abort.
Tracing the route to 172.16.188.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.7.254.5 !A  *  !A
DR_2960-S#ping 10.7.254.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.254.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1002 ms

 

I have no idea what that .5 is