02-21-2018 10:58 AM - edited 03-08-2019 01:58 PM
Hi I am trying to figure out how to configure Layer 3 port-channel with subinterfaces.
This is my topology.
Two physical interfaces will be bundled into a single port-channel.
My CSR will act as a "Router On A Stick".
All interfaces on the switch are trunk port, allowing all vlans.
A ping from CSR to IOSv1 is currently not working.
Please take a look at my configuration.
--------CSR--------
interface port-channel 1
no ip address
interface port-channel 1.101
encapsulation dot1q 101
ip address 1.1.1.1 255.255.255.0
interface GigabitEthernet 2
no ip address
channel-group 1
interface GigabitEthernet 3
no ip address
channel-group 1
--------Switch--------
vlan 101
name Test
interface GigabitEthernet 0/1
switch trunk encapsulation dot1q
switch mode trunk
interface GigabitEthernet 0/2
switch trunk encapsulation dot1q
switch mode trunk
interface GigabitEthernet 0/3
switch trunk encapsulation dot1q
switch mode trunk
--------IOSv-1--------
interface GigabitEthernet 0/2
ip address 1.1.1.2 255.255.255.0
Is there anything I am missing?
I appreciate your help in advance.
02-21-2018 11:38 AM
Where is the Portchannel configuration for the switch?
02-21-2018 11:42 AM
Thanks for the reply.
There is no Port-channel configuration for the switch, because the port-channel on the router is only used for the failover purpose.
02-21-2018 12:14 PM
Hello,
I would think you would want to put the switch interfaces into a port-channel or you are going to potentially see mac flaps. However, I think it would still work.
I think your problem is that the IOS device is not tagging traffic so it is coming into the switch untagged. There is nothing telling it to put the traffic into vlan 101.
On the port connected to iosv-1, set it to either an access port in vlan 101 (switchport mode access and switchport access vlan 101) or change the native vlan to 101 (switch trunk native vlan 101)
Hope this helps!
02-21-2018 12:27 PM
Hi Bradley,
Thank you very much for the detailed guide.
However, I also tried putting the port connected to iosv-1 into "switchport access vlan 101" and "switchport mode access", but got the same result.
I also created an "interface vlan 101" on the switch with IP address of 1.1.1.3/24, and tested the ping between each device. As a result, the ping between the switch(1.1.1.3) and IOSv-1(1.1.1.2) worked, but the ping between the switch(1.1.1.3) and CSR(1.1.1.1) didn't.
I think what you mentioned is true when it's applied to the CSR. The traffic from the CSR is not being tagged with vlan information. When I replaced the command "encapsulation dot1q 101" with "encapsulation dot1q 101 native", then the ping from CSR to the IOSv-1 worked.
How can I ensure the traffic from the port-channel subinterface gets tagged with vlan?
I appreciate your help, Bradley.
02-21-2018 12:31 PM
Hello,
Can you repaste your configurations for the switch and CSR? You can leave out the IOS device since we know that is not the issue. Can you also gather the outputs of show spanning-tree from the switch?
Thanks!
02-21-2018 12:46 PM
Thanks Bradley.
Please find them below.
-----------------------CSR------------------------------
interface Port-channel1
no ip address
negotiation auto
!
interface Port-channel1.101
encapsulation dot1Q 101
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet2
no ip address
negotiation auto
channel-group 1
!
interface GigabitEthernet3
no ip address
negotiation auto
channel-group 1
!
---------------------Switch---------------------------
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
negotiation auto
!
interface GigabitEthernet0/3
switchport access vlan 101
switchport mode access
media-type rj45
negotiation auto
!
interface Vlan101
ip address 1.1.1.3 255.255.255.0
----------------------Show spanning-tree------------------------
Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 5e00.0001.0000
Cost 4
Port 1 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 5e00.4000.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0 Root FWD 4 128.1 P2p
Gi0/1 Desg FWD 4 128.2 P2p
Gi0/2 Desg FWD 4 128.3 P2p
VLAN0101
Spanning tree enabled protocol ieee
Root ID Priority 32869
Address 5e00.4000.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32869 (priority 32768 sys-id-ext 101)
Address 5e00.4000.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/3 Desg FWD 4 128.4 P2p
02-21-2018 12:49 PM
Hello,
I have it now. You haven't actually made the interface trunks. The command "switchport trunk encapsulation dot1q" just sets the encapsulation IF the interface is a trunk. However, if you were to run "show run int gig0/1 switchport" the operational mode would be access in vlan 1.
You need to add "Switchport mode trunk" as well to Gig0/1 and Gig0/2 and remove the native KW from the port-channel on the CSR.
Hope that helps!
02-21-2018 12:59 PM
Hi Bradley,
I simply forgot to include there.
But in the actual config, there was "switchport mode trunk" command under the interfaces on the switch. Also, the keyword "native" was not included in the port-channel configuration.
Thank you
02-21-2018 01:08 PM
Hello,
There is something wrong because vlan 101 is not forwarding on Gig0/1 and Gig0/2. Is vtp enabled? Can you send over "show vtp status", "show int trunk", "show int gig0/1 switchport", and "show int gig0/1 pruning". Thanks!
02-21-2018 01:30 PM
---------show vtp status---------
Switch#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 5e00.4000.8000
Configuration last modified by 0.0.0.0 at 2-16-18 19:37:48
Local updater ID is 1.1.1.3 on interface Vl101 (lowest numbered VLAN interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
Configuration Revision : 1
MD5 digest : 0x8B 0x7A 0x5D 0xE8 0xE6 0xD4 0x60 0x78
0xD2 0xA3 0x6E 0x3C 0xFB 0x25 0x5F 0xB2
----------------show int trunk--------------
Switch# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1,101
Gi0/2 1,101
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,101
Gi0/2 1,101
-------------------show int gig0/1 switchport------------------
Switch#show interfaces gigabitEthernet 0/1 switchport
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
--------------------show int gig0/1 pruning---------------------
Switch#show interfaces gigabitEthernet 0/1 pruning
Pruning not currently enabled in this device's VTP administrative domain.
Hi Bradley,
I really appreciate your help.
Is it possible to have a webex session with you?
I may be asking for too much, so please let me know if you don't want to.
I can send you a webex session.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide