Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2060
Views
0
Helpful
6
Replies

VLAN traffic not passing properly

jijones
Level 1
Level 1

‎08-15-2019 08:52 AM

I'm having an issue where it doesn't appear my switch it properly passing vlan traffic. I have an NNI connection what we are trying to connect through a stack of 3850 switches. Because its an NNI we are connecting it into a trunk port on the switch to vlan it off to separate traffic before extending it into our Nexus 3000 which will act as the layer 3 interface. Here is what I have configured so far:

 

3850:

interface GigabitEthernet1/0/35
description xxxx
switchport trunk allowed vlan 1400,1401
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
!
interface GigabitEthernet1/0/36
description xxxxx
switchport access vlan 1400
switchport mode access
switchport nonegotiate
speed 1000
duplex full

 

Nexus 3000:

interface Ethernet1/11
speed 1000
description xx
no switchport
duplex full

 

interface Ethernet1/11.1
description xx
encapsulation dot1q 1400
vrf member xx
ip address 10.x.x.x/30

 

 

Now here's the problem. If I connect my NNI directly into port 11 on my Nexus, the connection comes up just fine, and I'm able to ping across to the other side of the private connection going over the NNI which is part of the 10.x.x.x/30 you see on the nexus config. However, when I connect the NNI to port 1/0/35 on the 3850, and connect port 1/0/36 to the Nexus, I can no longer ping. All interfaces on the 3850 and the Nexus show up/up, I don't see any collisions or errors on any of the interfaces, and I see traffic counters incrementing. My understanding is that the way I have the ports on the 3850 configured, vlan 1400 should just be acting as a layer 2 switch and should still be passing traffic to the nexus with the 802.1q tag still in place. So basically it should still be acting as if the NNI where still directly connected to the Nexus. I can't for the life of me figure out why this is not working. Any insight would be appreciated. I don't know how much this matters but the 3850 does have "vtp mode transparent" configured. 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎08-15-2019 09:04 AM

Trying to understand your config

 

what is the port connected to Nexus ? between 3850 to Nexus 3K

 

can you post that configuration,  is that a Trunk ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jijones
Level 1
Level 1
In response to balaji.bandi

‎08-15-2019 09:09 AM

The port connected to nexus it 1/0/36. The config for that interface is shown in my original post. It is currently an access port. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jijones

‎08-15-2019 11:35 AM

if your 3850 1/0/36 - nexus interface Ethernet1/11

 

how do you expect one side access port other side no switch port to work ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jijones
Level 1
Level 1
In response to balaji.bandi

‎08-15-2019 12:20 PM

Are you saying both ports on the 3850 need to be trunk ports? Ethernet 1/11 is set to no switchport on the Nexus because it has a subinterface of 1/11.1 that you will see in my original post. That sub-interface has an IP attached on it, but still has 802.1q encapsulation set on it. Does the access port strip the 802.1q vlan tag?

0 Helpful

Georg Pauwen
VIP
VIP
In response to jijones

‎08-15-2019 02:29 PM

Hello,

 

it is kind of hard to understand what you are trying to connect to what. What exactly do you mean by NNI ? The subinterface on the Nexus basically means you configure inter Vlan routing, so the connecting port on the 3850 needs to be a trunk.

 

Better to post a schematic drawing of your topology that shows what the NNI is and where you are connecting it to...

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎08-17-2019 09:24 AM

I believe that this statement shows the basic problem. "The port connected to nexus it 1/0/36." So on Nexus we have a port expecting to receive tagged frames. But it is connected to Gig1/0/36 which is an access port. All access ports send frames with no tagging. So you have a fundamental mismatch. It looks to me that you could solve the issue if you connect Gig1/0/35 to Nexus which will send the tagged frame that the Nexus expects. Or you could solve the issue by changing the Nexus config and remove the sub interface and allow Eth1/11 to be a switch port. Either approach should work and the choice of which to use depends on other aspects of your design that we do not know.

 

HTH

 

Rick

 

 

 

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card