I'm having an issue where it doesn't appear my switch it properly passing vlan traffic. I have an NNI connection what we are trying to connect through a stack of 3850 switches. Because its an NNI we are connecting it into a trunk port on the switch to vlan it off to separate traffic before extending it into our Nexus 3000 which will act as the layer 3 interface. Here is what I have configured so far:
switchport trunk allowed vlan 1400,1401
switchport mode trunk
switchport access vlan 1400
switchport mode access
encapsulation dot1q 1400
vrf member xx
ip address 10.x.x.x/30
Now here's the problem. If I connect my NNI directly into port 11 on my Nexus, the connection comes up just fine, and I'm able to ping across to the other side of the private connection going over the NNI which is part of the 10.x.x.x/30 you see on the nexus config. However, when I connect the NNI to port 1/0/35 on the 3850, and connect port 1/0/36 to the Nexus, I can no longer ping. All interfaces on the 3850 and the Nexus show up/up, I don't see any collisions or errors on any of the interfaces, and I see traffic counters incrementing. My understanding is that the way I have the ports on the 3850 configured, vlan 1400 should just be acting as a layer 2 switch and should still be passing traffic to the nexus with the 802.1q tag still in place. So basically it should still be acting as if the NNI where still directly connected to the Nexus. I can't for the life of me figure out why this is not working. Any insight would be appreciated. I don't know how much this matters but the 3850 does have "vtp mode transparent" configured.
Trying to understand your config
what is the port connected to Nexus ? between 3850 to Nexus 3K
can you post that configuration, is that a Trunk ?
The port connected to nexus it 1/0/36. The config for that interface is shown in my original post. It is currently an access port.
if your 3850 1/0/36 - nexus interface Ethernet1/11
how do you expect one side access port other side no switch port to work ?
Are you saying both ports on the 3850 need to be trunk ports? Ethernet 1/11 is set to no switchport on the Nexus because it has a subinterface of 1/11.1 that you will see in my original post. That sub-interface has an IP attached on it, but still has 802.1q encapsulation set on it. Does the access port strip the 802.1q vlan tag?
it is kind of hard to understand what you are trying to connect to what. What exactly do you mean by NNI ? The subinterface on the Nexus basically means you configure inter Vlan routing, so the connecting port on the 3850 needs to be a trunk.
Better to post a schematic drawing of your topology that shows what the NNI is and where you are connecting it to...
I believe that this statement shows the basic problem. "The port connected to nexus it 1/0/36." So on Nexus we have a port expecting to receive tagged frames. But it is connected to Gig1/0/36 which is an access port. All access ports send frames with no tagging. So you have a fundamental mismatch. It looks to me that you could solve the issue if you connect Gig1/0/35 to Nexus which will send the tagged frame that the Nexus expects. Or you could solve the issue by changing the Nexus config and remove the sub interface and allow Eth1/11 to be a switch port. Either approach should work and the choice of which to use depends on other aspects of your design that we do not know.