Solved: 'VLAN MA' detected the 'warning' condition 'Layer 2 subinterfaces may not be transformed into Layer ...

mac87 · ‎03-26-2019

Hi all,

I am trying in IOS XR to configure a bridge group with routed interface bvi and I am getting the following problem.

'VLAN MA' detected the 'warning' condition 'Layer 2 subinterfaces may not be transformed into Layer 3 ones and vice versa'

could you please assist?

l2vpn
bridge group customer1
bridge-domain vl500
interface Bundle-Ether120.500
!
interface Bundle-Ether200.500
!
routed interface BVI500
!

interface BVI500
ipv4 address 10.0.0.1 255.255.255.248

interface Bundle-Ether120
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!

interface TenGigE0/0/0/20
bundle id 120 mode active
!
interface TenGigE0/0/0/21
bundle id 120 mode active

interface TenGigE0/0/0/0
bundle id 200 mode active
!
interface TenGigE0/0/0/1
bundle id 200 mode active

Peter L · ‎03-26-2019

Hi

If i don't remember wrong you get that error when you already have created an interface (default l3) and then try to convert it to l2transport without removing the old one.

Try the following and see if it's work.

no interface Bundle-Ether200.500
no interface Bundle-Ether120.500
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!
commit

Regards Peter

View solution in original post

smilstea · ‎03-27-2019

Yes it is enough, with the traffic flow we have traffic coming in from an access interface inside a VLAN in a bridge domain, that traffic is free to go between any other VLAN in the bridge domain so long as we have the proper rewrite commands. You can have the same VLAN on different physical interfaces in different bridge domains, and they will not be able to talk to each other!

Some traffic will be destined to the BVI as the next-hop or HSRP next-hop which is tied to the BVI, this acts like router on a stick except more advanced in that the BVI can be tied to multiple VLANs whereas an SVI in IOS is tied to a single VLAN and that the same VLAN on multiple physical ports don't have to belong to the same L2 domain. Now that traffic is in L3 world it will live within a routing table, either a VRF or the default table and then go out to its destination within that table.

So in short a VRF is a L3 concept and a bridge-domain is a L2 concept, so we only need a VRF config on the BVI.

Sam

View solution in original post

Peter L · ‎03-26-2019

Hi

If i don't remember wrong you get that error when you already have created an interface (default l3) and then try to convert it to l2transport without removing the old one.

Try the following and see if it's work.

no interface Bundle-Ether200.500
no interface Bundle-Ether120.500
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!
commit

Regards Peter

mac87 · ‎03-26-2019

It worked! Thanks for your help! Do you know whether I can put the sub interfaces in vrf?

Because when I do so I get the following error.

Subinterface or Layer 2 configuration conflicts with existing configuration, or configuration in this commit: L3 configuration is not allowed under a L2 subinterface

smilstea · ‎03-26-2019

VRF is a L3 boundry for prefixes, bridge-domain is a L2 boundry for mac addresses / VLANs. So think of a bridge-domain as a virtual switch for a given L2 network, typically for a single VLAN, with a BVI acting like an SVI in other Cisco products as a L3 hop for the L2 domain.

Sam

mac87 · ‎03-26-2019

HSRP is configured for the BVI interface which is in VRF. The second interface of bridge-domain which is the direct link of the two routers is not in VRF, however HSRP comes UP. How does this work? Is it enough for the bridge-domain that BVI is in VRF?

vrf customer1

description customer1

address-family ipv4

interface BVI20

vrf customer1

ipv4 address 10.0.0.2/29

interface bundle-ether 20

interface bundle-ether 20.20 l2transport

encapsulation dot1q 20

rewrite ingress tag pop 1 symmetric

l2vpn

bridge group customer1

bridge-domain vl20

interface bundle-ether20.20

routed interface BVI20

router hsrp

address-family ipv4

hsrp 20

version 2

address 10.0.0.1

preempt

priority 120

smilstea · ‎03-27-2019

Yes it is enough, with the traffic flow we have traffic coming in from an access interface inside a VLAN in a bridge domain, that traffic is free to go between any other VLAN in the bridge domain so long as we have the proper rewrite commands. You can have the same VLAN on different physical interfaces in different bridge domains, and they will not be able to talk to each other!

Some traffic will be destined to the BVI as the next-hop or HSRP next-hop which is tied to the BVI, this acts like router on a stick except more advanced in that the BVI can be tied to multiple VLANs whereas an SVI in IOS is tied to a single VLAN and that the same VLAN on multiple physical ports don't have to belong to the same L2 domain. Now that traffic is in L3 world it will live within a routing table, either a VRF or the default table and then go out to its destination within that table.

So in short a VRF is a L3 concept and a bridge-domain is a L2 concept, so we only need a VRF config on the BVI.

Sam

mac87 · ‎03-27-2019

Thanks a lot for the information and great support!