Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3273
Views
10
Helpful
6
Replies

'VLAN MA' detected the 'warning' condition 'Layer 2 subinterfaces may not be transformed into Layer 3 ones and vice versa'

Go to solution
mac87
Level 1
Level 1

‎03-26-2019 06:41 AM

Hi all,

 

I am trying in IOS XR  to configure a bridge group with routed interface bvi and I am getting the following problem.

 

'VLAN MA' detected the 'warning' condition 'Layer 2 subinterfaces may not be transformed into Layer 3 ones and vice versa'

 

could you please assist?

 

l2vpn
bridge group customer1
bridge-domain vl500
interface Bundle-Ether120.500
!
interface Bundle-Ether200.500
!
routed interface BVI500
!

 

interface BVI500
ipv4 address 10.0.0.1 255.255.255.248

 

interface Bundle-Ether120
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!

 


interface TenGigE0/0/0/20
bundle id 120 mode active
!
interface TenGigE0/0/0/21
bundle id 120 mode active

 


interface TenGigE0/0/0/0
bundle id 200 mode active
!
interface TenGigE0/0/0/1
bundle id 200 mode active

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Peter L
Level 1
Level 1

‎03-26-2019 06:56 AM

Hi

If i don't remember wrong you get that error when you already have created an interface (default l3) and then try to convert it to l2transport without removing the old one. 

 

Try the following and see if it's work.

no interface Bundle-Ether200.500
no interface Bundle-Ether120.500
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!
commit

 

Regards Peter

 

View solution in original post

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to mac87

‎03-27-2019 07:12 AM

Yes it is enough, with the traffic flow we have traffic coming in from an access interface inside a VLAN in a bridge domain, that traffic is free to go between any other VLAN in the bridge domain so long as we have the proper rewrite commands. You can have the same VLAN on different physical interfaces in different bridge domains, and they will not be able to talk to each other!

 

Some traffic will be destined to the BVI as the next-hop or HSRP next-hop which is tied to the BVI, this acts like router on a stick except more advanced in that the BVI can be tied to multiple VLANs whereas an SVI in IOS is tied to a single VLAN and that the same VLAN on multiple physical ports don't have to belong to the same L2 domain. Now that traffic is in L3 world it will live within a routing table, either a VRF or the default table and then go out to its destination within that table.

 

So in short a VRF is a L3 concept and a bridge-domain is a L2 concept, so we only need a VRF config on the BVI.

 

Sam

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Peter L
Level 1
Level 1

‎03-26-2019 06:56 AM

Hi

If i don't remember wrong you get that error when you already have created an interface (default l3) and then try to convert it to l2transport without removing the old one. 

 

Try the following and see if it's work.

no interface Bundle-Ether200.500
no interface Bundle-Ether120.500
!
interface Bundle-Ether120.500 l2transport
encapsulation dot1q 500
!
interface Bundle-Ether200.500 l2transport
encapsulation dot1q 500
!
commit

 

Regards Peter

 

Go to solution
mac87
Level 1
Level 1
In response to Peter L

‎03-26-2019 07:37 AM

It worked! Thanks for your help! Do you know whether I can put the sub interfaces in vrf?

 

Because when I do so I get the following error.

 

Subinterface or Layer 2 configuration conflicts with existing configuration, or configuration in this commit: L3 configuration is not allowed under a L2 subinterface

 

 

0 Helpful

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to mac87

‎03-26-2019 10:18 AM

VRF is a L3 boundry for prefixes, bridge-domain is a L2 boundry for mac addresses / VLANs. So think of a bridge-domain as a virtual switch for a given L2 network, typically for a single VLAN, with a BVI acting like an SVI in other Cisco products as a L3 hop for the L2 domain.

 

Sam

Go to solution
mac87
Level 1
Level 1
In response to smilstea

‎03-26-2019 12:41 PM

HSRP is configured for the BVI interface which is in VRF. The second interface of bridge-domain which is the direct link of the two routers is not in VRF, however HSRP comes UP. How does this work? Is it enough for the bridge-domain that BVI is in VRF?

 

vrf customer1

description customer1

address-family ipv4

 

interface BVI20

vrf customer1

ipv4 address 10.0.0.2/29

 

interface bundle-ether 20

 

interface bundle-ether 20.20 l2transport

encapsulation dot1q 20

rewrite ingress tag pop 1 symmetric

 

 

l2vpn

   bridge group customer1

       bridge-domain vl20

          interface bundle-ether20.20

          routed interface BVI20

 

router hsrp

   address-family ipv4

     hsrp 20

     version 2

     address 10.0.0.1

     preempt

     priority 120

    

 

 

0 Helpful

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to mac87

‎03-27-2019 07:12 AM

Yes it is enough, with the traffic flow we have traffic coming in from an access interface inside a VLAN in a bridge domain, that traffic is free to go between any other VLAN in the bridge domain so long as we have the proper rewrite commands. You can have the same VLAN on different physical interfaces in different bridge domains, and they will not be able to talk to each other!

 

Some traffic will be destined to the BVI as the next-hop or HSRP next-hop which is tied to the BVI, this acts like router on a stick except more advanced in that the BVI can be tied to multiple VLANs whereas an SVI in IOS is tied to a single VLAN and that the same VLAN on multiple physical ports don't have to belong to the same L2 domain. Now that traffic is in L3 world it will live within a routing table, either a VRF or the default table and then go out to its destination within that table.

 

So in short a VRF is a L3 concept and a bridge-domain is a L2 concept, so we only need a VRF config on the BVI.

 

Sam

0 Helpful

Go to solution
mac87
Level 1
Level 1
In response to smilstea

‎03-27-2019 09:02 AM

Thanks a lot for the information and great support!

0 Helpful
Customers Also Viewed These Support Documents