Layer 3 Etherchannel on Cisco IOS Switch


(catalino N) #5

Hi rene, I am trying to configure a layer 3 etherchannel, the new version of GNS3 but once configured everything, I can not do ping between the two portchannel, I appreciate your usual help, I’m using the version that uses the IOU of a virtual machine built to GNS3


(Rene Molenaar) #6

Hi Catalino N,

I think this might be an IOU problem, I’ve read before that it accepts the configuration but that you can’t send any traffic through L3 etherchannels.

When you use the show commands, everything looks fine?

Rene


(sze jie k) #7

Hi Rene ,

What s the difference between a l2 and l3 etherchannel ? Beside the fact that a l3 port channel has a IP address .

Do they difference in the way traffic is load balance across the links or ?

Hope to hear your advice soon !


(Rene Molenaar) #8

Hi Alan,

It’s exactly the same as the “switched port” and the “routed port”. The L3 etherchannel has IP addresses, the L2 etherchannel has vlan(s). All the other stuff like load balancing is the same.

Rene


(sze jie k) #9

Hi Rene,

q1) in your example above, for L3 etherchannel setup

q2) can we have an etherchannel of different type at each end of an etherchannel link ?
(E.g. L2 switch to Router? )
L2 on the switch, L3 on the router

q3) for L3 etherchannel, is load balancing different from L2 etherchannel (e.g. L3 loadbalancing is using SRC / DST IP ?), can L3 etherchannel load balance using MAC ?

q4) From you example, i believe we can have different load balance mode on each end of an etherchannel right ?

Hope to hear from you soon.

Regards,
Alan


(Rene Molenaar) #10

Hi Alan,

  1. This was an error which I just fixed. On both ends it should be “no switchport”. There’s two ways how you can create the Etherchannel, you could first manually create the port channel interface and add the physical interfaces or you can do what I did. If you assign physical interfaces to a non-existing port channel then it will be automatically created.

  2. Hmm I haven’t tried this but I guess it could work. It’s similar to connecting a router interface (L3 routed port) to a switch (L2 switchport).

  3. Load balancing is the same for L2 and L3 and you can use a different load balancing method on each side.

Rene


(sze jie k) #11

Hi Rene,

Thanks for the concise reply.

On 2) Is it not a norm to setup etherchannel from switch to router ? I am just wondering if i am to have multiple switches doing etherchannel to a core switch, but if the core switch would have just 1 physical link up to the router, isn’t that the choking point for all the high availability and bandwidth among the switches ?

Regards,
Alan


(Rene Molenaar) #12

Hi Alan,

It depends on your WAN connection. On your LAN we use gigabit links to desktops and perhaps 10 gigabit links (or etherchannel with gigabit) for all internal traffic. If your WAN link is only 100Mbit then that’s your bottleneck.

Rene


(Paul C) #13

Hi René,

Thank you for your excellent book. But concerning this lab, i am curious to know why this does not work for me. I have exactly the same configuration. May be you use a real switch.

For me i use a Cisco Iou layer L2 switch. can you give me some idea? I am confuse.

Thank you again

Paul


(Rene Molenaar) #14

Hi Paul,

I used real switches for this. I think the support for Etherchannel in some of the L2 IOU images might have some bugs.

Since a few weeks I’m using VIRL, just tried PAGP in it and that worked without any issues.

Rene


(Dirk R) #15

Hi Rene, you mention above that you have been able to get L3 PAgP working with VIRL. When I try, the etherchannel is always suspended at both ends. See output of ‘show etherchannel summary’ command.

Group Port-channel Protocol Ports
------±------------±----------±----------------------------------------------
1 Po1(RD) PAgP Gi0/1(s)

I’ve tried ‘sudo vinstall bridge’ & restarting my VIRL vm as recommended on the VIRL discussion pages, however the problem persists and I continue to receive the log message:

*Nov 2 10:48:04.907: %EC-5-L3DONTBNDL1: Gi0/1 suspended: PAgP not enabled on the remote port.

although it is configured on both switches.

Would appreciate any advice regarding how you got it to work.

thank you,

Dirk


(Rene Molenaar) #16

Hi Dirk,

I also experienced this a few times. I didn’t install anything nor rebooted my VIRL server. I’m running the latest version.

I’m not exactly sure what fixed it for me but I think a “shut/no shut” on the PO interface didn’t solve it. After removing the PO interface and adding it again it started to work.

If you want, I can check it again.

Rene


(christopher c) #17

Rene,

Hello, I have a question on models of switches. There are Lan, IP, Enterprise versions, if I want to use the Hot-Standby option I assume the Lan version won’t have that capability. Which versions is this feature supported?

Thanks,

Chris


(Rene Molenaar) #18

Hi Chris,

You can find this in the Cisco feature navigator.

Try this:

  1. Select “search by feature”

  2. Search For: “standby”

  3. Select HSRP on the right side.

  4. On the Release/Platform Tree below select “Platform”. Choose your router/switch

  5. The search results will show you what IOS images support it. For example, here are some results for the 1941 router:

15.2T	15.2(1)T2	ED	No	1941	UNIVERSAL (DATA & SECURITY)
15.2T	15.2(1)T2	ED	No	1941	UNIVERSAL (SECURITY)
15.2T	15.2(1)T2	ED	No	1941	UNIVERSAL (DATA)
15.2T	15.2(1)T2	ED	No	1941	UNIVERSAL (IP BASE)

Hope this helps!

Rene


(christopher c) #19

Rene,

Thanks that helped, looks like I need the IP Base or IP Services model for this to work.

Thanks again,

Chris


(Santhosh S) #20

Hi Rene,

In campus LAN of multi building LAN in hub and spoke setup
Each spoke location runs as much as layer 3
There are few services can’t create local layer 3 subnet e.g. centralized wireless setup
In this case uplinks between spoke and hub need to carry both L2 and L3 network
Since a port can either switched or routed port - this means to carry both the l2 and l3 - there should be 2 active uplinks?


(Rene Molenaar) #21

Hi Santhosh,

Theoretically a L3 design is “better” than a L2 design. Routing protocols like OSPF/EIGRP converge faster than spanning-tree does and instead of blocking redundant links we can do load balancing.

The downside of L3 designs however like you describe is that some services do require L2 and devices that are in the same subnet.

With wireless networking it’s not much of an issue though. The WLC (Wireless LAN controller) has to be connected to a switch through a trunk so that it has access to all required VLANs.

The access points can be located anywhere since they build a L3 CAPWAP tunnel towards the WLC.

Through this CAPWAP tunnel, all VLAN traffic is tunneled. This allows wireless clients to access all the VLANs that the WLC has access to.

Rene


(Santhosh S) #22

Thanks Rene for your response,

Probably WLAN is not good choice of comparing to extended the network since CAPWAP is L3


If you refer to this correct answer in this URL

Assume a access switch (as1) gig0/1 uplink to distribution switch (ds1) gig0/2

as1 switch configuration

!
interface GigabitEthernet0/1
 description ** Uplink to ds1 **
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
!
interface vlan 250
 ip address 192.168.10.11 255.255.255.128
!
interface vlan 350
 description ** Point to point VLAN to ds1**
 ip address 192.168.1.1 255.255.255.252
!
interface GigabitEthernet0/2
 description ** connected to VLAN 10 legacy computer **
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/3
 description ** connected to VLAN 250 client VLAN **
 switchport mode access
 switchport access vlan 250
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2

ds1 switch configuration

vlan 10
description *Legacy computers*
!
int vlan 10
ip address 10.1.1.10 255.255.255.240
!
interface GigabitEthernet0/2
 description ** Uplink to as1 **
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
!
interface vlan 350
 description ** Point to point VLAN to as1**
 ip address 192.168.1.2 255.255.255.252
!

in the above configure (I need to run in GNS3 later this week)

VLAN 10 configured as L2 in as1 and gateway is configured in ds1
Over the uplink trunk VLAN 10 is allowed and at the same time default route is pointed over to VLAN 350 on ds1 from as1
For me this is carrying both l2 and l3 traffic over same uplink connection

Is this working configuration, and also common practice?


(Rene Molenaar) #23

Hi Santhosh,

In this example you’ll have L2 interfaces from the access switch to the distribution switch with SVI interfaces for L3 so yes, you’ll have L2/L3 traffic over the same link. It works but it’s not what we normally do.

With a design like this where we use trunks from the access layer to the distribution layer we normally don’t use SVI interfaces on the access layer. You can stick to cheaper L2 switches for the access layer and let the distribution layer do the routing…that’s where you configure SVI interfaces.

Let me give you two examples for a typical L2 or L3 design.

L2 design:

hostname ASW1
!
interface GigabitEthernet0/1
 description HOST_VLAN10
 switchport access vlan 10
 switchport mode access
 negotiation auto
!
interface GigabitEthernet0/1
 description TRUNK_TO_DSW1
 switchport trunk allowed vlan 10
 switchport trunk encapsulation dot1q
 switchport mode trunk
hostname DSW1
!
interface GigabitEthernet0/1
 description TRUNK_TO_ASW1
 switchport trunk allowed vlan 10
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan10
 ip address 192.168.1.254 255.255.255.0

The design above has L2 on the access layer and L2/L3 on the distribution layer. Here’s a “pure” L3 design, even on the access-layer:

L3 design:

hostname ASW1
!
interface GigabitEthernet0/1
 description ACCESS_VLAN_10
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/2
 description UPLINK_TO_DSW1
 no switchport
 ip address 10.10.10.1 255.255.255.252
!
interface Vlan10
 description GATEWAY_VLAN10
 ip address 192.168.1.254 255.255.255.0
hostname DSW1
!
interface GigabitEthernet0/2
 description LINK_TO_ASW1
 no switchport
 ip address 10.10.10.2 255.255.255.252

In the design above, VLANs are restricted to the access layer switch. The link to the distribution layer is L3. The advantage of this is that you don’t have to deal with STP anymore.

Hope this helps!

Rene


(Mohammad Hasanuz Zaman) #24

Hlw Rene,

What about the Load Balancing for L3 etherchannel ? It would be great if you describe on it .Thanks

br//
zaman