I am not familiar with using the command no ip address as a way to make an L2 interface into an L3 interface on an L3 switch. The command no switchport is indeed the method I am familiar with. Now if you look at the configuration of an L3 switch and see the default configuration of a port that has been configured to be a L3 switch, you will see the “no ip address” command in the config. Is that maybe what you have seen?
I personally haven’t seen such a method for converting a L2 port to L3, and conducting a short research on the Internet hasn’t brought up anything. @ReneMolenaar any thoughts?
I have seen the below configuration on a production switch (cisco WS-C6509-V-E)
switch#sh etherchannel summary | b Group
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
200 Po200(RU) LACP Gi2/40(P) Gi2/41(P)
switch#sh run int gi2/40
interface GigabitEthernet2/40
description xxxx
no ip address
no snmp trap link-status
storm-control broadcast level 1.00
no cdp enable
channel-group 200 mode active
end
So after that i have done some research on the internet, and the only thing i have found is the following comment from a cisco ccie engineer on the below link: “On some older switches you will not see the no switchport command but you will see the no ip address command. Its just kind of there even though it is a layer 2 port.”
As is the case with various commands in routers and switches, some commands are found in the config as default values, even if we haven’t configured anything. In a 2811 router for example, you will see the following preconfigured on all interfaces:
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
Now as the CCIE pointed out, if the interface is configured as a L3 interface, it makes sense that this command is “preconfigured” in there just like it would be on the above router interface. However, it is strange to have it preexisting on an L2 interface where IP addresses have no meaning. If certain older IOS versions do that by default, then there it is, but I haven’t seen that personally.
As for the config you show above, it could be that this interface is part of an etherchannel group that is functioning at layer 3. Do we know the config of the portchannel interface? It would be interesting to see that. Also, do you have the IOS version running on the switch in question?
Thanks for the additional info. I hope this has been helpful!
switch#sh version | i IOS
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI8a, RELEASE SOFTWARE (fc1)
switch#sh run int po200
interface Port-channel200
description xxx
ip address x.x.x.x 255.255.255.254
ipv6 address xxxxxx/64
ipv6 ospf x area 0
no snmp trap link-status
storm-control broadcast level 1.00
end
So we see from the configuration of the port channel interface that it is indeed a layer 3 port channel configuration since there is an IP address configured. This means that the underlying physical interfaces must also be configured as layer 3. Now this is what I’ve found:
In Rene’s lesson, he is using a smaller Cisco IOS device while in your case it is a 6500 series L3 switch. Rene states that you should configure the no switchport command on the interfaces that will take part in the L3 etherchannel link. However, for a 6500 series switch, this command is not necessary. By making a port part of an etherchannel link using the channel group number, it automatically makes it a layer 3 interface, so no need to use the no switchport command. This means, that on any L3 port on an IOS device, if you have not configured the IP address, the configuration should explicitly state no ip address.
Now the interesting thing is that looking at the following Cisco documentation that explains step by step how to configure L3 etherchannel on a 6500 series switch, it explicitly states to add the command no ip address to ensure that there is no IP address:
Now this whole discussion began by asking the question “does the no ip address command do the same thing as the no switchport command?”
I’d have to say definitively no. On the 6500 series L3 switches, by making an etherchannel L3 and assigning specific ports to the channel group, those physical ports automatically become L3 ports. The no ip address is just good practice to put it in to ensure that an IP address has not been configured.
The only other thing to do is to test and see if this command is in the config of the physical interfaces participating in the L3 etherchannel after it has been configured even if you don’t add it explicitly. Worth an experiment.
L3 Port channel vs routing ECMP - which is better solution from design and operation prospective ? when connect a router with two nexus switches . Use vpc or configure dynamic routing ?
Thank You
Despite its name, the load balancing that occurs over an L3 Etherchannel link is strictly a Layer 2 mechanism, while ECMP is a Layer 3 mechanism. This fact will help in determining where and when to apply each.
Specifically, L3 Etherchannel should be used when connecting to servers with multiple NICs or when you desire to have a redundant Layer 2 topology between switches, such as in a datacenter or the core of your network.
ECMP should be employed where you want to have multiple Layer 3 paths to be used for your traffic. This can extend beyond just a datacenter or the core of your network and can move into the distribution area as well.
ECMP has a broader range encompassing multiple subnets/LANs while L3 Etherchannel is confined to a single subnet/LAN.
Hello,
So I’m labbing this now and I’m stuck on a fundamental concept so my apologies in advance. What I’d like clarification on is you will not be able to ping to the host on ASW1 from DSW1 due to no routing protocol enabled. I might be off topic and this should be in a SVI post. I have been at this for hours and it seems if I have only a L2 device if i use a /30 link to a L3 device without a routing protocol I’m unable to ping any hosts in my vlan subnet. I also don’t see the dependent routes when i sh ip route. This is with or without a static default route built. I think I understand the concept mentioned above until it comes to the /30 link. I’d really like to know what I’m missing.
I’m referencing the “Let me give you two examples for a typical L2 or L3 design.” post from Mar 2016.
Thanks in advance,
Mike
Hello Mike,
if I am understanding your post correctly, you are refering to “L3 design” part in Rene’s post. Configuration provided is correct. But if you want hosts in vlan 10 on ASW1 to ping routed interface on DSW1 you have to configure two more things.
Enable ip routing on MLS ASW1 and DSW1 by command “ip routing” in global configuration.
Create static route on DSW1 pointing towards vlan 10 on ASW1 using global configuration command “ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/2 10.10.10.1”.
Make sure your hosts in vlan 10 are using ip address of SVI in vlan 10 on ASW1 as default gateway. In Rene’s example it is ip 192.168.1.254.
If this does not help you, please share screenshot of your topology and also configuration of all nodes, so we can look at it and figure out any issues.
Thanks Fugazz! There’s no doubt Rene’s config is correct. The concept I’m having difficultly with are / 30 address and routing the SVI’s. I’m not clear how a 10.10.10.1-2 / 30 between the L2 and L3 device is able to pass information to the routing table from the L2 side. I’m somewhat clear (still learning) about the SVI’s thanks to the material on this site. But I’m not clear about the /30 links between devices without having IP routing enabled (hence no L2) and a routing protocol enabled to advertise the next hop adjacencies. I’m really having a hard time with this concept. The information about the “Pure” L2/L3 design makes perfect sense to me until it comes to the /30 link and routing information I mentioned above. Thanks again for taking time to answer my post!
MIke
The blue scenario shows the SVI at DSW1, and no L3 configurations at all on ASW1. The SVI is the default gateway for Host1. This means that all traffic destined outside of Host1’s subnet will traverse ASW1, the trunk, DSW1 and go to the SVI to be routed. Even even broadcast traffic on this subnet will reach both switches, and both switches will have to process that traffic. Notice that the shaded area depicts the extent of the subnet/broadcast domains/network segments.
Alternatively, the grey switches are configured so that the SVI is in the ASW1, which functions as the default gateway of host 1. All broadcast traffic is contained within ASW1, and any traffic destined outside of Host1’s subnet will be routed at ASW1. Note here also that the grey shaded areas show the extent of two separate subnets/broadcast domains/network segments.
Now, you are absolutely correct that for the grey scenario, as the configuration stands, DSW1 will not be able to communicate with Host1. Specifically, 10.10.10.2 will not be able to communicate with 192.168.1.10. This configuration is incomplete, as far as the enterprise network goes. You will require routing (either static or dynamic) so that the 192.168.1.0/24 subnet is learned by all routers within the network, or can be reached via a default route. Now for the specific scenario, if you want to complete routing, then you can configure a static route as @fugazz suggested so that networks on DSW1 can reach Host1’s network, or you can configure a dynamic routing protocol.
Now, concerning the /30 subnet between the two switches, you can think about this as a subnet that is created to connect two devices (point to point). This network could have been /24 and it would still work, but since there are only two hosts on this network (the two switches), you don’t need to use large subnets. You would use /30 subnets whenever you want to conserve IP addresses. If it is not a concern in your topology, then you can use /24 just the same.
Thank you, @fugazz@lagapidis, for the information! I like the piece about the broadcast domains, very helpful, as were both of your explanations. What I misunderstood is I expected no L3 configuration whatsoever on ASW-1. Thank you both again for the help and insight, much appreciated!
The difference between an L2 and L3 Etherchannel configuration is the same as the difference between an L2 and L3 physical port on a switch.
An L2 port on a switch is configured as either an access port or a trunk port, and does not have an IP address assigned to it. It does however have one (access port) or more than one (trunk port) VLANs assigned to it.
An L3 port on a switch can only be configured on an L3 switch. This is a port that functions the same as a router port. It has an IP address assigned to it. This can be configured in a switch by assigning the no switchport command on that interface.
Now when it comes to configuring L3 EtherChannel, the no switchport command should be implemented on the physical interfaces participating in the EtherChannel bundle. However, keep in mind that some IOS versions automatically implement this command whenever you assign an IP address to the portchannel interface.
In your above example, you configured the ports as trunks, however you then assigned an IP address. This will automatically remove the trunk configuration and put no switchport on those interfaces. Take a look at the running configuration of those ports after the implementation of the IP address to verify. This is why you are able to ping once the IP address has been configured.
When I type “no switchport”, it says incomplete command. I am trying to do this in Packet Tracer using 2960 switches. When I questionmark it, these are the options:
The 2960 is a L2 switch that doesn’t support this command. You cannot make a port on this switch function as a layer 3 port. The options you see in the command are used to return any switchport configuration (mode, port security, etc) back to its default by using the no keyword in front.
If you want to apply such a configuration you will have to use either the 3560 or 3650 models in packet tracer which are layer 3 switches and support the no switchport command.
If you have set up an L3 Etherchannel like the one in the lesson, and during its operation, one of the physical links goes down, you should not lose connectivity. You should still be able to ping the other side. That’s one of the advantages of Etherchannel, it delivers both higher throughput, but also reliability.
At the moment when the link goes down, you may experience a momentary loss of connectivity, if that physical link was being used for communication at that moment. However, this should only be momentary, and within a couple of seconds, connectivity should be restored.