[c-nsp] L3 vs. L2 trunk connections to a 6509 core. Easyrouter-head question.

Mon Apr 14 15:29:55 EDT 2008

>From your quote you indicate that there are ports configured on VLAN 8

"do you think that the local V8 traffic on the 3560
is being routed via VLAN1 in contrast to being tagged and forwarded as
VLAN8 via the trunk to the core"

However, I don't see them in your posted configurations. My previous comments should explain why you cannot switch traffic from VLAN 8 on the 3560 back to the core on the trunk though.

HTH

mike

-----Original Message-----
From: Grant Moerschel [mailto:gm at wavegard.com]
Sent: Monday, April 14, 2008 3:18 PM
To: Mike Louis; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] L3 vs. L2 trunk connections to a 6509 core. Easyrouter-head question.

6509 core switch Layer 2 Sup1a config:

6509_core_switch> (enable) sho run
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default
configurations.
.................
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Mon Apr 14 2008, 13:44:21 EDT
!
#version 7.6(17)
!
.... some items removed ....
set msfcautostate disable
set password
set enablepass
!
#errordetection
set errordetection inband disable
set errordetection memory disable
!
#system
set system name  6509_core_switch
set system location 10th floor computer room
!
#frame distribution method
set port channel all distribution mac source
!
#snmp
set snmp trap enable  module
set snmp trap enable  chassis
set snmp trap enable  bridge
set snmp trap enable  vtp
set snmp trap enable  vlancreate
set snmp trap enable  vlandelete
set snmp trap enable  auth
set snmp trap enable  entityfru
set snmp trap enable  ippermit
set snmp trap enable  vmps
set snmp trap enable  entity
set snmp trap enable  config
set snmp trap enable  stpx
set snmp trap enable  syslog
set snmp trap enable  system
set snmp trap enable  envfan
set snmp trap enable  envshutdown
set snmp trap enable  envpower
set snmp trap enable  envtemp
set snmp trap enable  envstate
set snmp trap enable  flashinsert
set snmp trap enable  flashremove
set snmp trap enable  macnotification
!
#vtp
set vtp domain (removed)
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 8 name vlan8 type ethernet mtu 1500 said 100008 state active
set vlan 9 name vlan9 type ethernet mtu 1500 said 100009 state active
set vlan 10 name vlan10 type ethernet mtu 1500 said 100010 state active
set vlan 11 name vlan11 type ethernet mtu 1500 said 100011 state active
set vlan 12 name vlan12 type ethernet mtu 1500 said 100012 state active
set vlan 13 name vlan13 type ethernet mtu 1500 said 100013 state active
set vlan 14 name vlan14 type ethernet mtu 1500 said 100014 state active
set vlan 100 name vlan100 type ethernet mtu 1500 said 100100 state
active
set vlan 480 name vlan480 type ethernet mtu 1500 said 100480 state
active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state
active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004
state active stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
active stp ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003
state active mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set feature mdg disable
set interface sc0 1 172.16.1.1/255.255.240.0 172.16.15.255

set interface sc1 0 0.0.0.0/0.0.0.0 0.0.0.0

set interface sc1 down
set ip route 0.0.0.0/0.0.0.0         172.16.0.1
set ip route 10.1.30.0/255.255.255.0   172.16.0.1
!
#dns
set ip dns server 172.16.3.25
set ip dns server 172.16.3.26 primary
set ip dns enable
set ip dns domain removed.com
!
#spantree
#portfast
set spantree global-default bpdu-guard enable
#vlan parameters
set spantree priority 100    1
set spantree priority 100    8
set spantree priority 100    9
set spantree priority 100    10
set spantree priority 100    11
set spantree priority 100    12
set spantree priority 100    13
set spantree priority 100    14
set spantree priority 100    480
!
#syslog
set logging server enable
set logging server 172.16.3.100
set logging level ethc 2 default
set logging level gl2pt 2 default
set logging server severity 6
!
#ntp
set ntp client enable
set ntp server 172.16.3.26
set timezone removed 0
set summertime enable removed
set summertime recurring second Sunday March 02:00 second Sunday
November 02:00 60
!
#set boot command
set boot config-register 0x2102
set boot system flash bootflash:cat6000-supk9.7-6-17.bin
set boot system flash slot0:cat6000-supk9.7-6-17.bin
!
#permit list
set ip permit enable ssh
set ip permit enable snmp
set ip permit 10.16.0.0 255.255.0.0 ssh
set ip permit 172.16.0.0 255.240.0.0 ssh
set ip permit 172.16.3.5  snmp
!
#igmp
set igmp disable
!
#mls
set mls nde version 8
!
#qos
set qos enable
set qos wrr 2q2t 5 255
set qos wrr 1p2q2t 5 255
set qos wred 1p2q2t tx queue 1 40:80 70:100
set qos wred 1p2q2t tx queue 2 40:80 70:100
!
#port channel
set port channel 3/1-4 31
set port channel 3/5-8 32
set port channel 3/9-12 33
set port channel 3/13-16 34
set port channel 3/17-20 35
set port channel 3/21-24 36
set port channel 3/25-28 37
set port channel 3/29-32 38
set port channel 3/33-36 39
set port channel 3/37-40 40
set port channel 3/41-44 41
set port channel 3/45-48 42
set port channel 4/1-4 43
set port channel 4/5-8 44
set port channel 4/9-12 45
set port channel 4/13-16 46
set port channel 4/17-20 47
set port channel 4/21-24 48
set port channel 4/25-28 49
set port channel 4/29-32 50
set port channel 4/33-36 51
set port channel 4/37-40 52
set port channel 4/41-44 53
set port channel 4/45-48 54
set port channel 2/1-4 61
set port channel 2/5-8 62
set port channel 2/9-12 63
set port channel 2/13-16 64
set port channel 9/37-38 830
!
#crypto key
set crypto key rsa 1024
!
# default port status is enable
!
!
#module 1 : 2-port 1000BaseX Supervisor
set port trap       1/1-2  enable
!
#module 2 : 16-port 1000BaseT Ethernet
set vlan 480  2/4
set port trap       2/1-16  enable
clear trunk 2/1  2-8,10-99,101-1005,1025-4094
set trunk 2/1  on dot1q 1,9,100
clear trunk 2/3  2-11,13-99,101-1005,1025-4094
set trunk 2/3  on dot1q 1,12,100
clear trunk 2/5  2-7,9-99,101-1005,1025-4094
set trunk 2/5  on dot1q 1,8,100
clear trunk 2/6  2-8,10-1005,1025-4094
set trunk 2/6  on dot1q 1,9
clear trunk 2/8  2-7,9-1005,1025-4094
set trunk 2/8  on dot1q 1,8
clear trunk 2/9  2-7,9-99,101-1005,1025-4094
set trunk 2/9  on dot1q 1,8,100
clear trunk 2/11 2-7,9-99,101-1005,1025-4094
set trunk 2/11 on dot1q 1,8,100
clear trunk 2/16 2-13,15-99,101-1005,1025-4094
set trunk 2/16 on dot1q 1,14,100
set spantree portfast    2/1-10,2/16 disable
set spantree portfast    2/11-15 enable
!
#module 3 : 48-port 10/100BaseTX Ethernet
set vlan 480  3/4
set port speed      3/16,3/44  100
set port duplex     3/16,3/44  full
set port trap       3/1-48  enable
clear trunk 3/3  2-7,15-1002
set trunk 3/3  on dot1q 1,8-14,1003-1005,1025-4094
set spantree portfast    3/1-48 enable
!
#module 4 : 48-port 10/100BaseTX Ethernet
set port speed      4/6  10
set port speed      4/7,4/9-10,4/16,4/24,4/44-46,4/48  100
set port duplex     4/7,4/9-10,4/16,4/24,4/44-46,4/48  full
set port trap       4/1-48  enable
set trunk 4/2  off negotiate 1-1005,1025-4094
set spantree portfast    4/1,4/3-12 disable
set spantree portfast    4/13-48 enable
!
#module 5 : 48-port 10/100BaseTX Ethernet
set port speed      5/38-39,5/47-48  100
set port duplex     5/38-39,5/47-48  full
set port trap       5/1-48  enable
!
#module 6 empty
!
#module 7 empty
!
#module 8 : 16-port 1000BaseT Ethernet
set port trap       8/1-16  enable
clear trunk 8/1  2-8,10-1005,1025-4094
set trunk 8/1  on dot1q 1,9
clear trunk 8/2  2-11,13-99,101-1005,1025-4094
set trunk 8/2  on dot1q 1,12,100
clear trunk 8/3  2-11,13-99,101-1005,1025-4094
set trunk 8/3  on dot1q 1,12,100
clear trunk 8/4  2-8,10-1005,1025-4094
set trunk 8/4  on dot1q 1,9
clear trunk 8/6  2-13,15-99,101-1005,1025-4094
set trunk 8/6  on dot1q 1,14,100
clear trunk 8/10 2-11,13-99,101-1005,1025-4094
set trunk 8/10 on dot1q 1,12,100
clear trunk 8/11 2-11,13-99,101-1005,1025-4094
set trunk 8/11 on dot1q 1,12,100
!
#module 9 : 48-port 10/100/1000BaseT Ethernet
set vlan 20   9/7
set port speed      9/7,9/18  100
set port speed      9/6,9/20,9/22,9/27-28 1000
set port duplex     9/7,9/18  full
set port trap       9/1-48  enable
clear trunk 9/3  2-7,9-99,101-1005,1025-4094
set trunk 9/3  on dot1q 1,8,100
clear trunk 9/13 2-8,10-1005,1025-4094
set trunk 9/13 on dot1q 1,9
clear trunk 9/17 2-7,9-99,101-1005,1025-4094
set trunk 9/17 on dot1q 1,8,100
clear trunk 9/28 2-9,11-99,101-1005,1025-4094
set trunk 9/28 on dot1q 1,10,100
set trunk 9/37 off dot1q 1-1005,1025-4094
set trunk 9/38 off dot1q 1-1005,1025-4094
clear trunk 9/47 2-8,10-1005,1025-4094
set trunk 9/47 on dot1q 1,9
clear trunk 9/48 2-11,13-99,101-1005,1025-4094
set trunk 9/48 on dot1q 1,12,100
set spantree portfast    9/37-38 enable
set port qos 9/6,9/16,9/18,9/20,9/22,9/27-28 trust trust-dscp
set port channel 9/37-38 mode off
!
#module 15 : 1-port Multilayer Switch Feature Card
!
#module 16 empty
end

-----Original Message-----
From: Mike Louis [mailto:MLouis at nwnit.com]
Sent: Monday, April 14, 2008 1:17 PM
To: Grant Moerschel; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] L3 vs. L2 trunk connections to a 6509 core.
Easyrouter-head question.

Can you post your relevant configs from both sides 6500 and 3560?

-----Original Message-----
From: Grant Moerschel [mailto:gm at wavegard.com]
Sent: Monday, April 14, 2008 1:15 PM
To: Mike Louis; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] L3 vs. L2 trunk connections to a 6509 core.
Easyrouter-head question.

The only SVI configured on the 3560 is the VLAN1 interface. Is this
incorrect?  My assumption was that the V1 SVI, a default route for V1,
and "no ip routing" was all that was needed but when I did that I
couldn't talk with the other VLANs on the switch.  I may have overlooked
something.

Given my description of the 3560 (routing on, one SVI for VLAN1, one
trunk to the core), do you think that the local V8 traffic on the 3560
is being routed via VLAN1 in contrast to being tagged and forwarded as
VLAN8 via the trunk to the core?

-----Original Message-----
From: Mike Louis [mailto:MLouis at nwnit.com]
Sent: Monday, April 14, 2008 12:11 PM
To: Grant Moerschel; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] L3 vs. L2 trunk connections to a 6509 core.
Easyrouter-head question.

If you are going to use the 3560 as a L2 switch you can disable ip
routing. You will need to define a management interface and
default-gateway for the management vlan on the switch only. All VLANs
including management will be L2 only. Do not configure VLAN SVI if you
only want to use the 3560 as a layer 3 switch. Did you configure EIGRP
on the 3560 as well? If so that may be why you are getting routing
information via VLAN 3 to the 6509.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Grant Moerschel
Sent: Monday, April 14, 2008 11:45 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] L3 vs. L2 trunk connections to a 6509 core. Easy
router-head question.

I am trying to determine what is normal here.  This is the situation. I
have a 6509 Sup1a/MSFC2 running the latest CatOS/IOS for that hardware.
I run EIGRP. I have several VLANs on the core and use VTP.  When I trunk
a 2950 L2 switch to the core I specify VTP on the 2950. No problem. All
VLANs show up on the 2950.  For our eighth floor, for example, I trunk
V1, V8, and V100 and clear all other VLANs from the trunk. V100 is for
Voice and V8 is for most PCs for Data.  My assumption is that if an
access port is "switchport access vlan 8" and the PC is plugged in to
that port, he's on V8. To get off that broadcast network to some other
destination, he hits the gateway which is the L3 interface on the core
6509 MSFC2.  I get all this.

Here's the question.  If my access switch is a 3560 which is a Layer 3
switch, it seems that I have to have it participate in EIGRP to make it
work.  But this does not make sense because for this application I still
have a single trunk to the core from the 3560. If I trunk V1, V10, and
V100 from the 3560 to the 6509, doesn't communication just go down the
trunk to the 6509 L3 gateway?  For example, if my PC is on a 3560 V10
port and needs to hit something on V8, shouldn't the 3560 forward the
frame down the trunk to the 6509 which'll route onto V8, up V8's trunk
to that access switch and forward it out to the destination?   If I look
at my routes on the 3560, they all say "to get to V10 you must go
through the 6509 V1 layer 3 interface" (I hope that makes sense).

Should I turn off "ip routing" on the 3560 in order to mimic the setup
of the 2950 <----> 6509 trunk link?  What am I missing?

Thanks

~~~~
Grant P. Moerschel
WaveGard, Inc.
gm -at- wavegard -dot- com
~~~~

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Note: This message and any attachments is intended solely for the use of
the individual or entity to which it is addressed and may contain
information that is non-public, proprietary, legally privileged,
confidential, and/or exempt from disclosure.  If you are not the
intended recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify the
original sender immediately by telephone or return email and destroy or
delete this message along with any attachments immediately.

Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.