Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Enhanced etherswitch interfaces

Hi! I've 3945e with enhanced etherswitch SM-D-ES3G-48P module installed. I can see two interfaces on the router and on the etherswitch module I also have two interfaces to the router. 

Router#sh cdp n
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, 
                  D - Remote, C - CVTA, M - Two-port Mac Relay 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch           Gig 4/0            146             S I   SM-D-ES3G Gig 0/52
Switch           Gig 4/1            143             S I   SM-D-ES3G Gig 0/51


Switch#sh cdp n  
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, 
                  D - Remote, C - CVTA, M - Two-port Mac Relay 

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Router           Gig 0/52          165             R S I  CISCO3945 Gig 4/0
Router           Gig 0/51          141             R S I  CISCO3945 Gig 4/1

How should I treat them? What interface should I use for creating the subinterfaces on the router? Should I make both switch ports trunks? Port-channel them? Seems that only G4/0 and G0/52 are used for thraffic exchange.


The Enhanced EtherSwitch

The Enhanced EtherSwitch module actually allows you to treat its interfaces just like any other switch port, so there's no need to use sub-interfaces like you would on routed interfaces.

To keep things simple, I would configure these ports as an LACP-based EtherChannel at both ends.

As you're using them now, spanning tree protocol will be blocking a port, which explains why traffic is flowing only on G4/0 and G0/52.

New Member

I'm afraid there is something

I'm afraid there is something different here. This two inner interfaces cannot be port-channeled. Moreover I can create subif only on gi4/0 and cannot assign it as a trunk. Vice versa, gi4/1 can be set up as trunk but it can not be set up with subinterfaces:

interface GigabitEthernet4/0.2
 encapsulation dot1Q 2
 ip address

Router(config)#int g4/0
% Unrecognized command

Router(config)#int g4/1.2
% Invalid input detected at '^' marker.

Router(config)#int g4/1   
Router(config-if)#switchport mode trunk 

Router#sh run int g4/1
Building configuration...

Current configuration : 141 bytes
interface GigabitEthernet4/1
 description Internal switch interface connected to Service Module
 switchport mode trunk
 no ip address

Okay... I wasn't thinking

Okay... I wasn't thinking things through on that one. The EtherSwitch is a service module and is going to have its own control console. The Gi4/0 and Gi4/1 interfaces are the virtual interfaces between the router and the EtherSwitch. I was thinking about EtherChannel links from the ESW to an external switch rather than how to handle the virtual interfaces. Sorry about that.

The full documentation for configuring the EtherSwitch and the router can be found here:

In most service modules, you're only going to be using one (Gi4/0) for your interface to the switch. I'm not sure why this one has two and the documentation doesn't mention anything about the second one, but based on the configuration you've posted, it looks like the first one is for management and the second one is for VLAN transit.

With that in mind, I would configure Gi4/0 as your service module interface per the documentation and not worry about sub-interfaces and VLANs on it. Once you have access to the switch module and have configured a common set of VLANs between the router and the switch (VTP would be good to have here even if you don't use them anywhere else) you can see if VLAN interfaces on the router can communicate over the Gi4/1 trunk to the switch.

New Member

Thank you for your reply. I

Thank you for your reply. I was not able to find anything clear about configuring this two inerfaces in the documentation. This is what I've managed to find out myself (from the router itself):

interface Gi4/0 is used for the etherswitch console access (ip address should be assigned to it) and for creating router subinterfaces.

Gi4/1 don't support subinterfaces and seems to be pure L2 port (it does not support IP address and can be converted to pure tunk). And I am also able to create SVI interfaces on the router too.

Seems that when I create subinterfaces the whole communication is done via G4/0 - G0/52 pair of the router and etherswitch. And when I create SVI interfaces on the router the communication is done via Gi4/1 - Gi0/51 pair. 

Seems strange that it is not documented well, all of the above is my own theory. So I've made both etherswitch inner interfaces trunks and use subinterfaces on Gi4/0. Thinking about shutdown G4/1 since I don't use SVI on the router.

I think that using SVI

I think that using SVI interfaces on the router and communicating via the G4/1 interface is the simpler way of going about it, personally. It may also yield better performance than using subinterfaces, too... but that will need to be tested.

New Member

Why do you think it will have

Why do you think it will have better performance? Also I'm not sure LLQ and CBWFQ are supported on SVI (subinterfaces do support them through hierarchical policy)

My thinking is that the

My thinking is that the hardware logic of the switched interface will handle the tagging faster than routed subinterfaces, which have to use the router's functionality to do this... but again, that needs real-world testing.

The LLQ functionality won't work on the SVI, but this leads to another question. Is there a reason you're bringing all of the VLANs back to the router via the virtual gigabit interface? Routing the VLANs within the EtherSwitch and using the routers virtual interface as a transit network (and skipping the VLAN logic at the router entirely) seems more sensible than doing router-on-a-stick with the virtual interface. Any LLQ/CBWFW functions can then be handled using a simple, non-hierarchical policy at that point.

New Member

I see your point that routing

I see your point that routing between the VLANs within the etherswitch will be wire speed but I need to terminate WAN links from the branches (14 10Mbps links) and I also need the appropriate QoS with LLQ and CBWFQ and Netflow on each, so I'm using subinterfaces. 

There are also several VLANs for management purposes which can be terminated on the etherswitch directly but I'm using subinterfaces with HSRP protection just to have similar setup. Here I can use your advice and move them to the etherswitch but since the traffic is low I think it will be fine on subifs too.

That makes sense for low

That makes sense for low-bandwidth traffic. It sounds to me like you've got a good plan.