Solved: layer 2 switching on a nexus 5548

Andrew Zirkel · ‎07-02-2014

I have a nexus 5548 with a layer 3 card that will become the "core" of my network. It is replacing a cat 4510r. My goal is to move things over gradually, so I need to extend some vlans over a trunk. I have routing set up to the old core.

The problem is if I create a vlan 60 with no ip, put an interface in a vlan 60 and allow vlan 60 on the trunk, traffic doesn't get to the old core. If I give vlan 60 the default gw ip then I can route to the old core, but that's not what I want.

My question is in NX-OS do you have to disable layer 3 on a vlan or something. What am I missing?

michiel.boland · ‎07-02-2014

The interface name Ethernet100/1/1 would suggest that this is a port behind a Fabric Extender (FEX).

Are you connecting the old core through the FEX?
That's probably not going to work. Fabric Extenders are designed to be connected to edge devices. Any device that speaks STP, like a 4510, immediately puts the interface in an err-disabled state.

What happens if you connect the 4510 to a physical port?

View solution in original post

Reza Sharifi · ‎07-02-2014

Nexus switches work just like the other switches. If you don't have an SVI set up then the vlan is just layer-2.

Are you trying to use the 5548 as a layer-2 switch?

can you provide the config and what port you are using to connect to the 4510?

HTH

Andrew Zirkel · ‎07-02-2014

Thank you for replying. I think these are the relevant portions:

!On the nexus 5548
interface Vlan60
  no shutdown
!trunk
interface Ethernet100/1/1
  description TemporaryOldCoreLink
  switchport trunk allowed vlan 1,60-61
  spanning-tree bpdufilter enable
!access port
interface Ethernet100/1/13
  switchport access vlan 60

!On the 4510
interface Vlan60
 ip address 172.17.16.1 255.255.240.0
 ip pim sparse-dense-mode
!trunk port
interface GigabitEthernet6/31
 description TemporaryLinkToNexus
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,60,61
 switchport mode trunk
 qos trust dscp
 tx-queue 3
   bandwidth percent 33
   priority high
   shape percent 33
end

Just to verify I have the right ports:

Core-Nexus# sh cdp neigh
CORE-4510              Eth100/1/1    178    R S I     WS-C4510R     Gig6/31

I haven't done a lot of in depth trouble shooting. I'm assuming I'm missing something simple.

The nexus has a layer 3 card and I have a default route setup, and that seems to work as expected.

Reza Sharifi · ‎07-02-2014

Hi,

On the Nexus, did you also create the layer-2 vlan

example:

config t

vlan 60

name test_vlan

exit

also, can you delete

spanning-tree bpdufilter enable

and test again?

HTH

Andrew Zirkel · ‎07-02-2014

Yes the vlan was created. I created it again and got the already exists message.

I enabled bpdufilter because the interface was getting disabled, I assume because I also have the management port plugged into that switch.

Reza Sharifi · ‎07-02-2014

ok, on the nexus, can you post the output of "sh vlan id 60"?

Also, can you post "sh interface e100/1/1 trunk"

Andrew Zirkel · ‎07-02-2014

Core-Nexus# sh vlan id 60

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
60   Servers                          active    Eth100/1/12, Eth100/1/13
                                                Eth100/1/14, Eth100/1/15
                                                Eth100/1/16, Eth100/1/17
                                                Eth100/1/18, Eth100/1/19
                                                Eth100/1/20, Eth100/1/21
                                                Eth100/1/22, Eth100/1/23
                                                Eth100/1/24

VLAN Type  Vlan-mode
---- ----- ----------
60   enet  CE

Remote SPAN VLAN
----------------
Disabled

Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------


Core-Nexus# sh int ethernet 100/1/1 trunk

--------------------------------------------------------------------------------
Port          Native  Status        Port
              Vlan                  Channel
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Port          Vlans Allowed on Trunk
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Port          Vlans Err-disabled on Trunk
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Port          STP Forwarding
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Port          Vlans in spanning tree forwarding state and not pruned
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Port          Vlans Forwarding on FabricPath
--------------------------------------------------------------------------------

The output of that last command looks empty.

Reza Sharifi · ‎07-02-2014

Interface 100/1/1 does not show up under vlan 60.

try this:

interface Ethernet100/1/1
  description TemporaryOldCoreLink
switchport mode trunk
  switchport trunk allowed vlan 60

and then check vlan id 60 again

Andrew Zirkel · ‎07-02-2014

It is in the original config I posted. I did re-add the vlans and same result. I can ping from the switch if I put an ip on the vlan 60 interface, but otherwise I can't get there. Seems like traffic for that vlan is not passing over that trunk link but I can't figure out why.

Reza Sharifi · ‎07-02-2014

Can you try a different port?

also, how come the naming convention starts with 100

usually for nexus 5k it starts with 1

e1/5 or 1/10, etc..

Alan Dunne · ‎07-02-2014

Try connecting the 4510 direct to the Nexus 5548. e100/1/1 looks like a FEX interface.

michiel.boland · ‎07-02-2014

The interface name Ethernet100/1/1 would suggest that this is a port behind a Fabric Extender (FEX).

Are you connecting the old core through the FEX?
That's probably not going to work. Fabric Extenders are designed to be connected to edge devices. Any device that speaks STP, like a 4510, immediately puts the interface in an err-disabled state.

What happens if you connect the 4510 to a physical port?

Andrew Zirkel · ‎07-03-2014

I can try that when I get back on Monday. That interface is on a fex, which I should have made clear initially. It seems like it should work. The interface did err-disable so I enabled bpdufilter. I've seen reports of trunks to switches working on fex interfaces.

Andrew Zirkel · ‎07-07-2014

That was the issue. Apparently you can't do a trunk over a fex port. Although there are reports that it can work, it doesn't in my setup.

Thanks for the help everyone.