Link to home
Start Free TrialLog in
Avatar of myfootsmells
myfootsmells

asked on

Configure Cisco Layer 3 Switch Virtual Interface Routing + EtherChannel

Going to do my best to describe the issue.  See attached network map.  The green is what I'm trying to add to my network.  The goal is so my 10.10.0.1/24 and 10.10.1.1/24 can access my 10.0.0.1/16 network (and vice versa) and of course Internet access on all the subnets.

 User generated image
My servers (10.0.0.1, 10.0.0.2) are currently connected to the Cisco L2 switch with no VLANs configured.  The Cisco L2 switch is connected to Cisco 4500-1 which is connected to ASA.

I added another Cisco 4500-2 and have etherchannel configured so it connects to Cisco 4500-1.  Connected my two Cisco 2960-X to 4500-1 and setup trunking, vlans, etc.  What I'm having a hard time figuring out is configuring the etherchannel properly.  Here are the commands I've used:

Cisco L2 Switch (same configuration for both switches)

!  Create VLANs 200
Layer2-Switch# configure terminal
Layer2-Switch(config)# vlan 200
Layer2-Switch(config-vlan)# end

!  Assign Port Gi1/1 in VLAN 200
Layer2-Switch(config)# interface Gi1/1
Layer2-Switch(config-if)# switchport mode access
Layer2-Switch(config-if)# switchport access vlan 200
Layer2-Switch(config-if)# end

!  Create Trunk Port Te1/1
Layer2-Switch(config)# interface Te1/1
Layer2-Switch(config-if)# switchport mode trunk
Layer2-Switch(config-if)# switchport trunk native vlan 200
Layer2-Switch(config-if)# end
 

Cisco Layer 3 Switch

! Enable Layer 3 routing
Layer3-Switch(config) # ip routing

!  Create VLANs 200 and 210 in the switch database
Layer3-Switch# configure terminal
Layer3-Switch(config)# vlan 200
Layer3-Switch(config-vlan)# end
Layer3-Switch(config)# vlan 210
Layer3-Switch(config-vlan)# end

!  Create Trunk Ports Te1/3 Te1/4
Layer3-Switch(config)# interface Te1/3
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport switchport access vlan 200
Layer3-Switch(config-if)# switchport trunk native vlan 200
Layer3-Switch(config-if)# exit

Layer3-Switch(config)# interface Te1/4
Layer3-Switch(config-if)# switchport mode trunk
Layer3-Switch(config-if)# switchport switchport access vlan 210
Layer3-Switch(config-if)# switchport trunk native vlan 210
Layer3-Switch(config-if)# end

!  Configure Switch Vlan Interfaces (SVI)
Layer3-Switch(config)# interface vlan200
Layer3-Switch(config-if)# ip address 10.10.0.1 255.255.255.0
Layer3-Switch(config-if)# no shut

Layer3-Switch(config)# interface vlan210
Layer3-Switch(config-if)# ip address 10.10.1.1 255.255.255.0
Layer3-Switch(config-if)# no shut

!  Configure default route towards ASA firewall
Layer3-Switch(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.250

! Configure Etherchannel on Cisco 4500-2
Layer3-Switch(config)# int range Te1/1 - 2
Layer3-Switch(config-if-range)# no switchport
Layer3-Switch(config-if-range)# no ip address
Layer3-Switch(config-if-range)# channel-group 4 mode active
Layer3-Switch(config)# int channel-group 4
Layer3-Switch(config-if)# ip address 10.0.0.240 255.255.0.0

! Configure Etherchannel on Cisco 4500-1
Cisco-4500-1-Switch(config)# int range Te1/7 - 8
Cisco-4500-1-Switch(config-if-range)# no switchport
Cisco-4500-1-Switch(config-if-range)# no ip address
Cisco-4500-1-Switch(config-if-range)# channel-group 4 mode active
Cisco-4500-1-Switch(config)# int channel-group 4
Cisco-4500-1-Switch(config-if)# ip address 10.0.0.241 255.255.0.0

Sorry if this is unclear.
ASKER CERTIFIED SOLUTION
Avatar of rowansmith
rowansmith
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of myfootsmells
myfootsmells

ASKER

What is the ip address for?  And what subnet does the IP address need to be on?  Does it have to be 10.0.0.240 and 241 can it be another private IP range like 172.x.x.x?
Avatar of rowansmith
rowansmith
It can be any range you want.

As per your original configuration you have it set up as a Layer 3 interface, I have used the same IP addresses that you provided.  Now that I look at your diagram more closely I can see that these overlap with vlan 1 on the top left switch.

Do you want it to be a Layer 2 interface or do you want it to be a routed connection between the two 4500's.

The diagram implies that you want 4 collision domains:
Vlan 1 - 10.0.0.0/16 (top left)
Vlan 200 - 10.10.0.0/24 (bottom left)
Vlan 210 - 10.10.1.0/24 (bottom right)
finally;
the interconnect between the two 4500's is effectively another collision domain, in this case 10.0.0.0/16 which of course overlaps with VLAN1 so this won't work.

If you want a routed connection between the two bottom and top 4500s then you could use another subnet, eg, 10.255.0.0/24, alternatively if you don't want a routed network between the two 4500's then you can change the port-channels to Layer 2 trunks and extend VLAN 200 and VLAN 210 up to the top 4500.

In the second model (vlan trunks) the bottom 4500 will have no SVIs configured (unless you want one for management).

Let me know what it is you're trying to achieve.
Avatar of Don Johnston
Don Johnston
Flag of United States of America image
Couple of issues/questions.

1) You're using VLAN 200 for hosts and as the native VLAN.  This is strongly discouraged unless the trunk is connected to a phone.  Suggest using an unused VLAN for the native VLAN.

2) You're making the link between the 4500's a layer-3 link. No problem doing this  (personally, I would let the 4500-1 switch do the routing and make it a layer-2 link).  But the address you're assigning to the link (10.0.0.241/24) would appear to overlap with the VLAN 1 address (10.0.0.0/16).  Is this correct?  Can you post the full configs (sanitized) for these switches? And please use the "code" feature when posting.