Posted on July 28, 2020 9:59 am
 |  Asked by Duc Le
 |  100 views
0
0
Print Friendly, PDF & Email

Hi,

I have this MLAG topology below and the configure below.

I would like to run multiple connections on each L3 link from MLAG peers to Routers. And I don’t want to use different cables for it. But instead use different vlans on each link for each connection. However because of MLAG, ping from Router 1 to Switch 2 via the VLAN does not work.

Can someone explain why and how to overcome this. Thanks alot

Here is my configuration:

#switch-1#
int e1
switchport mode trunk
switch trunk allowed vlan 10,20
int vlan 10
ip address 10.10.10.1/30
int vlan 20
ip address 20.20.20.1/30

#switch-2#
int e1
switchport mode trunk
switch trunk allowed vlan 30,40
int vlan 30
ip address 30.30.30.1/30
int vlan 40
ip address 40.40.40.1/30

#router-1#
int e1
switchport mode trunk
switch trunk allowed vlan 10,20
int e2
switchport mode trunk
switchport trunk allowed vlan 30,40
int vlan 10
ip address 10.10.10.2/30
int vlan 20
ip address 20.20.20.2/30
int vlan 30
ip address 30.30.30.2/30
int vlan 40
ip address 40.40.40.2/30

Attachments:
0
Answered on July 28, 2020 12:25 pm

Since the switches are in MLAG, it essentially means they will be acting as one logical layer 2 device (this means that protocols such as LACP and spanning-tree will behave like both chassis as the same system). By design, both MLAG peers should have the same vlan, LACP, STP, etc. configs.

Considering that the router also is behaving more like a typical switch having layer 2 tagged ports, most likely a spanning-tree loop is being detected and some of the ports are being blocked.

One potential option could be to use different spanning-tree instances for each VLAN and use allowed trunk list/trunk group configuration to specify which interfaces should carry each group of VLANs.

Another potential alternative could be to configure its interfaces as routed tagged subinterfaces (assuming the upstream devices support this feature).

1
Posted by Vikram
Answered on July 28, 2020 6:12 pm

Hi Duc,

Your configs do not indicate that you are using mlag. What I mean to say is that your switches might have a peer-link and other interfaces in mlag but based on the config you have included it does not show Eth1 and Eth2 on your switches configured for MLAG.

Based on current information provided it seems like this is point to point vlan setup since you seem to be explicitly allowing only the respective vlan on the trunks towards the switches. i.e Sw1-et1 only allows vlan 10 and 20 and Sw2-et1 only allows vlan 30 and 40 so this should work.

As Diego mentioned earlier because your switches are operating as MLAG there are some global considerations that would affect non-mlag ports as well from a spanning-tree perspective. i.e you have to ensure that your vlan exists on both switches. For eg. in this case lets assume hypothetically if Switch1 is the MLAG Primary and Switch2 is the MLAG secondary and if you have only created Vlan 30,40 on Switch 2 then Vlan30 and Vlan40 will not be active and that might explain why your ping is failing.

Ideally, it would be best to include the show tech from all your devices so we don't have to go back and forth on output but if that is not possible then could you please provide the following details at the very minimum

1) Can you please update the diagram to indicate which VLANs are traversing which links between the Routers and switches?

2) Entire configs for all your devices (Switch 1, Switch 2, Router 1 and Router 2)

3) Output of the following commands from both switches (switch 1 and switch2)

a) show vlan
b) show mlag detail
c) show mlag config-sanity
d) show spanning-tree vlan 10-40 (from all devices including the Routers)

4) Could you please post the output of your ping failure? Would like to see what is failing exactly

Alternatively, please go ahead and open a case with support@

HTH

0
Posted by Roberto Salazar
Answered on July 28, 2020 7:21 pm

I suggest checking the spanning-tree status of those links to the routers in your topology, make sure they are in forwarding state, if not, then we have to figure out why they are in blocking state.  Those ports will participate in STP since they are L2 ports.

0
Posted by Alexis Dacquay
Answered on August 3, 2020 6:23 pm

If switch 1 and switch 2 are supposed to form an MLAG but they have different VLAN configuration, then that is a wrong start.

If your asymmetry is by design, then reconsider how the VLAN 30,40 traffic would have to trombone to reach SW2.

These links could be just L3 routed port, it would be simpler, no?

 

MLAG basic configuration: https://eos.arista.com/mlag-basic-configuration/

MLAG advanced configuration: https://eos.arista.com/mlag-advanced-configuration/

 

These should guide you in the right direction about MLAG.

 

However, I think it would be worth talking a bit more about the rest of the design too.

Are you available to talk?

 

 

Regards,

Alexis

Post your Answer

You must be logged in to post an answer.