I am using Arista 7050sx3 for basic VLAN switching.
I have multiple access ports with multiple VLANs. There is one port-channel (consisting of two ethernet interfaces) going to a Juniper router for inter-vlan routing.
I just wanted to confirm what configurations do I need on port-channel going to my router apart from configuring it as trunk
My current setup is not working.. just wondering if there is any other specific encapsulation command to be enabled for this to work.
For basic L2 forwarding, the below two commands should be enough.
switchport mode trunk
Can we confirm if the port-channel has active ports on it? Also you can check the output of #show vlan to confirm if Port-channel is a part of those vlans.
Do we see the MAC address of the Juniper device getting learnt on the port-channel of Arista under #show mac-address table?
Please follow the below steps one by one:
It might be possible that the Arista switch is forwarding the traffic out of the port-channel and getting dropped on the other side. You can confirm if Arista is forwarding the traffic or not using Outbound ACL Counters on the port-channel. See the below example:
Consider the port-channel is Po9 and the source-IP is 22.214.171.124 and destination IP is 126.96.36.199. Create the ACL as below:
ip access-list test
^ Now apply this ACL on the Po9 (which connects to Juniper) in the outbound direction:
Now, check the ACL counter as below:
#show ip access-lists test
^ As you can see in this case, the counter for the flow (Source-188.8.131.52, destination-184.108.40.206) is incrementing which proves packets are getting forwarded out of port-channel9. If it doesn't increment, then it means it is getting dropped on Arista for some reason (which we need to check).
Note: The IP ACL test is useless if ARP is not resolved on Source host (either for it's GW or of another host in same Vlan it is trying to ping). In that case, make sure to configure a static ARP on the source host. If static ARP cannot be programmed, then instead of IP ACL test, we need to do MAC ACL test. Let us know if you need help with that. Also ensure Source host is actually sending traffic.
Thank you everyone!
Apparently, the problem was somewhere else but it was good to know that I did not miss any simple configuration on Arista that caused inter-vlan routing to fail.
Also, since Arista does not capture packets that are simply switched, the idea of creating ACLs by Aniket was something I desperately needed!
Just wanted to let you know, Arista has the following platforms where you can capture packets that are switched/routed in Hardware by mirroring them to CPU, like: 7280R Series, 7500R series, 7020R series, 7160 series and 7150 series
7050 and 7060 series didn't have the mirroring to CPU support for quite some time. But now since the release of EOS-4.24.0F version (and later versions), even these two series (along with few others which didn't have the support before) supports packet mirroring to CPU. Please see the following TOI: Mirror to CPU on 7060 & 7050
Using the feature- "Mirroring to CPU" you can mirror any packet, that is getting switched or routed in the Hardware, to the CPU and capture those packets in the CPU itself. Generally packets that are switched/routed in Hardware will not go to the CPU. It is a great tool for troubleshooting and inspection of packets in the network.
Since issue is resolved we will close this thread.
Post your Answer
You must be logged in to post an answer.