How to configure X series tagged LACP Links connected to Cisco switches

book

Article ID: 167822

calendar_today

Updated On:

Products

XOS

Issue/Introduction

This solution describes a configuration example between X-Series security switches and Cisco Ethernet switches using VLAN tagged interfaces.Some customers want to reduce the number of VLANs sent to the Crossbeam chassis by selecting the most appropriate VLANs that are used on an Ethernet trunk. 


Sample Network Diagram
User-added image

Cause

This article explains how Crossbeam and Cisco should be configured to work with LACP.

Resolution

The Cisco device requires that the management VLAN be advertised to the trunk in order to send the LACPDU. At that point, the VLAN 1 is required on the trunk. The sample configuration may become something such as:

Cisco Side

interface Port-channel1
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 1
   switchport trunk allowed vlan 2,3
   switchport mode trunk
   no ip address
!
interface GigabitEthernet1/2
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 1
   switchport trunk allowed vlan 2,3
   switchport mode trunk
   no ip address
   spanning-tree portfast trunk
   channel-protocol lacp
   channel-group 1 mode passive
!
interface GigabitEthernet3/4
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 1
   switchport trunk allowed vlan 2,3
   switchport mode trunk
   no ip address
   spanning-tree portfast trunk
   channel-protocol lacp
   channel-group 1 mode passive



Crossbeam side

circuit testgrp
   device-name testgrp
   vap-group testvapgroup

circuit vlan2
   device-name vlan2
   default-egress-vlan-tag 2 hide-vlan-header
   vap-group testvapgroup
     ip-forwarding
     ip 192.168.1.1 255.255.255.0

circuit vlan3
   device-name vlan3
   default-egress-vlan-tag 3 hide-vlan-header
   vap-group testvapgroup
     ip-forwarding
     ip 192.168.2.1 255.255.255.0

group-interface testgrpint
   mode multi-link circuit testgrp
   interface-type gigabitethernet
   interface 1/1
   interface 2/2
   logical vlan2 ingress-vlan-tag 2 2
     circuit vlan2
   logical vlan3 ingress-vlan-tag 3 3
     circuit vlan3

Workaround

N/A

Attachments