how to combine layer2 and layer3 on a single port

cancel
Showing results for 
Search instead for 
Did you mean: 

how to combine layer2 and layer3 on a single port

L2 Linker

5050 at ver 6.1.9

Hello all!  You may want to sit down for this one. We have a core router that conects to a single layer 3 10GB port on a 5050 as the internet gateway.  The 5050 also has several server netwks attached via 1gb ports. Again these ports are layer 3 and act as the gateway for these networks.. All connections on the 5050 are now layer 3 interfaces. We are trying to migrate away from our current ISP connection on the 5050 to new connections off of the core router and we are looking at migrating our existing servers from 1gb to 10gb thru the core routers.  All the while allowing the 5050 to examine traffic. 1)  We would like to keep this 10gb port on the 5050 as a default route.  2) We would like to extend the existing 5050 server netwks back down to the core router via the same 10gb pipe, where we will connect servers with 10gb connections within the core.   3)  We are migrating away from the existing wan connection on the 5050.  With that said our intention is to use policy routing to route certain users onto a new layer three vlan (new default route)  that would exist on that same 10gb pipe.  That ntwk will be passed as layer 2 traffic thru the core router to other ISP's. So in a nutshell I need to create the server vlans with two ports each,  one port for the existing 1gb srvr farm off the 5050 and another port (the 10gb port) that will be used by multiple vlans. Now when you stop laughing,  is this at all possible and if it is can you point me to a step by step in creating these interfaces.

thnks in advance

walt

 

 

 

 

12 REPLIES 12

L5 Sessionator

L5 Sessionator

Don't think you can combine L2 and L3 on same port. For your scenario I'd say maybe try this: make 10 GB connection L2 trunk and move the IP (and other L3 settings) you had on this interface to a loopback on PA. Just a (crazy) idea tho, not sure it will work.

 

 

Looking at the document I don't see an answer for my requested network design or I'm just missing it.  The document seems to be written for an earlier version of PA code so the screen shots don't correlate to what I see when I web in to the 5050.

Here is information on how we accomplish this layer 2 and layer 3 connections on a single port on our cores.  It may help clarify what I am trying to accomplish with the 5050 and whether it can be done.

Notice port tg.2.3 is used for multiple L3 vlans (as a trunk port).  Also notice that port ge.4.4 (server port) is untagged in same 749 vlan as the tagged trunk port tg.2.3.

 

thnks again

walt

 

DCCC_S4_Core1(rw)->show ip int vlan.0.749

vlan.0.749 is Operationally up, Administratively up

   IP Address 172.31.149.3 Mask 255.255.255.0

  

   DCCC_S4_Core1(rw)->show vlan stat 749

VLAN     : 749         Status     : Enabled                

FID    : 749         Name       : EMPLOYEE_4215_ITSTAFF  

VLAN Type: Permanent Last Change: 2015-06-19 10:41:42    

Egress Ports:

tg.2.3;ge.4.2,4

Forbidden Egress Ports:

None.

Untagged Ports:

ge.4.4

 

DCCC_S4_Core1(rw)->show ip int vlan.0.849

vlan.0.849 is Operationally up, Administratively up

   IP Address 10.200.149.3 Mask 255.255.255.0

 

DCCC_S4_Core1(rw)->show vlan stat 849

VLAN     : 849        Status     : Enabled                

FID     : 849         Name       : STUDENT_4215_ITSTAFF    

VLAN Type: Permanent Last Change: 2015-06-19 10:41:42    

Egress Ports:

tg.2.3;ge.4.2

Forbidden Egress Ports:

None.

Untagged Ports:

None

 

 

So by lack of responses I assume this has not been/cannot be done.....  A layer 3 routed interface that is presented to multiple layer 2 ports as a tagged vlan.  We have two core switch/routers each with its own connection back to a single PA5050.  The purpose is to allow vm servers that have two connections, one in each core switch availability to the same network depending on the server interface that is active. A single ip address is used per server.

 

thnks in advance

walt

Hello,

Would you be able to provide a simple diagram of the physical connections and intended traffic flow? This would make it easier for the rest of us to provide some feedback.

 

Regards,

ADDED the HOOK.   So by lack of responses I assume this has not been/cannot be done.....  A layer 3 routed interface that is presented to multiple layer 2 ports as a tagged vlan.  These physical ports would carry multiple tagged layer 3 vlans.  We have two core switch/routers each with its own connection back to a single PA5050.  The purpose is to allow vm servers that have two connections, one in each core switch availability to the same network depending on the server interface that is active. A single ip address is used per server.  These servers have multiple vlans on each connection which are application specific.

 

thnks in advance

walt

I think this is possible, but a diagram would support my theory if I am understanding you correctly.

 

What I ahve done in the past is make sub-interfaces all layer2 and the VLANs as layer3. This way I could send multiple vlans down the same wire and still hav routing/zone control.

 

I hope that makes sense.

PA5050_VLANSTOCORES.png

Hope that helps to show what we are trying to accomplish.  We want the vlan traffic examined by the PA 5050 before it reaches the servers.  Right now some of the vlans are routed by the cores and now passed through the PA 5050.

 

thnks in advance

walt

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!