MLAG VRRP Member Switch Connection

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Good Evening,

I was testing a MLAG/VRRP setup today and couldn't get a member switch LAG to connect to the two cores.  The two cores seem to be working correctly, they are able to ping each other and the VRRP address that is configured.  When I do a "show mlag peer" they see each other just fine.  

When I added a member switch and connected a lacp LAG from the member switch to each of the cores, the links light up but there doesn't seem to be any traffic flowing.  Do the following configs look correct?

Core Switch 1

configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-64
configure vr VR-Default add ports 1:1-64
configure vlan default delete ports 1:1-64
create vlan "isc"
configure vlan isc tag 4090
create vlan "Switch-MGMT"
configure vlan Switch-MGMT tag 2

enable sharing 1:49 grouping 1:49,1:53 algorithm address-based L2 lacp
configure vlan isc add ports 1:49 tagged  
configure vlan Switch-MGMT add ports 1:1,1:49 tagged  
configure vlan isc ipaddress 192.168.99.253 255.255.255.252
configure vlan Switch-MGMT ipaddress 10.10.0.2 255.255.252.0
enable ipforwarding vlan Switch-MGMT

create vrrp vlan Switch-MGMT vrid 2
configure vrrp vlan Switch-MGMT vrid 2 priority 200
configure vrrp vlan Switch-MGMT vrid 2 preempt delay 5
configure vrrp vlan Switch-MGMT vrid 2 fabric-routing on
configure vrrp vlan Switch-MGMT vrid 2 add 10.10.0.1
enable vrrp vlan Switch-MGMT vrid 2

create mlag peer "x670_Bottom" 
configure mlag peer "x670_Bottom" ipaddress 192.168.99.254 vr VR-Default 
enable mlag port 1:1 peer "x670_Bottom" id 1
 
Core Switch 2
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-64
configure vr VR-Default add ports 1:1-64
configure vlan default delete ports 1:1-64

create vlan "isc"
configure vlan isc tag 4090
create vlan "Switch-MGMT"
configure vlan Switch-MGMT tag 2

enable sharing 1:49 grouping 1:49,1:53 algorithm address-based L2 lacp
configure vlan isc add ports 1:49 tagged  
configure vlan Switch-MGMT add ports 1:1,1:49 tagged  
configure vlan isc ipaddress 192.168.99.254 255.255.255.252
configure vlan Switch-MGMT ipaddress 10.10.0.3 255.255.252.0
enable ipforwarding vlan Switch-MGMT

create vrrp vlan Switch-MGMT vrid 2
configure vrrp vlan Switch-MGMT vrid 2 fabric-routing on
configure vrrp vlan Switch-MGMT vrid 2 add 10.10.0.1
enable vrrp vlan Switch-MGMT vrid 2

create mlag peer "x670_Top" 
configure mlag peer "x670_Top" ipaddress 192.168.99.253 vr VR-Default 
enable mlag port 1:1 peer "x670_Top" id 1 

Member Switch

configure vlan default delete ports all
configure vr VR-Default delete ports 1-54
configure vr VR-Default add ports 1-54
configure vlan default delete ports 1-54

create vlan "Switch-MGMT"
configure vlan Switch-MGMT tag 2
configure ports 49 auto off speed 10000 duplex full 
configure ports 50 auto off speed 10000 duplex full 
configure ports 51 auto off speed 10000 duplex full 
configure ports 52 auto off speed 10000 duplex full 
enable sharing 49 grouping 49-50 algorithm address-based L2 lacp
configure vlan Switch-MGMT add ports 49 tagged  
configure vlan Switch-MGMT ipaddress 10.10.0.4 255.255.252.0



Thanks!
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb
I just found this at extremenetworks.guru:
One thing to be mindful of is if when looking at Vlan (lab), and with everything connected it is showing blocking as per below:

# show vlan lab
 
Ports:   3.           (Number of active ports=2)
Untag:     *17,     18
Tag:      *1bg

This is probably due to only one side of the lag configured for LACP.

If the core is the side that does not have LACP enabled the process is as follows:

Core1

disable mlag port 1
enable sharing 1 grouping 1 lacp algorithm address-based L2
enable mlag port 1 peer "MLAG-PEER-253" id 100

Core2

disable mlag port 1
enable sharing 1 grouping 1 lacp algorithm address-based L2
enable mlag port 1 peer "MLAG-PEER-254" id 100



 I think this may be what I was missing as the ports on the Member switch were showing as "blocking" when I did the "Show vlan" command.  I will check into this tomorrow and post here with the results.

Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,244 Points 10k badge 2x thumb
That should be it. Since LACP wasn't enabled on the MLAG peers for the MLAG ports, the downstream switch never added the LAG ports to the aggregator.

Let us know if this fixes it.

-Brandon
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb
That did work for me.  I didn't realize you needed to enable sharing and create an lacp port for a single port, although now it makes sense that the switch then uses the MLAG MAC address for the lacp connection.  

I do have one more question, do you need to tag all vlans on the ISC connection between the two MLAG switches?
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,244 Points 10k badge 2x thumb
Yes, any VLANs that are on MLAG ports should also be on the ISC link.

If this isn't done, failover may not work correctly and there may be FDB learning issues as well for the MLAG ports.
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb
Thanks Brandon!
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,574 Points 10k badge 2x thumb
If you have a client switch connecting to 2 MLAG peers using LACP. You need to create a 1 port lag on each peer.

For example,

Client switch has port 1 and 2 in a lag:

enable sharing 1 grouping 1,2 lacp

Both these ports connect to port one on core1 and core2. You need to configure the following on each core:

enable sharing 1 grouping 1 lacp

Once MLAG is enabled it will take care of the LACP ID shared between the cores to the client switch. This should allow the switch to start passing traffic.

Hope this helps!