I have seen many people discuss the issue of 4006 L3.
You need to figure out the structure of the x4232-L3, which consists of two parts:
------------------------------------ Backplane
| 2GE | (4GE)
------ |
| R | --------------------
------ |... |
|
2 GE 32FE (appearance)
1. Separate the 32 FE first. They cannot be configured from the router. They are connected to the base version through 4GE.
2. another part is a router. it has four GE ports (and an fe, which can be used for out-of-band management). We can see two GE ports on the outside, and two are connected to the base version. That is, the x4232-L3 has 6 GE connected to the base ).
The entire module seems to have 34 e ports, 2GE + 32FE .,
From the switch (Supervisor), there will be 1 to 34 ports in the sh port, of which two GE ports (#/1, #/2) # Are slot, but this is not the two ports you see outside the rack, but the two GE ports inside the rack.
You enter the Router mode from sessin: You can see GE1 ~ GE4, GE1 ~ 2 is the external port,
GE3 ~ 4 is the internal port.
Therefore, your GE3 ~ 4. The configurations must be consistent with those of the GE ports (slot #/1, slot #/2) in the preceding switch.
You can configure GE3 and GE4 as port Channels like MSM, and configure subinterfaces (ISL or 802.1q encapsulated) on them)
Interface GigabitEthernet3
Channel-group 1
Interface GigabitEthernet4
Channel-group 1
! --- Both port gig 3 and gig 4 are part of the channel group 1.
Interface Port-channel1.2
Encapsulation dot1Q 2
Ip address 2.2.2.2 255.255.255.0
Interface Port-channel1.3
Encapsulation dot1Q 3
Ip address 1.1.1.2 255.255.255.0
Switch configuration: Assuming the x4232-L3 is inserted in slot3
Set port channel 3/1-2 156
Set trunk 3/1 nonegotiate dot1q 1-1005
Set trunk 3/2 nonegotiate dot1q 1-1005
Set port channel 3/1-2 mode on
The last thing to note is that if you want to configure the data stream ACLs on the internal GE, such as ip access-group: The x4232-L3 does not support configuring this ACLs on the GE Channel, it also does not support ACLx on its GEC subinterface. It does not support dynamic ACLs, ACLs logging, and ACLs hit counters.
Therefore, you must configure ACLs as follows:
Interface gig 3
Ip address 192.168.100.1 255.255.255.0
Ip access-group 101 in
Or
Interface GB 3.10
Encapsulation dot1q 10
Ip address 192.168.100.1 255.255.255.0
Ip access-group 99 out
But not:
Interface gig 3
Channel-group 1
Interface gig 4
Channel-group 1
Interface port-channel 1
Ip address 192.168.100.1 255.255.255.0
Ip access-group 101 in
Or
Interface gig 3
Channel-group 1
Interface gig 4
Channel-group 1
Interface port-channel 1.10
Encapsulation dot1q 10
Ip address 192.168.100.1 255.255.255.0
Ip access-group 99 out
I hope the above will help you.