Recently I installed two pairs of 4500x switches. Each pair setup as a VSS. VSS allows for two switches to share a control and management plane. In essence, to the administrator, it looks like one switch. The two VSS pairs were installed at separate sites–we’ll call them HQ and Colo for the sake of this post. The connection was an L2 link from a service-provider. We created a L3 adjacency between the two sites running EIGRP as the routing protocol. Previously there was a standalone 3560 on the Colo side and a 3750G stack on the HQ side.

To setup VSS you must define the VSL ports (virtual switch link) and the virtual switch domain. For example:

int po60
 description VSL to Switch 2
 switchport
 switch virtual link 1
 no shut
switch virtual domain 100
 switch 1
 switch 1 priority 200
int range te1/15-16
 switchport mode trunk
 description part of VSL po60
 channel-group 60 mode on
 no shut
A similar configuration would be put on the second switch, you would enter the command switch convert mode virtual and you have a VSS pair.

The issue I ran into, and the point of this post, is when I tried to turn up the second site, HQ in this example, the L3 link would not come up. I could see my neighbor in CDP, but my L3 interface showed down/down.

The answer lies in the switch virtual domain ID number. It turns out when you try to connect two VSS via an L3 link, if the switch virtual domain ID is the same, the link will not come up.

By changing the domain ID on the HQ pair, L3 came up and EIGRP was happy, I had routes everywhere. To change the ID, you don’t have to wipe out your existing VSS-related config, you just need to change the ID and issue the switch convert command again.

switch virtual domain 101
switch convert mode virtual

I’d love to know why this is, but unfortunately I wasn’t able to grab a packet capture while I was at the customer site. If I get the chance, I will definitely try to figure it out.