Question

Cisco 2960 vlan connecting to vlan on the router

Asked by: phozo

I have configured the the vlan on the cisco 2960 switch to be vlan 5 and created a vlan on the router to vlan 5, I have put all of the relevant ports into the vlan 5.

i have created trunk between the two devices, and set the native vlan to be 5, and also checked to make sure that the there are no vlan restrictions.

But it doesn't seem to work.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-12 at 03:26:43ID24726597
Tags

cisco router

,

2811

,

routing

,

cisco

,

cisco swtich

,

cisco 2960

Topics

Network Routers

,

Network Switches & Hubs

,

Network Design & Methodology

Participating Experts
3
Points
500
Comments
74

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. 3550 trunk and native vlan
    ive got a main network (172.17.100.0) on vlan1 and a plant network (200.130.130.0) on vlan99. i have a 3550 12g that has an interface on vlan1 (172.17.100.248) and an interface on vlan99 (200.130.130.1). i have a default gateway router for vlan1, but the 12g is the DG for v...
  2. Pupose of trunking native vlan
    Hi experts, Say Switch B is a 4948 access switch and Switch A is a distribution level 6510. All ports on switch B is on VLAN 100. If I set up a trunk between the two switches exactly the same on both sides like below: Example 1: switchport trunk encap dot1q switchport mo...
  3. HP and Cisco VLAN trunking issue
    We replaced an old cisco 6500 router/switch with a new HP Procurve 5406. Set everything up and for the most part it is communicating well with several other cisco switches. One VLAN to one switch a cisco 3850 is giving us issues. The trunking for that switch does not seem to ...
  4. Vlan Trunking
    Hi, If I implement vlan tranking between 2 Switches, and I send data from one vlan to another do the VLAN name have to match on both switches. as I understand the trunk will carry data for all Vlans and once the data is received at the far end of the trunk it will strip th...
  5. Cisco VLANs
    Hello, I have a network here, that i did not do the configuration of, that has a Cisco 3550 as its core switch. On this switch are 6 VLANs VLAN 5 is the infrastructure VLAN and VLAN4 is for guest wireless. VLAN 5 has an IP address of 10.5.255.254 255.255.0.0 VLAN4 has an IP ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: rochey2009Posted on 2009-09-12 at 04:05:18ID: 25315981

please can you post the relevant parts of the router and switch config.

 

by: ikalmarPosted on 2009-09-12 at 04:26:36ID: 25316040

Hi

Please configure both device the following:

int gig 0/0
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 load-interval 30
 storm-control broadcast level bps 50m
 storm-control multicast level bps 50m
 spanning-tree portfast trunk

And don't forget to use cross-cable behind the switches, and it will be working+

Best regards,
Istvan

 

by: ikalmarPosted on 2009-09-12 at 05:00:29ID: 25316121

what shows the 'show cdp nei' command

 

by: phozoPosted on 2009-09-12 at 10:12:32ID: 25317123

Here are the results from 'show cdp nei' on the router:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
barricade.xxxx.com
                 Fas 0/1/8          167          S I      WS-C2960- Fas 0/24

And from the switch:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Router.xxxx.com
                 Fas 0/24          127          R S I     2811      Fas 0/1/8

I have not run any of the commands above yet.

-John

 

by: phozoPosted on 2009-09-12 at 10:14:08ID: 25317126

also the connection between the router and the switch needs to have a cross connect cable?  If that is the case that could be part of the problem.

But I am going from the 2960 switch across the trunk to the Cisco 2811 HWIC - 9 - Switchport.  Does it still need the cross connect cable?

-John

 

by: rochey2009Posted on 2009-09-12 at 10:26:35ID: 25317179

The connection between the router and the switch needs a straight through cable not a crossover.

do a

show int trunk

on the switch and post the results.

 

by: ikalmarPosted on 2009-09-12 at 10:33:26ID: 25317202

switch and switch - cross cable
switch and pc - straight cable
switch and router - straight cable

if the switch connect to router's switchport you need crossconnect cable, but if it know auto mdix not!

in this case it is working, it seems there is a config missing

do it:

switch:
int Fas 0/24
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 load-interval 30
 storm-control broadcast level bps 50m
 storm-control multicast level bps 50m
 spanning-tree portfast trunk



router:
int  Fas 0/1/8
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 load-interval 30
 storm-control broadcast level bps 50m
 storm-control multicast level bps 50m
 spanning-tree portfast trunk

and it is working....

 

by: phozoPosted on 2009-09-12 at 14:22:17ID: 25317934


Port        Mode             Encapsulation  Status        Native vlan
Fa0/24      on               802.1q         trunking      5

Port        Vlans allowed on trunk
Fa0/24      1-4094

Port        Vlans allowed and active in management domain
Fa0/24      1,5

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/24      1,5

 

by: phozoPosted on 2009-09-12 at 14:28:47ID: 25317962

when I try to set the storm-control broadcast level I get.

Router(config-if)#storm-control broadcast level bps 50m
                                                ^
% Invalid input detected at '^' marker.
 
Router(config-if)#storm-control broadcast level?       
level  
 
Router(config-if)#storm-control broadcast level ?
  <0 - 100>  Enter Integer part of storm suppression level
 
Router(config-if)#storm-control broadcast level 
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:

Select allOpen in new window

 

by: phozoPosted on 2009-09-12 at 14:30:43ID: 25317966

When I do the switchport trunk allowed vlan 1,5 I get the follwing  By the for the last two items, I am doing these changes on the router first.

Router(config-if)#switchport trunk allowed vlan 1,5
Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
                                              
1:
2:

Select allOpen in new window

 

by: phozoPosted on 2009-09-12 at 21:18:44ID: 25318922

Based on the error I changed the command to and it seemed to continue without error.

I will see if it connects anything tonight when I go to the datacenter.

switchport trunk allowed vlan 1,5,1002-1005
                                              
1:

Select allOpen in new window

 

by: ikalmarPosted on 2009-09-12 at 22:22:01ID: 25319047

colud you show me the router's config?

 

by: ikalmarPosted on 2009-09-12 at 22:22:47ID: 25319050

and 'show vlan' on switch, 'show vlans' on router and whole config booth devices

 

by: phozoPosted on 2009-09-12 at 23:15:01ID: 25319133

This could be a problem.

Router#show vlans

No Virtual LANs configured.

Router#show vlans 5    

No subinterface configured for vLAN Identifier 5.

I am including the router config below

Current configuration : 1785 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip domain name beforedawnsolutions.com
ip name-server 216.xxx.xxx.2
ip name-server 209.xxx.xxx.5
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!         
!
!
!
!
archive
 log config
  hidekeys
! 
!
!
!
!
!
!
!
interface FastEthernet0/0
 description  downlink
 ip address 74.xxx.163.4 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex full
 speed 10
!         
interface FastEthernet0/1
 description  Corp subnet
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface FastEthernet0/1/4
!
interface FastEthernet0/1/5
!
interface FastEthernet0/1/6
!
interface FastEthernet0/1/7
!
interface FastEthernet0/1/8
 description trunk connection to barricade
 switchport trunk allowed vlan 1,5,1002-1005
 switchport mode trunk
 load-interval 30
!
interface Vlan1
 no ip address
!
interface Vlan5
 ip address 74.xxx.151.204 255.255.255.224
!
ip default-gateway 74.xxx.163.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 74.xxx.163.1
ip route 10.1.1.0 255.255.255.0 74.xxx.163.1
ip route 74.0.0.0 255.0.0.0 74.xxx.163.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
scheduler allocate 20000 1000
!
end
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:

Select allOpen in new window

 

by: phozoPosted on 2009-09-12 at 23:17:39ID: 25319136

Here is the switch out put of show vlan

1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23
5    VLAN0005                         active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
5    enet  100005     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
 
Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:

Select allOpen in new window

 

by: ikalmarPosted on 2009-09-12 at 23:19:17ID: 25319138

and the swith config?

 

by: phozoPosted on 2009-09-12 at 23:21:56ID: 25319146

This is the switch configuration

Current configuration : 3609 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname barricade
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip domain-name xxxx.com
ip name-server 216.xxx.xxx.2
ip name-server 209.xxx.xxx.5
!
!         
crypto pki trustpoint TP-self-signed-1359311488
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1359311488
 revocation-check none
 rsakeypair TP-self-signed-1359311488
!
!
crypto pki certificate chain TP-self-signed-1359311488
 certificate self-signed 01
  << RSA KEY Stuff>>>
  quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
 switchport access vlan 5
 speed 10
 duplex full
!
interface FastEthernet0/2
 switchport access vlan 5
!
interface FastEthernet0/3
 switchport access vlan 5
!
interface FastEthernet0/4
 switchport access vlan 5
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
 description test vlan
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
 description Trunk Connection to router
 switchport access vlan 5
 switchport trunk allowed vlan 1,5
 switchport mode trunk
 load-interval 30
 storm-control broadcast level bps 50m
 storm-control multicast level bps 50m
!
interface Vlan1
 no ip address
 no ip route-cache
!
interface Vlan5
 ip address 74.xxx.151.196 255.255.255.224
 no ip route-cache
!
interface Vlan10
 ip address 192.168.1.1 255.255.255.0
 no ip route-cache
!
ip default-gateway 74.xxx.151.193
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:

Select allOpen in new window

 

by: phozoPosted on 2009-09-12 at 23:22:43ID: 25319147

I also just tried the VLAN stuff at the DC and it isn't working.

 

by: ikalmarPosted on 2009-09-12 at 23:24:43ID: 25319150

hi what was this???

barricade.xxxx.com
                 Fas 0/1/8          167          S I      WS-C2960- Fas 0/24

And from the switch:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Router.xxxx.com
                 Fas 0/24          127          R S I     2811      Fas 0/1/8

I have not run any of the commands above yet.

-John

      

 

by: ikalmarPosted on 2009-09-12 at 23:25:04ID: 25319152

it seems that is working, so what is the problem??

 

by: phozoPosted on 2009-09-12 at 23:34:01ID: 25319172

That was the result of the 'show cdp nei' commmand.

The problem is that when I hook the router up to Internet drop from the ISP, anything that is connected to the 2960 switch cannot connect to the internet.

But now the 10.1.1.x subnet is working because of the nat change.

Currently the 2960 switch is connected to the ISP drop and I am able to connect that way, but not with the router.

-John

 

by: ikalmarPosted on 2009-09-12 at 23:39:45ID: 25319185

ok but this:

Router.xxxx.com
                 Fas 0/24          127          R S I     2811      Fas 0/1/8

it is not your router....

why did you set it:
ip route 74.0.0.0 255.0.0.0 74.xxx.163.1

 

by: phozoPosted on 2009-09-12 at 23:52:49ID: 25319221

Yes that is the router.

And actually I just tried to ping the switch using 74.xxx.151.196 and it succeeds, even when the router is not connected to ISP drop.

But if I try to ping the router using 74.xxx.163.4 it doesn't work, but if I ping it using the it's ip address on teh same subnet 74.xxx.151.204 it does return results.

regarding that route, I don't recall actually doing that one, but I tried a lot of stuff late at night thinking that the route was the issue, and it probably still is.  So we should get rid of that.

I actually just tried to remove it using 'no ip route 74.0.0.0 255.0.0.0 74.xxx.163.1' and I got a no '%No matching route to delete'

-John

 

by: phozoPosted on 2009-09-13 at 00:15:28ID: 25319273

So I did a google search on '%No matching route to delete issue' and I found something related to default-network, so by doing a 'no ip default-network 74.xxx.163.1' I was able to remove that route.

-John

 

by: ikalmarPosted on 2009-09-13 at 00:16:25ID: 25319276

why do you need public address on switch???

if you set a pc port to vlan5 access and set a pc to this network it is working...

 

by: phozoPosted on 2009-09-13 at 00:16:29ID: 25319277

But that still didn't fix the problem.  When the router is connected to the ISP drop, I can't get to anything on the 2960 switch.

the router can ping correctly, and anything on 10.1.1.0 subnet can get out.

-John

 

by: phozoPosted on 2009-09-13 at 00:20:12ID: 25319290

Because that switch has some colo customers, and a few public facing sites.

I would like to have the separation of public sites on the public switch, running through the router so that I can add firewall etc.

And the corporate site, which has internal apps, and if necessary a NAT map to an external ip.

-John

 

by: phozoPosted on 2009-09-13 at 00:22:05ID: 25319293

Right now I am using the switch as the interface to the drop from the ISP.

Because I needed to get some customers up ASAP.

But I wanted to have the router in the middle, for added protection and flexibility.  So have the router, didn't have it when I set up the original thing.

-John

 

by: phozoPosted on 2009-09-13 at 00:31:27ID: 25319322

Do I need to create a sub interface?  Something along the lines of 'int faste0/1/8.5' on the router.  If so what ip address do I use?

-John

 

by: phozoPosted on 2009-09-13 at 00:46:45ID: 25319360

I determined that I don't need to do the sub interface.

-John

 

by: phozoPosted on 2009-09-13 at 00:48:40ID: 25319362

Do I need to set up a route from 74.xxx.151.192 255.255.255.224 to 74.xxx.163.1?

Is this a routing issue?

-John

 

by: ikalmarPosted on 2009-09-13 at 00:50:50ID: 25319369

betterway to use VRF-LIte to separate routing....

 

by: ikalmarPosted on 2009-09-13 at 00:54:13ID: 25319376

 

by: ikalmarPosted on 2009-09-13 at 00:56:12ID: 25319377

that you need on the router:

ip vrf VRF-LITE-A
 rd 100:1

int vlan 5
 ip vrf forwarding VRF-LITE-A
 ip address 74.xxx.151.196 255.255.255.224
 no ip route-cache

vrf VRF-LITE-A 0.0.0.0 0.0.0.0 74.xxx.163.1



 

by: phozoPosted on 2009-09-13 at 01:01:06ID: 25319390

I am not sure that this is the way to go, it seems very complicated for something that should be pretty straight forward simple.

Are we overlooking something?

-John

 

by: phozoPosted on 2009-09-13 at 01:11:40ID: 25319405

I just tried the VRF suggestion and that didn't work, pretty much the same results.

Unfortunately.

-John

 

by: ikalmarPosted on 2009-09-13 at 01:19:10ID: 25319427

doy ou able to ping the switch address??

 

by: Andy_QuaeyhaegensPosted on 2009-09-13 at 01:26:05ID: 25319441

Hi there,

you should configure subinterfaces on the trunk port of the router, to enable routing between the vlans.

configure interface .1 on vlan 1 network
configure interface .5 on vlan 5 network

the vlans have no default gateway (because your router has no interface on the vlan).

good luck

 

by: Andy_QuaeyhaegensPosted on 2009-09-13 at 01:26:54ID: 25319445

and off course, use encapsulation .1q etc etc...

 

by: phozoPosted on 2009-09-13 at 01:40:38ID: 25319456

Ikaimer.  I could ping the switch address from the router before, and I could ping the router address 74.xxx.151.204 from the switch.  

But I could not ping 74.xxx.163.4 address from the switch.

-john

 

by: phozoPosted on 2009-09-13 at 01:44:59ID: 25319466

Andy, how would I go about doing that?  

The trunk port to the router is on faste0/1/8 which is on a 9 port HWIC switch card.

When I tried to add the sub interface faste0/1/8.5 it produced an error.

-john

 

by: ikalmarPosted on 2009-09-13 at 01:45:17ID: 25319467

why do you set it??

ip route 10.1.1.0 255.255.255.0 74.xxx.163.1

and this line missed:

access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 deny ip any any

 

by: ikalmarPosted on 2009-09-13 at 01:49:20ID: 25319472

there is not need subintercafe.....

your pc is able to ping switc address?:
router default gw?
router utside address?
148.6.0.1?

 

by: phozoPosted on 2009-09-13 at 01:51:06ID: 25319478

IKaimer,

Actually I didn't try it from the PC, I did it from the Router and the switch using the cisco tools.

-John

 

by: phozoPosted on 2009-09-13 at 01:53:43ID: 25319483

IKaimer,

I think the "ip route 10.1.1.0 255.255.255.0 74.xxx.163.1" was one of my attemps to route the 10.1.1.0 network out.  That can be removed, because of the NAT.

I did the access list:
Router#show access-lists
Standard IP access list 1
    10 permit 10.1.1.0, wildcard bits 0.0.0.255 (4504 matches)


-John

 

by: ikalmarPosted on 2009-09-13 at 01:56:22ID: 25319491

ok

the interfaces are up on booth devices?

 

by: phozoPosted on 2009-09-13 at 01:57:15ID: 25319492

yes.  when the router is plugged into the ISP all of the interface are up.

-John

 

by: Andy_QuaeyhaegensPosted on 2009-09-13 at 02:05:41ID: 25319509

Router> enable
 Enables privileged EXEC mode.

Router# configure terminal
 Enters global configuration mode.
 
Router(config)# interface fastethernet 1/0.5
 Configures an interface type and enters interface or subinterface configuration mode.
 
Router(config-subif)# encapsulation dot1q 5
 Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Router(config-subif)# exit

Router(config)# interface fastethernet 1/0.10
 Configures an interface type and enters interface or subinterface configuration mode.
 
Router(config-subif)# encapsulation dot1q 10
 Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

 

 

by: phozoPosted on 2009-09-13 at 13:53:25ID: 25321675

Andy,

are you saying to run this command on the router connection with the ISP Drop (Faste0/0) or on the router switchport (faste0/1/8) which has the trunk.

I tried it on the faste0/1/8 and wouldn't let me do it.

-John

 

by: ikalmarPosted on 2009-09-13 at 21:30:00ID: 25322938

do you need other vlan on the siwtch?
If not try this on nooth device:

int x/x
 switchport mode access
 switchport access vlan 5

and it is working!

 

by: phozoPosted on 2009-09-13 at 21:54:56ID: 25322965

My plan was to be able to put multiple vlans on the switch so that I could expand in the future as necessary.  Since this switch would be mostly for client stuff, and as my IP requirements grow, I think that I need to be able to create multiple VLANs.

So with your commands above would this be applied to the trunk interface? to turn it into a regular switchport?  Or is this necessary to put on the other interfaces as well.

-John




 

by: ikalmarPosted on 2009-09-14 at 00:59:57ID: 25323480

it was a workaround... but tha aim is that it work with trunk!

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 01:55:40ID: 25323705

Hey John,

the config was to be applied on the router. You are not able to create subinterfaces, because your interface is already numbered. You should remove the ip-address from the router interface first, and then apply config.

Success.

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 01:57:05ID: 25323713

>> apply config on router switchport Fa0/1/8

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 02:07:39ID: 25323763

 

by: phozoPosted on 2009-09-14 at 06:30:07ID: 25325159

When I try to that on the trunk port (faste0/1/8).  I get the following error:

Router(config)#int faste0/1/8.5
                   ^
% Invalid input detected at '^' marker.


And actually the caret is under the faste section.

If I try to modify the port faste0/1/8, I am able to do all regular functions.

-John

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 10:21:22ID: 25327473

John,

very strange. Very strange indeed.

I also presume (I haven't read all the posts here) that you have tried the following:

interface vlan 1
ip address blablabla

interface vlan 5
ip address blablabla

Int f0/0
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,5
switchport mode trunk

?

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 10:21:54ID: 25327477

off course fa0/1/8 in stead of 0/0 ....

 

by: phozoPosted on 2009-09-14 at 10:32:31ID: 25327552

Here is the switchport output of faste0/1/8

Router#sh int faste0/1/8 switchport
Name: Fa0/1/8
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1,5,1002-1005
Trunking VLANs Active: 1,5
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none 
Appliance trust: none
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:

Select allOpen in new window

 

by: phozoPosted on 2009-09-14 at 10:34:39ID: 25327562

And here is the output for the two VLan interfaces:

Router#sh int vlan 1
Vlan1 is up, line protocol is up 
  Hardware is EtherSVI, address is 001f.9e56.5fa8 (bia 001f.9e56.5fa8)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 1d20h, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     12109 packets input, 892392 bytes, 0 no buffer
     Received 12069 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     396 packets output, 30492 bytes, 0 underruns
     0 output errors, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out
 
Router#sh int vlan 5
Vlan5 is up, line protocol is up 
  Hardware is EtherSVI, address is 001f.9e56.5fa8 (bia 001f.9e56.5fa8)
  Internet address is 74.xxx.151.196/27
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     311120 packets input, 20302430 bytes, 0 no buffer
     Received 310143 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     1208 packets output, 81256 bytes, 0 underruns
     0 output errors, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:

Select allOpen in new window

 

by: ikalmarPosted on 2009-09-14 at 10:43:38ID: 25327625

ok, it seems good...

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 11:36:06ID: 25328063

Actually - he has no ip on vlan 1 i think.

maybe that's the source of the problems?

 

by: ikalmarPosted on 2009-09-14 at 11:51:12ID: 25328188

what shows the switch?

 

by: phozoPosted on 2009-09-14 at 11:56:31ID: 25328226

Is there a way that I can either remove vlan 1, or clear out the ip, or remove it from the trunk.

because all of the ports that I am not using are defaulted to VLAN 1.

If that doesn't work I do have another block of IP's that I can use temporarily.

-John

 

by: phozoPosted on 2009-09-14 at 12:01:18ID: 25328261

Here is the config of one of the switchports in the vlan

barricade#sh int faste0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 5 (VLAN0005)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
 
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:

Select allOpen in new window

 

by: phozoPosted on 2009-09-14 at 12:03:41ID: 25328280

And here it is for the trunk line on the switch:  ( the previous output was from the switch also.)

barricade# sh int faste0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 5 (VLAN0005)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,5
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
 
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:

Select allOpen in new window

 

by: phozoPosted on 2009-09-14 at 12:04:36ID: 25328283

Here is the VLAN 5 config on the switch

barricade#sh int vlan 5
Vlan5 is up, line protocol is up 
  Hardware is EtherSVI, address is 0026.5105.72c1 (bia 0026.5105.72c1)
  Internet address is 74.XXX.151.196/27
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:08:51, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     332627 packets input, 21949907 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     13578 packets output, 1693097 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:

Select allOpen in new window

 

by: phozoPosted on 2009-09-14 at 12:05:14ID: 25328292

And the same for VLAN 1 on the swithc

barricade#sh int vlan 1
Vlan1 is up, line protocol is up 
  Hardware is EtherSVI, address is 0026.5105.72c0 (bia 0026.5105.72c0)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 2d10h, output 2d11h, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1612718 packets input, 108984763 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     105180 packets output, 13234807 bytes, 0 underruns
     0 output errors, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:

Select allOpen in new window

 

by: phozoPosted on 2009-09-14 at 15:54:46ID: 25330044

Regarding Andys Comments on VLAN 1, as a general practice is it best to use Vlan 1 or set it up as some sort of management port.

I guess what I am asking is, should drop VLAN 5 and configure VLAN 1 to the VLAN that I use, and then as I grow add in the next VLANs etc.

-John

 

by: Andy_QuaeyhaegensPosted on 2009-09-14 at 23:41:35ID: 25332304

John,

how I do it (but that's just me talking) I never use VLAN1 as mgmt vlan, I actually don't use vlan1 at all. Th number of the vlan doesn't make any difference, but maybe - just maybe, because of use of vlan 1 (the default mgmt vlan for cisco) in your environment, you encounter some errors.

Try to set up your vlans, starting from 101 or so, and leave vlan 1 for what it is: the management (telnet/ssh access etc)

 

by: phozoPosted on 2009-09-18 at 12:22:13ID: 25369106

well guys.  I am going to DC tonight to get this resolved.  wish me luck.

-John

 

by: phozoPosted on 2009-09-18 at 14:12:21ID: 25370000

Do both the switch on VLAN 5 and the router on VLAN 5 need a unique ip address?  

 

by: phozoPosted on 2009-09-19 at 02:13:25ID: 25372173

The task is completed.  And the big thing was that the gateway needed to be updated, the trunk is working perfectly.  Thank you to everyone for all of the help.

-John

 

by: phozoPosted on 2009-09-19 at 02:15:56ID: 31627878

Ikaimer,

Spent a lot of time working with me to come up with the solution.

thank you,

-John

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...