• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 484
  • Last Modified:

router with two interfaces, two switches same subnet

Hello everyone,
I have a pair of cisco 2821 that I need to connect to 2 switches. The problem I am having is both switches are in the same subnet. Each router must be able to see the other ivr's on the other switch. I have tried to bridge both interfaces via irb and bridge-group--it works, but it blocks one path to a switch at a time. (I can ping the BVI ip from one of the switches, but not the other) I know I am missing something, any help would be great.
Thanks.
0
bradleydsmith
Asked:
bradleydsmith
1 Solution
 
QuoriCommented:
IRB would be one way, a SVI (Switched Virtual Interface)/VLAN Interface would be another one.

What is likely happening is spanning-tree blocking one of the physical paths. Are the two switches trunked together?
0
 
bradleydsmithAuthor Commented:
yes, that is correct. The two switches are trunked and are participating in vrrp in a larger scheme.  Can you use IRB(BVI) without spannig-tree?
Thanks for the comment.
0
 
lrmooreCommented:
If you are trunking between the switches, why don't you just have each router on an access vlan with a common subnet, or trunked with multiple subinterfaces for the vlans?

  RTR1                       RTR2
     |                             |
 SW1 -----trunk------ SW2

What do you have connecting the two routers?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
bradleydsmithAuthor Commented:
the switches have vlan 100 (10.0.1.0) vlan 200 (10.0.2.0) only vlan 100 is routable. vlan200 is for voip. The problem is when a packet from RTR1 comes in and may be destined for HOST1(which is in an edge port SW2) the packet is not going through the trunk, it is going to SW1 default gateway, which is a core SW(all in vrrp) it never gets to SW2. If it was for 10.0.1.0 subnet(which is in vrrp) then it arrives no problem.
Sorry for the long explanation.
0
 
lanboyoCommented:
Someone above has stated the answer, I think.

Connect each router to a single switch, configure the links as 802.1q trunks. Put a subinterface for each vlan on each router.

Are you sure the packet never gets to HOST1 from RTR1, or that the reply never gets back?

It sounds like either each router has a link to each switch

                  R1
                 /     \
             SW1-SW2
                \      /
                  R2    

or you have a link between each router in the bridge groups.


                     R1--R2
                       |     |
                  SW1--SW2

I recommend against the bvi, and  more strongly recommend that you leave spanning tree on, as you will be creating a rather instant broadcast storm without it.
0
 
bradleydsmithAuthor Commented:
no I am not sure--the packet could never getting back. "Put a subinterface for each vlan on each router." Will this interfere with the vlans already on the router?  Actually what do you mean "Put a subinterface for each vlan on each router."
Thanks again.
   
0
 
lanboyoCommented:
What is your physical layout?

  RTR1                       RTR2
     |                             |
 SW1 -----trunk------ SW2

                    R1
                 /     \
             SW1-SW2
                \      /
                  R2    

or

                     R1--R2
                       |     |
                  SW1--SW2


I don't know what vlans are already on the router or how they are connected to any switches or each other so I can not say. Routers don't really have vlans on them, I am suggesting replacement of the bridgegroup/bvis that you have now.

0
 
bradleydsmithAuthor Commented:
my setup is as follows:
ISPA                        ISPB
     |                             |
RTR1                       RTR2
     |                             |
 SW1 -----trunk------ SW2
the switches already have two vlans participating in VRRP. The router does not have any vlans(excpet for the BVI I first setup, but it is no longer there)

Thanks
0
 
lanboyoCommented:
Configure the router interfaces as  802..1q trunks with subinterfaces.

Rtr1

interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.100
description Data VLAN
encapsulation dot1Q 100
ip address 10.0.1.2 255.255.255.0
no ip redirects
standby 1 ip 10.0.1.1


!
interface FastEthernet0/0.200
description Voice VLAN
encapsulation dot1Q 200
ip address 10.0.2.2 255.255.255.0
standby 2 ip 10.0.2.1


RTR2


interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.100
description Data VLAN
encapsulation dot1Q 100
ip address 10.0.1.3 255.255.255.0
no ip redirects
standby 1 ip 10.0.1.1


!
interface FastEthernet0/0.200
description Voice VLAN
encapsulation dot1Q 200
ip address 10.0.2.3 255.255.255.0
standby 2 ip 10.0.2.1



And configure the switch ports they are connected to as trunks,

interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan add 100,200


The routers will now be able to route to(and between actually) both vlans. The standby command makes the interfaces do hsrp with each other if that is what you want. If you have other hsrp groups on that vlan I imagine you might not. You can have the hsrp track the outside interfaces, so if one goes down the other will take over as the .1 address. Up to you.

Is this what you need?


0
 
bradleydsmithAuthor Commented:
I will give it a try, thanks. I will post back with the results.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now