871W: Routing between VLANs - comp.dcom.sys.cisco

I have an 871W. I have a switch supporting: VLAN 10 - general machines (10.0.*.*) VLAN 20 - special machines (10.1.*.*) This is connected to an 871W router via a trunk line. The router has: -FastEthernet 0 defined as trunk line to the switch. -Vlan 10 defined as bridge-group 10, no ip address -BVI 10 defined with 10.0.0.2 (router's ip address) -Dialer-1 defined to link to the ISP via PPPoE -FastEthernet4 defined as the PPPoE output to a modem. -DotRadio interfaces defined as bridge-group 10 and vlan 10. and I have a : bridge irb bridge 10 protocol ieee bridge 10 route ip So far, the router works fine to connect the wi-fi to the lan, and both to the internet, all within the confines of Vlan-10. I would like the router to be given a new 10.1.0.2 interface and be able to route packets between the 10.0 subnet (VLAN 10) and 10.1 subnet (vlan 20) with each vlan served by the same trunk line. goal: allow a machine in vlan 10 to talk to a machine on vlan 20 (I used to use switchport multi on the switch to allow specific machines such access, and all machines were in same subnet). Aka: packets from 10.0.0.20 travel as vlan 10 from the switch , via the trunk line to the router, then get routed to 10.1.0.5, encapsulated as VLAN 20 traveling back through the trunk line to the destination on the switch. How do I do that ? -what interface gets the 10.1.0.2 IP ? a new BVI one ? the vlan 20 ? -how do I link this interface so that packets get routed at IP level ? Or is the only way to use a separate ethernet interface, give that the ip address ? And in such a case, is the routing automatic or must I tie the interface to the bridge group, or must I add specific "IP route" commands ? I note that the "Dialer 1" interface has no explicit attachement to the bridge group or VLAN. I assume that the router automatically makes all dialer interfaces available for routing. I've seen examples where non-trunk ethernet interfaces were each given IPs in different subnets, but have not seen instances of trunk lines supporting different subnets in different vlans.

JF Mezei schrieb: > I have an 871W. > > I have a switch supporting: > > VLAN 10 - general machines (10.0.*.*) > VLAN 20 - special machines (10.1.*.*) > > This is connected to an 871W router via a trunk line. > > The router has: > > -FastEthernet 0 defined as trunk line to the switch. > > -Vlan 10 defined as bridge-group 10, no ip address > > -BVI 10 defined with 10.0.0.2 (router's ip address) > > -Dialer-1 defined to link to the ISP via PPPoE > > -FastEthernet4 defined as the PPPoE output to a modem. > > -DotRadio interfaces defined as bridge-group 10 and vlan 10. > > and I have a : > bridge irb > bridge 10 protocol ieee > bridge 10 route ip > > So far, the router works fine to connect the wi-fi to the lan, and both > to the internet, all within the confines of Vlan-10. > > > I would like the router to be given a new 10.1.0.2 interface and be able > to route packets between the 10.0 subnet (VLAN 10) and 10.1 subnet (vlan > 20) with each vlan served by the same trunk line. > > goal: allow a machine in vlan 10 to talk to a machine on vlan 20 (I used > to use switchport multi on the switch to allow specific machines such > access, and all machines were in same subnet). > > Aka: packets from 10.0.0.20 travel as vlan 10 from the switch , via the > trunk line to the router, then get routed to 10.1.0.5, encapsulated as > VLAN 20 traveling back through the trunk line to the destination on the > switch. > > > How do I do that ? > -what interface gets the 10.1.0.2 IP ? a new BVI one ? the vlan 20 ? > -how do I link this interface so that packets get routed at IP level ? > > Or is the only way to use a separate ethernet interface, give that the > ip address ? And in such a case, is the routing automatic or must I tie > the interface to the bridge group, or must I add specific "IP route" > commands ? > > I note that the "Dialer 1" interface has no explicit attachement to the > bridge group or VLAN. I assume that the router automatically makes all > dialer interfaces available for routing. > If you have the VLAN 20 interface up with an ip address of 10.1.0.2 your router *will* route between any local VLANs. If you cannot get the VLAN20 interface up you may need to add it to the VLAN database. Depends on IOS version. If you wan't to route/NAT/PAT from VLAN20 to internet through the Dialer interface you may want to add the VLAN20 subnet to the access list defining the NAT rule. -- ULi

Uli Link wrote: > If you cannot get the VLAN20 interface up you may need to add it to the > VLAN database. Depends on IOS version. Well, it appears I may have gotten a show stopper here. router2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 6 Number of existing VLANs : 6 VTP Operating Mode : Transparent VTP Domain Name : vaxination.ca VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08 Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02 Because there are 5 default VLANS (1 and 1002-1005) which one cannot remove or disable, this seems to imply that the 871 router has a limit of 1 VLAN. And this is why, after a whole night of trial and error, I could never get my trunk line to carry the second VLAN, and it took me a whoile to realise that VTP MODE CLIENT would revert to TRANSPARENT because the "network" carries more vlans than this baby router can accept. Cisco is rather stupid to have such a small limit on a router with trunking capabilities. I guess the only use of the trunk line between the router and switch would be to send remove management commands from the switch to the router since it can't carry traffic for VLANS that the router refuse to accept because of its stupid small limit of 1 customer defined vlan. Is there a way to disable/remove those default VLANs ?

JF Mezei schrieb: > Uli Link wrote: > >> If you cannot get the VLAN20 interface up you may need to add it to the >> VLAN database. Depends on IOS version. > > Well, it appears I may have gotten a show stopper here. > > router2#show vtp status > VTP Version : 2 > Configuration Revision : 0 > Maximum VLANs supported locally : 6 > Number of existing VLANs : 6 > VTP Operating Mode : Transparent > VTP Domain Name : vaxination.ca > VTP Pruning Mode : Disabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08 > Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02 > > > Because there are 5 default VLANS (1 and 1002-1005) which one cannot > remove or disable, this seems to imply that the 871 router has a limit > of 1 VLAN. > > And this is why, after a whole night of trial and error, I could never > get my trunk line to carry the second VLAN, and it took me a whoile to > realise that VTP MODE CLIENT would revert to TRANSPARENT because the > "network" carries more vlans than this baby router can accept. > > Cisco is rather stupid to have such a small limit on a router with > trunking capabilities. > > I guess the only use of the trunk line between the router and switch > would be to send remove management commands from the switch to the > router since it can't carry traffic for VLANS that the router refuse to > accept because of its stupid small limit of 1 customer defined vlan. > > Is there a way to disable/remove those default VLANs ? No, but you can use 12.4(11)XJ4 or upgrade to the Advanced IP IOS. The 1 VLAN limit was once documented for Advsecurity on the 870 platform. I have 3 VLANs working on a 876. Don't expect decent inter VLAN routing speed. But it works. -- ULi

Set the VTP Mode to server (or client if another switch is used to create the vlans). Transparent mode passes VTP information through the device without applying it to the device. Curtis JF Mezei wrote: > Uli Link wrote: > >> If you cannot get the VLAN20 interface up you may need to add it to the >> VLAN database. Depends on IOS version. > > Well, it appears I may have gotten a show stopper here. > > router2#show vtp status > VTP Version : 2 > Configuration Revision : 0 > Maximum VLANs supported locally : 6 > Number of existing VLANs : 6 > VTP Operating Mode : Transparent > VTP Domain Name : vaxination.ca > VTP Pruning Mode : Disabled > VTP V2 Mode : Disabled > VTP Traps Generation : Disabled > MD5 digest : 0x4A 0x89 0x26 0xBE 0x1F 0x1E 0x3C 0x08 > Configuration last modified by 10.1.0.2 at 11-29-09 12:43:02 > > > Because there are 5 default VLANS (1 and 1002-1005) which one cannot > remove or disable, this seems to imply that the 871 router has a limit > of 1 VLAN. > > And this is why, after a whole night of trial and error, I could never > get my trunk line to carry the second VLAN, and it took me a whoile to > realise that VTP MODE CLIENT would revert to TRANSPARENT because the > "network" carries more vlans than this baby router can accept. > > Cisco is rather stupid to have such a small limit on a router with > trunking capabilities. > > I guess the only use of the trunk line between the router and switch > would be to send remove management commands from the switch to the > router since it can't carry traffic for VLANS that the router refuse to > accept because of its stupid small limit of 1 customer defined vlan. > > Is there a way to disable/remove those default VLANs ?

Similiar Articles:

Cisco as X.28 client

piavik

How to access router security information programmatically

pankaj

CIM-XML interface

pankaj

how to configure dialup access in PIX 515

tra_krishnan (1)

Blocking MSN Messenger

jaisol (8)

Jesus said, "I am the way, the truth and the life: no one can come to the Father(God)(in Heaven), but by me." (John 14:6) This means that if you die without trusting in Jesus Christ as your Lord and S