Wan routing with vlns

Unanswered Question
Apr 23rd, 2007

Can anyone help me with this. What i have is 4 cisco 3550 connected together and each 3550 has a dumb switch and a few pc's connected to it. I need to know how to properly setup vlans and trunking, please send configurations step by step from the 3550 down to the pcs. I really need some help? a diagram is attached. Use it as a guide line be as detailed as possible

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nolan.dorsett Tue, 04/24/2007 - 09:09

You can put whatever vlans you want at each site just use the diagram and ip addresses as a guideline

nolan.dorsett Tue, 04/24/2007 - 11:10

Let me explain all i need is to perform routing between each router and to be able to ping pcs accross each company. How ever you set it up is fine i just need it to follow as an example. Look at the diagram whatever should be trunked tell me just add enough vlans for pcs and routers to communicate properly thats it.

Thank you

The following assumes that you'll create one VLAN for your users, and use a dot1q trunk to connect the switch to the router.

Add/configure VLAN

Set vtp mode to transparent (vtp mode transparent)

Add VLAN (vlan 2)

Name VLAN (name VLAN2)

User Ports - Put users in vlan 2

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

spanning-tree portfast

no shutdown

Trunk Ports - Connect to other switches, or router trunk port

interface FastEthernet0/24

switchport mode trunk

switchport trunk encapsulation dot1q

no shutdown

Management Interface

interface vlan 2

ip address

no shutdown

Now, on the Router (assuming Fa0/1 will connect to switchport Fa0/24)

interface FastEthernet0/1

no ip address

no shutdown

interface FastEthernet0/1.2

ip address

encapsulation dot1q 2

no shutdown

When you need to add more VLAN's to an office, you can just add the VLAN to the 3550, and continue adding sub-interface's to Fa0/1 on the router. You'll also need to be able to route this network, so that each router knows how to get to it. Post back if you need help with the routing.

nolan.dorsett Tue, 04/24/2007 - 11:54

Thanks on the router port why didnt you enable the port as trunk i noticed you just created a sub interface added the ip address and the encapsulation. Also could you do an example from router to router now and also even though the 3550 is a layer three switch with about 10 interfaces do you still need sub interfaces what are the purpose of these.

Show me an example linking router to router using a vlan and ip addresses

1 - On the router port, you do not specify the port as a trunk. You only tell the router to perform dot1q encapsulation, and which sub-interface tags the traffic. This is sometimes referred to as router on a stick.

2 - For the routing portion, you could use either static routes, or a routing protocol. I would recommend a protocol, and if all routers are cisco, eigrp.

An example of one router would be GBAC.

router eigrp 1




With EIGRP, the network commands enable the eigrp process to advertise interfaces that are a part of the network and wildcard address specified. As an example, network causes the interface connecting to FCP to talk EIGRP. If the interface at FCP is also talking EIGRP, the two routers will neighbor up, and begin exchanging route updates.

If at each site, you are supposed to have a default gw of the orange address, you would also use a static route.

ip route

3 - In this example, you are only using vlan's on the 3550's, which are only layer2. You do not use subinterfaces on a switch, if that's what you are asking. Instead, you would use SVI's or switched virtual interfaces. If you were to add the ip routing command, you could do a 'show ip route' on the 3550 and see your vlan2 interface show up as a connected network. If you are using an enhanced image on the 3550 you can also do full routing of these SVI's using eigrp or some other protocol. With the standard image on the 3550's I believe that with eigrp, you can only use it as a stub.

nolan.dorsett Tue, 04/24/2007 - 13:02

Could you do a configuration from router to router using static routes you dont have to do routing tables just show port configurations, vlans, witch port belongs to which vlan wether they are trunked or not encapsulation etc. Be detailed just like the router to switch configuration you sent me that was very good.

nolan.dorsett Wed, 04/25/2007 - 05:42

YEs it is its worth 50% of my colledge grade please show me how to route statically using vlans from router to router details please trunking encapsulation everything

nolan.dorsett Thu, 04/26/2007 - 10:42

I know how to do static routes show me how to do it with Vlans/InterVlan Routing i need an example with details us my drawing show me which ports should be trunks, which should be tagged, which should have ip addresses, Which ports should be in the same vlan etc. Lay it out for me my brother please.

Thank you man

The InterVLAN routing changes nothing with static routes.

The one piece that you need to understand is that since all of the VLAN's will be directly connected to the router, you will see the routes as "connected", and you won't need the static routes. So, InterVLAN routing within a specific site does not require static routes since they are all directly connected to the router.

Another point to understand is that VLAN's in this case, are contained within each site. You could, for example have a VLAN2 at each site, and they would all be different. A VLAN is not extended beyond a routed or Layer3 boundary.

For a sample scenario:



GBAC-Router-Fa0/1 -

GBAC-Router-Fa0/0 - no ip addr

GBAC-Router-Fa0/0.2 - (VL2)

GBAC-Router-Fa0/0.3 - (VL3)

GBAC-Router-Serial0/0 -

GBAC-Router-Serial0/1 -


ip route

ip route

ip route

This alone would install a default route, and the two other routes. By default, since you have two directly connected sub-interfaces for the VLAN's you'll have routes listed for those subnets.

For example, from FCP, to get to the subnets, and in GBAC, you would need the following at FCP:

ip route

ip route

One problem that you have in your design is that your orange gateway's are not in the network listed in the route table. In GBAC, is not part of the subnet listed in the other routers.

You should be able to fill in the rest of the blanks for this plan.

nolan.dorsett Thu, 04/26/2007 - 11:51

Thats solid i understand that part its just that when i create the subinterfaces at gbac and the sub interfaces at fcp and put those on the same subnet how do i trunk them. Do i trunk them and use tagging on both ends or do i trunk one end and tag the next end. Talking about the link between fcp and gbac. Just give an example of how i would tag and trunk and that will be it man and thanks alot.

You only need to tag the traffic on the switch and sub-interface's.

If you have VLAN2 and VLAN3, you'll need the following:



switchport access vlan 2

switchport mode access


switchport access vlan 3

switchport mode access


switchport mode trunk

switchport trunk encapsulation dot1q


int fa0/1

no ip addr

int fa0/1.2

encapsulation dot1q 2

ip addr

int fa0/1.3

encapsulation dot1q 3

ip addr

The VLAN is only within each site. Once the traffic gets routed, it no longer needs to be tagged. Think about having a native VLAN, which is 1 by default. Everything else that would traverse the LAN must be tagged.

Nothing at all on these links would be tagged. These links between sites are layer 3. You're not tagging at layer 3.

nolan.dorsett Fri, 04/27/2007 - 07:15

Ok but the link from router to router jsut set subinterfaces on them put them in the same subnet and thats it i dont need to put then in a vlan or trunk these links

It depends on the technology. If you're just using point-point T1's or something, you'll use no sub interfaces between routers, and there will be no tagging between routers. It would just be a layer 3 routing decision between routers.

If you're doing frame-relay, you can use sub-interfaces, but you're still not tagging with VLAN's.

To put it simply, if you could tag your traffic with VLAN id's across the WAN, you wouldn't have to have routers (assuming that the service provider gave you an ethernet handoff).

nolan.dorsett Fri, 04/27/2007 - 08:42

In response to your last answer we have to do this using wireless links. picture a point to point connection between each router using wireless antennas will i need trunking, tagging, or anything and the router are layer 2 first then layer three which means everything has to be done on the vlan. So would any ports need to be tagged or trunked in this case or put in vlans. The only way for me to put an ip address on the interface of these routers is with vlans

nolan.dorsett Fri, 04/27/2007 - 10:14

But the links between router obviously will be on a vlan to put an ip address on them i assume both ends of the link will be in the same vlan, same subnet, can i just apply a vlan to the port and put an ip address on it or can i use subinterfaces with vlans attached to them. Please be detailed hopefully this is it. So i dont have to trunk these ports that link from router to router considering that data from each company is going to be trafficing these from each vlan i just need subinterfaces is any of this correct.

I think I am just missing something in your design...

If you look at the basics of two routers connecting to a switch in the same vlan, there are two ways.

1 -


Router1 - No tagging/sub-interfaces

Router2 - No tagging/sub-interfaces

Switch Fa0/2 - switchport mode access, switchport access vlan 10

Switch Fa0/1 - switchport mode access, switchport access vlan 10

2 -


Router1 - Encapsulation dot1q 10, sub-interface fa1/0.10

Router2 - Encapsulation dot1q 10, sub-interface fa2/0.10

Switch Fa0/2 - switchport mode trunk, switchport trunk encapsulation dot1q

Switch Fa0/1 - switchport mode trunk, switchport trunk encapsulation dot1q

Scenario 1 has no requirement of tagging by the routers. Scenario 2 requires tagging due to the fact that the router links are trunks.

If you take the switch out of the equation and have...


In this case, I don't know why you'd want this link to do anything but route.

Unless your project has another requirement, use sub-interfaces only within the site, and p2p links between sites. Each site will be able to get to each VLAN whether it is inter or intrasite providing that a route is present on the router.


This Discussion