Cisco 871 and changing Interface BVI Association?

Answered Question
Oct 9th, 2007

I am using Cisco 871's for remote employee's. The 871 is configured with a Guest and private SSID. I have successfully configure all aspects of wireless and EasyVPN (on the private SSID only). I now need to configure the BVI association for each ethernet port.

For example, I would like FA0 and FA1 to use my Guest BVI and FA2 and FA3 to use the other BVI. How do I do this?

Thanks,

J

Correct Answer by Paolo Bevilacqua about 9 years 4 months ago

First of all check that you and have advanced ip services image. That is needed for configuring vlan on lan interfaces.

then just make the port access for the vlan you want:

interface fa1

switchport access vlan 2 (or whatever BVI numbers and bridge-group you have)

fa0 being the "wan port" is a bit different. if you don't use for wan you would bridge-group for it:

interface fa0

no ip address

bridge-group 2 (or whatever)

hope this helps, please rate post if it does!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Paolo Bevilacqua Tue, 10/09/2007 - 16:00

First of all check that you and have advanced ip services image. That is needed for configuring vlan on lan interfaces.

then just make the port access for the vlan you want:

interface fa1

switchport access vlan 2 (or whatever BVI numbers and bridge-group you have)

fa0 being the "wan port" is a bit different. if you don't use for wan you would bridge-group for it:

interface fa0

no ip address

bridge-group 2 (or whatever)

hope this helps, please rate post if it does!

jksnook Tue, 10/09/2007 - 16:37

Thanks for the quick reply.

I may be confused on the differences between VLAN's and BVI.

When I view VLAN's in Vlan Database I only have Vlan 1. However I have interface vlan1 and interface vlan2. These apparently are not the same as setting "switchport access".

Also, when trying to assign fa0 to a bridge-group I receive the following error:

"FastEthernet0 does not support bridging"

What am I missing?

Paolo Bevilacqua Tue, 10/09/2007 - 16:54

These are all correlated and can be confusing.

In practice, all numbers have to match, as well with bridge-group. Stay with me as the tough part is the following:

vlan1, vlan2, etc all identify a router "virtual port" internally connected to the 4-port switch of FA1-4. These VLANs will be created in the LAN database once you assign a "switchport vlan access" to something different than the default of 1.

Because you have wireless, and because wireless interfaces don't support routing, you must use bridging, and for this you have configured the BVI. BVI again is a kind of "virtual interface" that the router presents to an internal bridge.

Now comes the cool part. You must bind these two virtual interfaces together so that the correct bridge-group (ultimately derived by wireless ssid) is matched the correct bvi, vlan and physical wired interface. This is done with the bridge-group and switchport commands in my post above.

Finally, about FA0, I didn't know that it doesn't support bridging, but it makes sense as it is meant to be the IP access port for the 871 router, not an additional port for VLAN like 1-4.

I hope all this makes some sense to you :)

jksnook Tue, 10/09/2007 - 17:05

That was very clearly stated, Thank you.

It does make sense. And what appears to be the issue at hand now is the flash version I am using. The default flash when shipped is the Advanced Security, it appears that I need the Advanced IP Services to create a "Vlan 2".

Does Advanced IP services have all the features of Advanced security plus some? Or are they completely different feature sets with different intended functions?

Paolo Bevilacqua Tue, 10/09/2007 - 17:19

Advanced IP service is a superset of the image you have now, needed to do all these vlan things as in your case.

as a recognition to those providing answers, please rate useful posts using the scrollbox below!

Actions

This Discussion