what is the best 2500 ios for vlan labs

Unanswered Question
Dec 19th, 2007


what is the best ios for 2500s in a home lab to practus vlan cfg

i have 2 2514s and a 2501

serial links in delta config using frame

"simulated wan links"

and 6 1924s running V9.00.06

passed intro going for icnd2

to fill ccna

thanks in advance for your help

jeff larson

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Wed, 12/19/2007 - 10:17


I am not sure that any 2500 router supports VLANs. This is mostly a restriction of the chip set used in the Ethernet interfaces. To practice VLAN I believe that you would need a different router model.



Kevin Dorrell Thu, 12/20/2007 - 00:55


I can confirm that: 2500s do not support VLANs in any way. They can be great for other things, but not for VLANs. (The best IOS I know for testing other stuff on a 2500 is 12.2(15)T17 IP-Plus, 'cos it supports things like IPv6, OSPFv3, IPv6 BGP, etc., but it does have some bugs.)

When I was using mainly 2500s, I used to adapt test scenarios as far as possible. I had a full-msh FR switch connecting all my routers. Where the scenario had a VLAN with only two members, I could replace it with a FR P2P link, with the necessary frame maps and OSPF tweaks. Where the scenario had more than two members on a VLAN, and one of them was a 2500, I would have to workaround with FR P2P links and a bridge. It's an ingenuity test!

Nowadays, 2600s are becoming so cheap on eBay that it is not really worth struggling with 2500s, except perhaps as hosts, or FR switches, or as backbone route generators. I finally passed my 2500s down the chain a couple of weeks ago, replacing them with 2611 XMs.

Kevin Dorrell


jefflarson Sat, 12/22/2007 - 08:56

hiya kevin

well time to get off my wallet

i am looking at some 2600s now

by looking at current cfg "atached"

can my 2500s remain as backbone and route

vlan packets to a 2600 that would handle

the vlan traffic and acls for the all the 1924s ?

this is the stuff upgrades are made of keeping

what works in place and adding one 2600 to the stack to get inter-vlan routing wich really is a small amount of traffic

only high level administrative nodes will have access to other vlans or be a member of multiple vlans i think??

thanks in advance for your help

jeff larson

Richard Burts Sat, 12/22/2007 - 14:28


Perhaps I am not understanding well what you are proposing to do and perhaps could understand better if I could see where the 2600 were going to go. I am having trouble seeing how this could work. If the switches connected to the 2500 are doing more than 1 VLAN I think that you will have trouble. The 2500s should recognize the frames in the native VLAN (because they are not tagged) but I think that the 2500s will have problems with frames in the other VLANs and will probably drop them.

If you want to experiment with VLANs I think that you need to get your 2600 and to re-think the topology of the network. There may be some useful things to do with the 2500s but forwarding when more than one VLAN is directly connected will not work.

As I think about it there is a topology which might work (and not need a 2600) if 3 VLANs were enough. Instead of a topology with routers in the middle and switches at the edges connected to the routers to talk to other switches, what if you put the switches into a cloud in the middle. Configure 3 VLANs on the switches and trunking between the switches. Then connect the 2501 to one switch in an access port in one VLAN. Then connect 2514-1 to another switch on an access port in the second VLAN. And connect 2514-2 to another switch on an access port in the third VLAN. Then connect the 3 routers by their serial ports (as you have in the diagram) with the serial links as routed subnets. In this way you will have each 2500 as the default gateway for one VLAN and will have routed access between the 3 VLANs.



Richard Burts Sat, 12/22/2007 - 14:33


After reading through the thread again I come back to your expression in the response to Kevin where you advocate keeping what works and building on that. It seems to me that we need some clarification about what your real objectives are for this lab which will help us recognize what works - or does not work.

If your objective with VLANs focuses on configuration of VLANs and trunking between VLANs on the switches then my suggestion of an alternate topology would work. But if your objective for this lab is to get experience with inter-vlan routing on a router (to do subinterfaces and trunking to the router) then 2500s do not work and you need to replace them with 2600s.



jefflarson Mon, 12/24/2007 - 10:43

hiya rick

lets just think of this topology as a existing

small bizz

theay want to keep in place there existing net

wan links and all

now theay want inter vlan routeing

can this be done by adding 1 2600 to 1 site

and this one router handles all inter-vlan

routing at all sites through wan links

can the 2500s forward the ip vlan packets to

the 2600 for intervlan routing decisions ?

i see myself contracting small upgrades like this in the future

not all bizz will want to tear it all down and start over

theay will probly want a patch to get them by

or replace one pice at a time

to minimize downtime and cost$$

thanks for your help

jeff larson

Richard Burts Mon, 12/24/2007 - 11:00


Given the situation that you describe I do not see much practical alternative to replacing the 2500s with something capable of processing VLANs.

As I tried to explain in a previous post the 2500s will not understand (and will not forward) any VLAN tagged frames. So no - placing a single 2600 into the network will not allow it to process intervlan routing for all the sites.

In your original post I assumed that we were talking about a lab situation, and attempts to extend the usefulness of the 2500s is appropriate. But in the context of any small bizz that wants to get into a VLAN environment, they should face the reality that an upgrade of their routers would be necessary to support the VLAN capability at each site.

If the small bizz does not want to start over they should recognize that they will not have VLANs. If no VLANs is adequate to their current business environment then their current routers are ok. If their business environment needs VLAN capability then their business environment needs upgraded routers (it part of the cost of growth).



jefflarson Mon, 12/24/2007 - 12:29

hiya rick

so i figured that isl framing would not work

but i thought dotq would be routed based on ip

but your saying the little dotq tag in the type field prevents even the dotq ip packets from being routed to a 2600 for intervlan routing

is that what you are saying here ?

Richard Burts Mon, 12/24/2007 - 22:35


The only thing that the 2500 can understand and route is a simple Ethernet frame - no VLAN information. Any Ethernet frame that has VLAN identification (either ISL or dot1Q) coming into the 2500 Ethernet interface will be dropped.



jefflarson Tue, 12/25/2007 - 06:30

hiya rick

ok got it

ill just fiddle around with other things

untill i get some 2600s

thanks for the help


jefflarson Tue, 12/25/2007 - 06:35

hiya csco11331076

122-12b is ??

the best os for icnd2 labs ??



This Discussion