Vlans on 877

Unanswered Question
Dec 23rd, 2008

Hi

I have a 877 router (IOS advipservices).

I wish to set up 3 vlans for 3 differents ip subnets, each one with different policies: 192.168.10.0/24 192.168.20.0/24 and 192.168.30.0/24.

So far i've set up 2 vlans.

Vlan 1 works fine: fastethernet0 is assigned to vlan 1 and it carry traffic for this network.

Vlan 2 instead, shows some problem:

FastEthernet1 up up

Vlan2 192.168.20.1 up down

Pings to the ip address fail andi cant figure the reason the interface doesn't want to go up

How can i bring it up? I want the traffic from one subnet to the other to be able to flow. (in other words, inter-vlan routing).

Thank you anticipately

Carlo

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
Giuseppe Larosa Tue, 12/23/2008 - 07:53

Hello Carlo,

you need to have a physical port associated to the vlan 2 that is up and in STP forwarding state

int fas1

swithcport mode access

switchport access vlan 2

int vlan2

no shut

be aware that some IOS releases doesn't allow to use more then two vlans on this platform

Hope to help

Giuseppe

Carlo Zaina Wed, 12/24/2008 - 11:56

Hi Giuseppe.

This is the relevant part of configuration:

!

interface FastEthernet 0

description ** Production **

!

interface Fastethernet 1

description ** Internet **

switchport access vlan 2

!

Both interfaces are in switchport mode access

Since vlan 1 is the deafult vlan, the switchport access vlan 1 is omitted

Furthermore, the int vlan 2 is not shutdown.

I don't know if this can be related to the IOS advipservicesk9-mz.124-6.T7

The FE interfaces, as i posted previously are up, however the vlan 2 stays up down.

Edison Ortiz Wed, 12/24/2008 - 12:17

Did you create Vlan 2 in the VTP database?

Please post the show vlan-switch output.

HTH,

__

Edison.

Carlo Zaina Thu, 12/25/2008 - 00:31

I notice i have only vlan 1, the vlan 2 doesn't appear with show vlan-switch. I guess i have to create the vlan 2 and then associate it to the interface vlan 2?

Giuseppe Larosa Thu, 12/25/2008 - 09:08

Hello Carlo,

>> I guess i have to create the vlan 2 and then associate it to the interface vlan 2?

yes you need to define vlan2 before you can use it.

Happy Christmas

Hope to help

Giuseppe

Edison Ortiz Thu, 12/25/2008 - 09:11

Carlo,

That's correct. The Vlan must be manually created in the Vlan DB. Vlan 1 automatically is created by the device. You already have the association so what you need to do is:

switch#vlan database

switch(vlan)#vlan 2

switch(vlan)#exit

HTH,

__

Edison.

Please rate helpful posts

Carlo Zaina Thu, 12/25/2008 - 10:43

It is just what i did, and in fact, i saw finally the 2nd vlan. (my fault was that i was trying to access to vlan database in config mode). Now i have to work on the associations between the vlans configured in the vlan database and the routed vlan interfaces.

Question: for security reasons (preventing for example vlan hopping) i wish to keep the default vlan 1 with no ports associated to it. However, the routed interface vlan 1 (IP 192.168.10.1) can be associated to another vlan? Or rather the interface vlan X can be associated only to the vlan X in the vlan database?

Edison Ortiz Thu, 12/25/2008 - 10:48

Carlo,

You are unable to delete Vlan 1 on the Vlan Database, but you don't need to create a routed interface for such Vlan.

All switchports by default are associated to Vlan 1 (you can see this behavior with the show vlan-switch output).

If you want to create routed Vlans and exclude the Vlan 1 from the topology, you are free to do so.

Create Vlan 3, for instance, in the Vlan Database - create the SVI for Vlan 3 and then associated the intended ports to Vlan 3.

HTH,

__

Edison.

Please rate helpful posts

Carlo Zaina Thu, 12/25/2008 - 11:03

Edison, i have at the moment configured in the vlan database vlan 1 and vlan 2 and interface vlan 1 and interface vlan 2, both with their own ip address.

I will create vlan 3 and 4 in the vlan database, associating then 1 port for each vlan (2, 3 and 4). At this point, im done at layer 2.

At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?) and then make the association with the respective vlan. Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?

zaidumer Thu, 12/25/2008 - 20:52

Hi ,

Sorry to interupt ur post like this but i am facing a problem with (i suppose vlans) on 877 (adv Sec IOS) and thought u guys can help.

i cant seem to have my clients browse the internet.

iv setup 2 vlans (vlan1 for LAN and vlan2 for Internet device)

using PATTING for internet access (via vlan2 overload) my clients can ping google and etc but browsing doesnt work.

i was using a 2611 earlier and that worked without any problem..

any idea ??

Edison Ortiz Thu, 12/25/2008 - 21:21

Zaid,

It could be a MTU issue. Please open a new thread on this issue to avoid any confusion on this thread.

__

Edison.

Edison Ortiz Thu, 12/25/2008 - 21:20

At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?)

Correct and make sure the devices on each Vlan are pointing to the SVI IP address as their default gateway.

Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?

I'll have to look at the Vlan limitation on those units, but if you know for a fact is 4 Layer3 Vlans, then Vlan 1 will count towards the limit thus you won't have any more Vlans available. You can easily try it and see if it allows you to create additional Vlans in Layer2 and Layer3.

HTH,

__

Edison.

Carlo Zaina Fri, 12/26/2008 - 11:18

Thanks for your confirms, Edison!

For the 877 router i read there is a max of 4 dot1q vlans, so i can't afford to waste a vlan.

A last advice. In order to simplify the things, i was considering to implement for each vlan, a simple DHCP pool, like this one:

ip dhcp pool VLAN2

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

Once the 3 pools are created, each one with his own network, they are associated to the respective vlan by default?

For example: vlan 2, ip address 192.168.10.254 255.255.255.0. The pool VLAN2 will be associated to this SVI?

richard.m.gilbert Fri, 12/26/2008 - 13:01

They will be associated together by address used in vlan 2 as well as in the pool. They will be the same subnet and that is what ties them.

Don't forget to add and exlusion statement for the vlan that the management terminal will be in ... if you plan on having one.

Carlo Zaina Fri, 01/02/2009 - 12:45

Well, in the end i did it!

Created the 3 vlans, each one with his own DHCP pool and access-lists.

Thank you all for your support!

Actions

This Discussion