12-23-2008 07:48 AM - edited 03-06-2019 03:07 AM
Hi
I have a 877 router (IOS advipservices).
I wish to set up 3 vlans for 3 differents ip subnets, each one with different policies: 192.168.10.0/24 192.168.20.0/24 and 192.168.30.0/24.
So far i've set up 2 vlans.
Vlan 1 works fine: fastethernet0 is assigned to vlan 1 and it carry traffic for this network.
Vlan 2 instead, shows some problem:
FastEthernet1 up up
Vlan2 192.168.20.1 up down
Pings to the ip address fail andi cant figure the reason the interface doesn't want to go up
How can i bring it up? I want the traffic from one subnet to the other to be able to flow. (in other words, inter-vlan routing).
Thank you anticipately
Carlo
12-23-2008 07:53 AM
Hello Carlo,
you need to have a physical port associated to the vlan 2 that is up and in STP forwarding state
int fas1
swithcport mode access
switchport access vlan 2
int vlan2
no shut
be aware that some IOS releases doesn't allow to use more then two vlans on this platform
Hope to help
Giuseppe
12-24-2008 11:56 AM
Hi Giuseppe.
This is the relevant part of configuration:
!
interface FastEthernet 0
description ** Production **
!
interface Fastethernet 1
description ** Internet **
switchport access vlan 2
!
Both interfaces are in switchport mode access
Since vlan 1 is the deafult vlan, the switchport access vlan 1 is omitted
Furthermore, the int vlan 2 is not shutdown.
I don't know if this can be related to the IOS advipservicesk9-mz.124-6.T7
The FE interfaces, as i posted previously are up, however the vlan 2 stays up down.
12-24-2008 12:17 PM
Did you create Vlan 2 in the VTP database?
Please post the show vlan-switch output.
HTH,
__
Edison.
12-25-2008 12:31 AM
I notice i have only vlan 1, the vlan 2 doesn't appear with show vlan-switch. I guess i have to create the vlan 2 and then associate it to the interface vlan 2?
12-25-2008 09:08 AM
Hello Carlo,
>> I guess i have to create the vlan 2 and then associate it to the interface vlan 2?
yes you need to define vlan2 before you can use it.
Happy Christmas
Hope to help
Giuseppe
12-25-2008 09:11 AM
Carlo,
That's correct. The Vlan must be manually created in the Vlan DB. Vlan 1 automatically is created by the device. You already have the association so what you need to do is:
switch#vlan database
switch(vlan)#vlan 2
switch(vlan)#exit
HTH,
__
Edison.
Please rate helpful posts
12-25-2008 10:43 AM
It is just what i did, and in fact, i saw finally the 2nd vlan. (my fault was that i was trying to access to vlan database in config mode). Now i have to work on the associations between the vlans configured in the vlan database and the routed vlan interfaces.
Question: for security reasons (preventing for example vlan hopping) i wish to keep the default vlan 1 with no ports associated to it. However, the routed interface vlan 1 (IP 192.168.10.1) can be associated to another vlan? Or rather the interface vlan X can be associated only to the vlan X in the vlan database?
12-25-2008 10:48 AM
Carlo,
You are unable to delete Vlan 1 on the Vlan Database, but you don't need to create a routed interface for such Vlan.
All switchports by default are associated to Vlan 1 (you can see this behavior with the show vlan-switch output).
If you want to create routed Vlans and exclude the Vlan 1 from the topology, you are free to do so.
Create Vlan 3, for instance, in the Vlan Database - create the SVI for Vlan 3 and then associated the intended ports to Vlan 3.
HTH,
__
Edison.
Please rate helpful posts
12-25-2008 11:03 AM
Edison, i have at the moment configured in the vlan database vlan 1 and vlan 2 and interface vlan 1 and interface vlan 2, both with their own ip address.
I will create vlan 3 and 4 in the vlan database, associating then 1 port for each vlan (2, 3 and 4). At this point, im done at layer 2.
At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?) and then make the association with the respective vlan. Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?
12-25-2008 08:52 PM
Hi ,
Sorry to interupt ur post like this but i am facing a problem with (i suppose vlans) on 877 (adv Sec IOS) and thought u guys can help.
i cant seem to have my clients browse the internet.
iv setup 2 vlans (vlan1 for LAN and vlan2 for Internet device)
using PATTING for internet access (via vlan2 overload) my clients can ping google and etc but browsing doesnt work.
i was using a 2611 earlier and that worked without any problem..
any idea ??
12-25-2008 09:21 PM
Zaid,
It could be a MTU issue. Please open a new thread on this issue to avoid any confusion on this thread.
__
Edison.
12-25-2008 09:20 PM
At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?)
Correct and make sure the devices on each Vlan are pointing to the SVI IP address as their default gateway.
Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?
I'll have to look at the Vlan limitation on those units, but if you know for a fact is 4 Layer3 Vlans, then Vlan 1 will count towards the limit thus you won't have any more Vlans available. You can easily try it and see if it allows you to create additional Vlans in Layer2 and Layer3.
HTH,
__
Edison.
12-26-2008 11:18 AM
Thanks for your confirms, Edison!
For the 877 router i read there is a max of 4 dot1q vlans, so i can't afford to waste a vlan.
A last advice. In order to simplify the things, i was considering to implement for each vlan, a simple DHCP pool, like this one:
ip dhcp pool VLAN2
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
Once the 3 pools are created, each one with his own network, they are associated to the respective vlan by default?
For example: vlan 2, ip address 192.168.10.254 255.255.255.0. The pool VLAN2 will be associated to this SVI?
12-26-2008 01:01 PM
They will be associated together by address used in vlan 2 as well as in the pool. They will be the same subnet and that is what ties them.
Don't forget to add and exlusion statement for the vlan that the management terminal will be in ... if you plan on having one.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: