Connecting a 2821 Router and a 2960 switch

Unanswered Question
Feb 18th, 2010

Hello All,

I hope you can help me out a little bit here (and I hope I can make myself clear).

I have a 2821 Router, with a NME-X-23ES-1G card.  I also have a 2960 24 port switch.

My network is 189.238.114.0 with a subnet mask of .192.

I have configured the Gi0/0 port on the 2821 as IP 189.238.114.1.

I have configured the Vlan on the NME-X-23ES-1G card as IP 189.238.114.2

I have configured the 2960 Gi0/1 as 189.238.114.3

So far so good.

Now to connectivity.

I have a cross over cable coming from the 2821 Gi0/1 port to the GE1 (external label) port on the NME-X-23ES-1G.  This works and I have connectivity.  However I am wondering if I have to do this in this manner or can I somehow configure the 2821 router to talk to the NME-X-23ES-1G on the backplane or an internal port, without having to utilize the GE 1?  Or am I locked into using the GE 1 port of the NME-X-23ES-1G in this manner?

My other question relates to the best way to connect the 2960 switch.  Right now I have a crossover cable going from the FA1/0/2 port on the NME-X-23ES-1G to the Gi0/1 port on the 2960.  This works, but it seems like it's not ideal.  I would prefer to have the cable go from the Gi0/1 port on the 2821 to the Gi0/1 port on the 2960.  However I can not get this to work.  If I assign an IP address to the Gi0/1 port on the 2821 router I get an IP overflow error.  If i just leave it all at defaults, I get connectivity lights on both ends, but no pinging can be done.

I assume I need to enter some commands on the 2921 Gi0/1 port so it can route or forward to the Gi0/0 port.

I should be able to do this, right?

John Morgan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jerry Ye Thu, 02/18/2010 - 12:52

I can't find a document to support my claim but as far as I know, you need to connect the NME-X-23ES-1G to the GE port (0/0 or 0/1) on the 2800. You first method of connecting 2821 <-> NME <-> 2960 is the only way.

You cannot put the same subnet on both port of the 2821.

HTH,

jerry

Jmorgan1413_2 Thu, 02/18/2010 - 13:13

Thanks.  That was my assumption. And I'm ok with that.

I think I need to enter a different network and subnet on the Gi0/1 port on the 2821 and then set up a route between the gi0/0 and the gi0/1.  I just can't seem to get the syntax correct.  Any ideas on that?

John

Jerry Ye Thu, 02/18/2010 - 14:03

You don't need to set up any static route or routing protocol if the you are connecting 2 networks into the same router. All you have to do is turn on ip routing and it will show up as connected route in the routing table (use show ip route to verify it). The client (PC) will need to point that to their respective default gateway and that is it. You should be able to ping across.

HTH,

jerry

Jmorgan1413_2 Thu, 02/18/2010 - 14:34

Thanks Jerry,

I think it does help.  Unfortunately.

What you are saying is that any device I connect to the Gi0/1 port of the 2821 would need to be on a different network.  So, if I assigned the gi0/1 port an address of 192.168.0.1 255.255.255.0, I would then have to assign the vlan on the 2960 switch an ip address of 192.168.0.2 255.255.255.0 and any devices plugged into that 2960 would have to have address of 192.168.0.x?

So I would basically be splitting up my segment into 2 different networks and having the 2821 route between them?

Not sure if that's what I'm after.

Darn.

Jerry Ye Thu, 02/18/2010 - 15:07

That is not what I mean but splitting networks. Here is a quick diagram

PC1<->NME<->(G0/0) 2821 (G0/1)<->2960<->PC2

G0/0 will have IP address 192.168.0.1/24, PC1 will be 192.168.0.x/24

G0/1 will have IP address 192.168.2.1/24, PC2 will be 192.168.2.y/24

HTH,

jerry

Jmorgan1413_2 Thu, 02/18/2010 - 16:02

Jerry,

Thanks for the responses.

Your solution requires 2 networks and I only have one.  I was trying to avoid having to go to two networks if at all possible.

I ended up doing what I wanted by implementing IRB.  A co-worker saw me pulling what little is left of my hair out and said I might want to give that a whirl.  Basically I created a bridge group comprised of the two interfaces Gi0/0 and Gi0/1.  I then assigned an ip address and mask to this group and was able to connect Gi0/0 to the NME and Gi0/1 to the Gi0/0 port of the 2960.

It works well and does what I need.

Is there any reason that you know of that I should not do this?  Or is this an OK configuration?

John

Jerry Ye Thu, 02/18/2010 - 19:57

Hi John,

Doing IRB on a router will cause high CPU because it is done in software. I will avoid that as much as I can.

Regards,

jerry

glen.grant Thu, 02/18/2010 - 16:07

   Not sure why  you need to connect it that way . Just configure it to do the routing thru the etherswitch module .   Make a port on the etherswitch module a routed port with the address range  you want to use .  The other alternative is to create a layer 2 vlan ,  a corresponding layer 3 SVI and then assign the port into that vlan .  G0/1 doesn't have to be involved at all if you don't want it to be and can be used for another purpose..  That module is basically a 3750 on a stick .  If you need to feed the same address space to multiple switches create a layer 2 vlan , a layer 3 SVI  and then assign multiple ports off the etherswitch vlan  to whatever devices  you need to feed.  You can feed the same subnet to as many devices as you have ports on that switch if thats what you wanted.

vlan database

vlan 2

exit

conf  t

int vlan 2

ip address 192.168.X.X 255.255.255.192

Switch

int f`1/0/1

switchport

switch access vlan 2

int f`1/0/2

switchport

switchport access vlan 2

etc.....

Jmorgan1413_2 Thu, 02/18/2010 - 20:08

Thanks for all your attempts at an answer.

I'm sort of at a loss here.  I thought I had it all done right, but then started running into a weird problem.

If i use IE and http into the switch's IP address and log in it all seems to work ok.  But then when the Etherswitch Service Module Device Manager comes up and I click on "Configure" and then "Port Settings" the switch module completely resets itself.  It happens every time and I don't know why.  I've used multiple cables and laptops and the same thing happens.  Everytime.  I obviously can not put this into production like this as I don't know if it will just reset itself randomly.

I am posting the configs of my router and my Switch Module and hoping that maybe you can see something I am doing wrong.  It's got to be apparent that I'm not all that familiar with what I am doing.

Here's my Router config:

!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname OAHRTSPO01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$vduM$EbL.kfX39jCKE5ld0nZuA1
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain name xxx.xxx.xxx
ip name-server 142.44.96.32
ip name-server 142.44.48.32
multilink bundle-name authenticated
!
!
!
username Administrator privilege 15 secret 5 $1$VzdP$MispjLQ9a3/08uRr4ke9O1
archive
log config
  hidekeys
!
!
ip tcp synwait-time 10
bridge irb
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex full
speed 1000
no mop enabled
bridge-group 1
!
interface GigabitEthernet0/1
no ip address
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex full
speed 1000
no mop enabled
bridge-group 1
!
interface Serial0/0/0
description $FW_OUTSIDE$$ES_WAN$
ip address 142.55.209.246 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface GigabitEthernet1/0
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
interface BVI1
ip address 189.238.114.1 255.255.255.192
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 142.55.209.245
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
no cdp run
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end

Here is the Switch Config (I reverted it to default, so I don't have much configured)

sh run
Building configuration...

Current configuration : 1361 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname OAHSWSPO01
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11

interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
no switchport
no ip address
!
interface Vlan1
ip address 189.238.114.2 255.255.255.192
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
login
length 0
line vty 5 15
login
!
end

OAHSWSPO01#

Jerry Ye Thu, 02/18/2010 - 20:15

Your G0/0 and G0/1 is hard coded 1000/FULL but the ESM is AUTO/AUTO. Try to match the configuration on both to 1000/FULL or AUTO/AUTO to see if that improve or not.

Also what is on port G1/0? is that ESM? Why you have IP address configured on it?

Regards,

jerry

Jmorgan1413_2 Fri, 02/19/2010 - 03:32

Yes.   The G1/0 is the ESM.  I was told I needed an IP address to manage it.

Is that incorrect?

glen.grant Fri, 02/19/2010 - 04:36

   You are correct you need an ip address on g1/0 to be able to get into the ESM . This is the internal bus attached interface to the router backplane.This allows you to session into module.  I would  use 189.238.114.1 , put that  G1/0  , then session into the module put the other address (189.238.114.2) on vlan 1   and then create a default static route pointing to the external G1/0 interface address , this is how the ESM talks to the router thru that interface .

http://www.cisco.com/en/US/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1926257

Jmorgan1413_2 Fri, 02/19/2010 - 06:59

First of all I would like to thank both of you guys for all the answers.  I truly appreciate you

taking the time to help someone who should probably be forcibly kept away from any router configurations.

So, to get this correct, you are saying that I should put the .1 address on the G1/0 interface and then .2 on the VLAN1 interface of the switch?

I was putting the .1 on the Gi0/0 port (before I implemented IRB - which I will be removing).  I was then using that as my default gateway for devices on the segment.

Do I even need to configure the Gi0/0 and Gi0/1 ports at all?

If I configure it the way you suggest, would I then use .1 as my gateway address for connected devices?  And how would I Telnet to the Router in that scenario?

My thought was this:

.1 is the Gi0/0 of the 2821.

.2 is the vlan of the ESM.

And a private IP (10.0.0.1) is the address of the G1/0

You are saying

.1 is the G1/0 (ESM)

.2 is the Vlan of the ESM

In that scenario I dont really have an IP address for the router, besides the Serial port.

I think I'm almost there, I'm just a little confused still

John

Actions

This Discussion