Vlan Configuration in 12.4(24)T2

Answered Question
Feb 22nd, 2010

I need to configure port fa0/1/0 of a 4-port HWIC so that it is in vlan2 on our 1841.  In global config mode, vlan 2 is no longer a command you can use to create a vlan in 12.4(24)T2.  I need to configure fa0/1/0 to be in vlan 2 since fa0/1/0 is a layer 2 port, and I need to to apply a crypto map to the vlan interface, and then put fa0/1/0 in that vlan.  I have this working on 12.4(6), and I'm going to swap an 1841 that I've upgraded to 12.4(24)T2 with the router currently running 12.4(6).  Unfortunately, I don't have a 4 port HWIC to test with before I go to swap out the router so I can't just try different commands to see what works.  Thanks!

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 11 months ago

Hello R.D,.

the fact that the module is not present on the router may be the cause of the behaviour you see.

newer IOS images may perform a sanity check that wasn't done on older images.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Mon, 02/22/2010 - 10:18

Hello,

depending on the LAN module you may need to use the vlan database mode (the old mode used on standalone IOS LAN switches by the way)

see

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_hwic_ethsw_ic_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1046684

try

enable

vlan database

vlan 2

name test2

! write

apply

! write exit don't use crt-Z

exit

config change is committed by apply or exit command

Hope to help

Giuseppe

r.d.schnitzer Mon, 02/22/2010 - 10:30

Thanks for the reply.  Vlan 2 is now created in the vlan database, but I still cannot add "interface vlan 2" to the running-configuration.  On our 12.4(6) router we have an IP address and crypto map applied to that interface, and then on fa0/1/0 we have "switchport access vlan 2".  If there is a different way that I can now associate an IP address and crypto map with the fa0/1/0 port on the 4-port switch module, please let me know.

Giuseppe Larosa Mon, 02/22/2010 - 10:47

Hello R.D.,

well, under standard config mode you should be able  to add the interface vlan 2

check the existence of L2 vlan 2 with

sh vlans

if vlan2 exists as a L2 object

try

config t

interface vlan2

no shut

you need to explicitly issue the no shut to have it working

Hope to help

Giuseppe

r.d.schnitzer Mon, 02/22/2010 - 11:00

The vlan is created in the database, and the changes are applied.  I exited the database, did "show vlans", and no vlans were shown.  My concern is that the new IOS only allows you to create vlans using subinterfaces. I would like to do the following, but I'm doubtful that the 4-port HWIC is going to support it.

int fa0/1/0.2

ip address x.x.x.x

ip nat outside
ip virtual-reassembly

ip route-cache flow

crypto map testmap

Router#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.

Router(vlan)#show current
  VLAN ISL Id: 1
    Name: default
    Media Type: Ethernet
    VLAN 802.10 Id: 100001
    State: Operational
    MTU: 1500
    Translational Bridged VLAN: 1002
    Translational Bridged VLAN: 1003

  VLAN ISL Id: 2
    Name: VLAN0002
    Media Type: Ethernet
    VLAN 802.10 Id: 100002
    State: Operational
    MTU: 1500

  VLAN ISL Id: 1002
    Name: fddi-default
    Media Type: FDDI
    VLAN 802.10 Id: 101002
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Translational Bridged VLAN: 1
    Translational Bridged VLAN: 1003

  VLAN ISL Id: 1003
    Name: token-ring-default
    Media Type: Token Ring
    VLAN 802.10 Id: 101003
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Ring Number: 0
    Bridge Number: 1
    Parent VLAN: 1005
    Maximum ARE Hop Count: 7
    Maximum STE Hop Count: 7
    Backup CRF Mode: Disabled
    Translational Bridged VLAN: 1
    Translational Bridged VLAN: 1002

  VLAN ISL Id: 1004
    Name: fddinet-default
    Media Type: FDDI Net
    VLAN 802.10 Id: 101004
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Bridge Number: 1
    STP Type: IBM

  VLAN ISL Id: 1005
    Name: trnet-default
    Media Type: Token Ring Net
    VLAN 802.10 Id: 101005
    State: Operational
    MTU: 1500
    Bridge Type: SRB
    Bridge Number: 1
    STP Type: IBM

r.d.schnitzer Mon, 02/22/2010 - 11:11

I'm starting to wonder if this IOS version really allows you to make use of vlans.

Router(config)#vlan ?
  accounting  VLAN accounting configuration
  ifdescr     VLAN subinterface ifDescr

Router(config)#int fa0/1.2

Router(config-subif)#ip address 10.0.0.1 255.255.255.0

% Configuring IP routing on a LAN subinterface is only allowed if that

subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,

or ISL vLAN.

Router(config-subif)#?         
Interface configuration commands:
  arp             Set arp type (arpa, probe, snap) or timeout or log options
  backup          Modify backup parameters
  bandwidth       Set bandwidth informational parameter
  bfd             BFD interface configuration commands
  bgp-policy      Apply policy propagated by bgp community string
  bridge-group    Transparent bridging interface parameters
  cdp             CDP interface subcommands
  clns            CLNS interface subcommands
  crypto          Encryption/Decryption commands
  cwmp            Configure CPE WAN Management Protocol(CWMP) on this interface
  default         Set a command to its defaults
  delay           Specify interface throughput delay
  description     Interface specific description
  eigrp           EIGRP interface specific commands
  encapsulation   Set encapsulation type for an interface
  eou             EAPoUDP Interface Configuration Commands
  exit            Exit from interface configuration mode
  flow-sampler    Attach flow sampler to the interface
  glbp            Gateway Load Balancing Protocol interface commands
  ip              Interface Internet Protocol config commands
  isis            IS-IS commands
  iso-igrp        ISO-IGRP interface subcommands
  keepalive       Enable keepalive
  llc2            LLC2 Interface Subcommands
  logging         Configure logging for interface
  mtu             Set the interface Maximum Transmission Unit (MTU)
  netbios         Use a defined NETBIOS access list or enable name-caching
  no              Negate a command or set its defaults
  ntp             Configure NTP
  pppoe           pppoe interface subcommands
  pppoe-client    pppoe client
  rate-limit      Rate Limit
  routing         Per-interface routing configuration
  service-policy  Configure QoS Service Policy
  shutdown        Shutdown the selected interface
  snapshot        Configure snapshot support on the interface
  snmp            Modify SNMP interface parameters
  standby         HSRP interface configuration commands
  tarp            TARP interface subcommands
  timeout         Define timeout values for this interface
  traffic-shape   Enable Traffic Shaping on an Interface or Sub-Interface
  transport-opt   Enable Transport Optimization on an Interface or a Sub-Interface
  vrf             VPN Routing/Forwarding parameters on the interface
  vrrp            VRRP Interface configuration commands
  zone-member     Apply zone name

Giuseppe Larosa Mon, 02/22/2010 - 11:35

Hello,

test the following:

config t

interface vlan 2

ip address 10.10.10.1 255.255.255.0

no shut

end

Hope to help

Giuseppe

r.d.schnitzer Mon, 02/22/2010 - 11:43

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface vlan 2
                                    ^
% Invalid input detected at '^' marker.

Router(config)#interface ?
  Async               Async interface
  Auto-Template       Auto-Template interface
  BVI                 Bridge-Group Virtual Interface
  CDMA-Ix             CDMA Ix interface
  CTunnel             CTunnel interface
  Dialer              Dialer interface
  FastEthernet        FastEthernet IEEE 802.3
  Group-Async         Async Group interface
  Lex                 Lex interface
  Loopback            Loopback interface
  MFR                 Multilink Frame Relay bundle interface
  Multilink           Multilink-group interface
  Null                Null interface
  SSLVPN-VIF          SSLVPN Virtual Interface
  Serial              Serial
  Tunnel              Tunnel interface
  Vif                 PGM Multicast Host interface
  Virtual-Dot11Radio  Virtual dot11 interface
  Virtual-PPP         Virtual PPP interface
  Virtual-Template    Virtual Template interface
  Virtual-TokenRing   Virtual TokenRing
  range               interface range command
  vmi                 Virtual Multipoint Interface

glen.grant Mon, 02/22/2010 - 17:04

   Is the hwic installed and does the router recognize it ?   It should allow you to create the layer 3 SVI  , we use these all over .  12.4.24T2 should work fine.  Maybe post  the router config .  It shows in the vlan database ok . Pretty sure you cannot use subinterfaces on the hwic..

r.d.schnitzer Tue, 02/23/2010 - 07:03

The hwic is not currently installed into the upgraded router.  I unfortunately don't have a spare hwic.  Once I know I have the necessary configuration, I'm going to drive an hour north, shut down an 1841 router that is in use, put it's hwic into my upgraded spare, and then power it on.  On this spare, if I switch back to the 12.4(6)XE2 IOS, I again have the interface vlan command available.  The release notes indicate that it should still be a available in 12.4(24)T2 and 15.0(1)M, but as you can see from my earlier posts, this was not what I found.

r.d.schnitzer Tue, 02/23/2010 - 07:12

I'm currently just using the default configuration on the router, with a couple private IP addresses on the integrated ethernet ports.  Both ports are up and functional, but interface vlan is still not an accepted command in global config mode.

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
memory-size iomem 25
dot11 syslog
ip source-route
!        
!
!
!
ip cef
!
multilink bundle-name authenticated
!
!
!
!
!
license udi pid CISCO1841 sn FTX1033W0NK
!
redundancy
!
!
!
!
!
!
!
!
!        
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!        
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Correct Answer
Giuseppe Larosa Tue, 02/23/2010 - 09:16

Hello R.D,.

the fact that the module is not present on the router may be the cause of the behaviour you see.

newer IOS images may perform a sanity check that wasn't done on older images.

Hope to help

Giuseppe

r.d.schnitzer Tue, 02/23/2010 - 09:28

Thanks Giuseppe.  That would make the most sense.  The IOS may require you to use subinterfaces for vlans unless it detects a layer 2 hwic.  I will test this hypothesis tomorrow afternoon.

Actions

This Discussion