Layer 2 HWIC 4 Port routing?

Unanswered Question
Sep 23rd, 2010

Hi All,

I'm looking for some urgent help please.

I have a Cisco 1901 router with 2 onboard Gigabit Ethernet ports that are configured as a BVI due to an unusual config with the ISP (it works!).

I also need to route/NAT to from 2 or 3 other subnets and requested my reseller to provide a 4 port HWIC which they did.

I tried to apply ip addressing to the FastEthernet ports only to receive a message stating it wasn't possible on a Layer 2 port.

I therefore created a vlan and assigned it an ip address and subnet mask from a subnet I wished to route traffic through. I assigned the vlan to the Layer 2 FastEthernet port but cannot ping or route through it.

Is this even possible or am I banging my head against a very solid wall.

Regards

Simon...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 09/23/2010 - 14:14

Simon

They are L2 ports only but you should be able to do the vlan setup that you have tried. Might be an idea to post the config together with details of what test(s) you have run.

Jon

accurisit Thu, 09/23/2010 - 14:47

Configuration:

bridge irb

!

!

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

bridge-group 1

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

bridge-group 1

!

interface FastEthernet0/0/0

description SS7

switchport access vlan 10

!

interface FastEthernet0/0/1

switchport access vlan 20

!

interface FastEthernet0/0/2

shutdown

!

interface FastEthernet0/0/3

shutdown

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 10.150.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan20

ip address 10.30.1.253 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface BVI1

description **** WAN Link to ISP IP Network ****

ip address a.b.c.b 255.255.255.192

ip nat outside

ip virtual-reassembly

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat pool lan a.b.c.a a.b.c.a netmask 255.255.255.192

ip nat inside source list 5 pool lan overload

ip nat inside source static 10.30.1.32 a.b.c.d

ip nat inside source static 10.30.1.5 a.b.c.e

ip nat inside source static 10.30.1.42 a.b.c.f

ip route 0.0.0.0 0.0.0.0 87.198.157.1

ip route 87.198.157.4 255.255.255.255 a.b.c.g

ip route 87.198.157.6 255.255.255.255 a.b.c.g

ip route 87.198.157.8 255.255.255.255 a.b.c.g

ip route 87.198.157.9 255.255.255.255 a.b.c.g

ip route 87.198.157.10 255.255.255.255 a.b.c.g

ip route 87.198.157.11 255.255.255.255 a.b.c.g

ip route 87.198.157.20 255.255.255.255 a.b.c.g

ip route 87.198.157.22 255.255.255.255 a.b.c.g

ip route 87.198.157.45 255.255.255.255 a.b.c.g

!

access-list 5 permit 10.150.1.0 0.0.0.255

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

TESTS

Ping 10.30.1.253 from router itself.

Tried to ping 10.30.1.253 from 10.30.1.0 subnet.

Tried to route through 10.30.1.253 from 10.30.1.0 subnet.

All tests failed.

Regards

Simon...

Jon Marshall Thu, 09/23/2010 - 14:50

Can you post output of "sh ip int brief".

I'm assuming you created the vlan at L2 ?

Jon

accurisit Thu, 09/23/2010 - 14:56

Thanks Jon.

interface FastEthernet0/0/0 & interface FastEthernet0/0/1 are the 2 in question.

As you've probably guessed I'm masking the Public IPs with a.b.c.x.

Output:

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         unassigned      YES manual up                    up

GigabitEthernet0/1         unassigned      YES NVRAM  up                    up

FastEthernet0/0/0          unassigned      YES unset  down                  down

FastEthernet0/0/1          unassigned      YES unset  up                    up

FastEthernet0/0/2          unassigned      YES unset  administratively down down

FastEthernet0/0/3          unassigned      YES unset  administratively down down

Vlan1                      unassigned      YES manual up                    down

Vlan20                      10.30.1.253     YES manual up                    down

Vlan10                     10.150.1.1      YES manual up                    down

NVI0                       unassigned      NO  unset  up                    up

BVI1                       a.b.c.b    YES manual up                    up

Jon Marshall Thu, 09/23/2010 - 15:14

Simon

The problem is your vlan interfaces are up/down ie. they are not up so they won't respond to anything.

Did you create the vlan at L2 and not just the L3 vlan interface ie.

either -

router(config)# vlan

or

router# vlan database

router(...)# vlan

sorry i can never remember which one it is on these routers !

Jon

accurisit Thu, 09/23/2010 - 15:22

Not sure if this helps:

Router#sh spanning-tree vlan 20

VLAN20 is executing the ieee compatible Spanning Tree protocol

  Bridge Identifier has priority 32768, address 68ef.bd9a.af63

  Configured hello time 2, max age 20, forward delay 15

  We are the root of the spanning tree

  Topology change flag not set, detected flag not set

  Number of topology changes 0 last change occurred 04:37:27 ago

  Times:  hold 1, topology change 35, notification 2

          hello 2, max age 20, forward delay 15

  Timers: hello 0, topology change 0, notification 0, aging 300

Port 2 (FastEthernet0/0/1) of VLAN20 is broken (Port Type Mismatch)

   Port path cost 19, Port priority 128, Port Identifier 128.2.

   Designated root has priority 32768, address 68ef.bd9a.af63

   Designated bridge has priority 32768, address 68ef.bd9a.af63

   Designated port id is 128.2, designated path cost 0

   Timers: message age 1, forward delay 14, hold 0

   Number of transitions to forwarding state: 0

   BPDU: sent 8318, received 0

Jon Marshall Thu, 09/23/2010 - 15:32

Simon

Can you post -

"sh vlan database" or "sh vlan brief"

Can you modify fa0/0/1 to be -

int fa0/0/1

switchport mode access

switchport access vlan 20

spanning-tree portfast

then shutdown fa0/0/1 and vlan 20 and then do a "no shut" on each interface.

Jon

accurisit Thu, 09/23/2010 - 15:58

Jon,

Got this message and as this connects directly into a switch will it cause an issue?

Router(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host.

Connecting hubs, concentrators, switches,  bridges, etc.to this interface

when portfast is enabled, can cause temporary spanning tree loops.

Use with CAUTION

%Portfast has been configured on FastEthernet0/0/1 but will only

have effect when the interface is in a non-trunking mode.

I can now ping 10.30.1.253 from the router but not from anywhere else or to anywhere else on the 10.30.1.0 subnet.

Router#sh int vlan 20

Vlan20 is up, line protocol is up

  Hardware is EtherSVI, address is 68ef.bd9a.af63 (bia 68ef.bd9a.af63)

  Internet address is 10.30.1.253/24

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 0/255

  Encapsulation ARPA, loopback not set

  Keepalive not supported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:11:31, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1 packets input, 92 bytes, 0 no buffer

     Received 1 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     70 packets output, 4744 bytes, 0 underruns

     0 output errors, 2 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

Simon

Jon Marshall Thu, 09/23/2010 - 16:20

Simon

What is connected into fa0/0/1 ? is it a switch or is it your laptop. If it is a switch then you should not have "spanning-tree portfast". I assumed it was the laptop.

Also if it is a switch and your laptop is connected to that switch how have you configured the switch ? Can you post config and indicate which port is the link to fa0/0/1 and which your laptop is connected to.

Where are the other clients in the same vlan connected to ?

Jon

accurisit Thu, 09/23/2010 - 16:33

Jon,

What is connected into fa0/0/1 ? is it a switch or is it your laptop. If it is a switch then you should not have "spanning-tree portfast". I assumed it was the laptop.

Connected to a switch.

Also if it is a switch and your laptop is connected to that switch how have you configured the switch?

I'm connected over Telnet via the BVI1.

Can you post config and indicate which port is the link to fa0/0/1 and which your laptop is connected to.

Laptop remote.

Where are the other clients in the same vlan connected to ?

Connected to the switch.

Thanks

Simon

Jon Marshall Thu, 09/23/2010 - 16:44

Simon

Then need to see the switch config.

Have you set the default-gateway of all the other clients in that vlan to be the fa0/0/1 ip address ?

Are all the ports for the clients configured to be in vlan 20 ?

Presumably you are trying to ping the other clients ? - do you have personal firewalls on the PC's that could be blocking the pings ?

Jon

accurisit Fri, 09/24/2010 - 04:51

This has now been resolved. Not sure if it's the textbook answer but it works.

********************************************

interface FastEthernet0/0/1

switchport trunk native vlan 20

switchport mode trunk

interface Vlan20

ip address 10.30.1.253 255.255.255.0

ip nat inside

ip virtual-reassembly

********************************************
Thanks for all of your assistance Jon
Jon Marshall Fri, 09/24/2010 - 07:51

Simon

So the port on the switch connecting to fa0/0/1 was configured as a trunk link. That would explain your STP output.

Thanks for letting me know you fixed it.

Jon

Actions

This Discussion