×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Issue when adding sub-interfaces to a router

Answered Question
Jan 6th, 2012
User Badges:

We have a 2811 router (IOS v 12.4(25)) which currently port F0/0 is connected to a 6509-E switch (6509-E1, IOS v 12.2(18)) via port f4/43 configured as a switchport in VLAN 502. Port f0/1 on the 2811 has a public IP address for PAT. Our public wireless goes thru a 4402 WLC which is on another 6509-E switch (6509-E2, IOS v 12.2(18)). The current IP network on VLAN 502 is 10.50.2. The setup of this network is working fine now but we do need to expand by adding more VLANs for other guest wireless networks.


My goal is to create sub interfaces on port F0/0 on the 2811 for different VLANs for our different guest wireless networks and change VLAN 502 IP addressing to 172.31. When I implement the configuration below from the 4402 WLC I cannot ping IP address 172.31.255.254 which is subinterface f0/0.502 on the 2811. I setup the configuration in GNS3 which worked without a problem, minus the 4402 which I substituted a router.


Appreciate any help.

Jeff



2811 Router:

ip dhcp pool 502

   network 172.31.0.0 255.255.0.0

   dns-server 66.155.216.122 8.8.8.8

   default-router 172.31.255.254

   lease 0 1


ip dhcp pool 600

   network 10.60.0.0 255.255.255.0

   dns-server 66.155.216.122 8.8.8.8

   default-router 10.60.0.254

   lease 14


access-list 1 permit 172.31.0.0 0.0.255.255

access-list 1 permit 10.60.0.0 0.0.0.255


ip nat inside source list 1 interface FastEthernet0/1 overload


int f0/0

no ip address 10.50.2.254 255.255.252.0

no ip nat inside

no ip virtual-reassembly


int f0/0.502

ip nat inside

encapsulation dot1q 502

ip address 172.31.255.254 255.255.0.0

no shut


int f0/0.600

ip nat inside

encapsulation dot1q 600

ip address 10.60.0.254 255.255.255.0

no shut



6509E-1:


int f4/43

switchport

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 502

switchport trunk allowed vlan add 600



6509E-2:


int g3/2

switchport

switchport mode trunk

switchport trunk encapsulation dot1q



4402 WLC:

Interface Public_Wireless

VLAN 502

IP Address: 172.31.255.250

Correct Answer by Peter Paluch about 5 years 7 months ago

Jeff,


Let's make a smaller config change. The 2811 should be modified as follows (the commands are ready to be directly pasted to your config):


interface FastEthernet0/0

no ip address

no ip nat inside


interface FastEthernet0/0.502

encapsulation dot1q 502

ip address 10.50.2.254 255.255.255.0

ip nat inside


The 6509 should be modified as follows:


interface FastEthernet4/43

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 502

spanning-tree portfast trunk


This reconfiguration should retain the same functionality as you currently have, yet change the communication with the router to a 802.1q-tagged traffic on the VLAN 502. If everything is OK, this configuration should not cause any longer-term connectivity issues without adding any additional functionality.


If this works, we can proceed in adding new VLANs and readdressing your VLAN502. Can you try to implement this intermediary step please?


Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jeff6strings Wed, 01/11/2012 - 09:45
User Badges:

Bumping in the hopes someone could provide some feedback.

Thank you,


Jeff

Peter Paluch Wed, 01/11/2012 - 09:57
User Badges:
  • Cisco Employee,

Hi Jeff,


Currently, the configuration does not contain any obvious errors.


Let's start from something that currently works: can you please post the current configuration of:


  • Fa0/0 on your 2811 router (I also assume there are no subinterfaces under the Fa0/0 presently)
  • Fa4/43 on your C6509


Thanks!


Best regards,

Peter

jeff6strings Wed, 01/11/2012 - 10:05
User Badges:

Peter,


Yes there are no subinterfaces on the 2811 at this time. Here is the current config on both units interface.

Thanks again,

Jeff


2811:

Int f0/0

ip address 10.50.2.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex full

speed 100


6509E:

Fa4/43

switchport

switchport access vlan 502

no ip address

speed 100

duplex full

spanning-tree portfast

Correct Answer
Peter Paluch Wed, 01/11/2012 - 10:23
User Badges:
  • Cisco Employee,

Jeff,


Let's make a smaller config change. The 2811 should be modified as follows (the commands are ready to be directly pasted to your config):


interface FastEthernet0/0

no ip address

no ip nat inside


interface FastEthernet0/0.502

encapsulation dot1q 502

ip address 10.50.2.254 255.255.255.0

ip nat inside


The 6509 should be modified as follows:


interface FastEthernet4/43

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 502

spanning-tree portfast trunk


This reconfiguration should retain the same functionality as you currently have, yet change the communication with the router to a 802.1q-tagged traffic on the VLAN 502. If everything is OK, this configuration should not cause any longer-term connectivity issues without adding any additional functionality.


If this works, we can proceed in adding new VLANs and readdressing your VLAN502. Can you try to implement this intermediary step please?


Best regards,

Peter

jeff6strings Wed, 01/11/2012 - 11:17
User Badges:

Peter,

I will set a time window within the coming week to work on this but the only difference with your proposal and what I have is the spanning-tree portfast trunk command on the f4/43 interface and not changing the IP. That is the only troubleshooting step I did not do was keep the existing IP network when we did this in production a week ago.

Again,


Thanks for the help.

Jeff

Peter Paluch Wed, 01/11/2012 - 12:09
User Badges:
  • Cisco Employee,

Jeff,


My suggestion is not quite identical, although strongly similar. I am suggesting creating only a single subinterface on the router, not two. Also, I have changed the order of switchport trunk encapsulation dot1q and switchport mode trunk commands, as only this order will be correctly accepted (reversed order will result in the switch merely complaining that it cannot set a port to static trunk if the encapsulation is auto - and the port will remain running as an access port which may very well have happened). In addition, only a single VLAN is allowed on the trunk port, not two. And also, I am retaining the IP addressing to keep the number of changes possibly minimal.


Please understand that you have originally quoted only your alleged configuration modifications but not the real configurations from the devices at the time you experienced the connectivity problems. That understandably makes me to consider those configuration additions with a little reservation whether they have indeed been input exactly as you indicated them. That is also the reason why I am suggesting these additions to be input again, in smaller steps.


Best regards,

Peter

jeff6strings Wed, 01/11/2012 - 16:27
User Badges:

Peter, thanks for the response and explanation. I will setup a time window to implement and let you know how things go.


Jeff

jeff6strings Fri, 02/03/2012 - 05:30
User Badges:

Peter, your configuration worked just fine. Thank you for your help.


Jeff

Actions

This Discussion