09-02-2014 02:31 PM - edited 03-07-2019 08:36 PM
Hello,
I'm having a heck of a time adding 4 vlans to a trunk port on Fa0/0/1 which is a port on a 4ESW hwic card in a Cisco 2811 router.
The command I am adding is
switchport trunk allowed vlan 296,297,299,300
I get this back from the console:
Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
I've already added those vlans in vlan database. Here is a cut and paste of them:
VLAN ISL Id: 296
Name: VLAN0296
Media Type: Ethernet
VLAN 802.10 Id: 100296
State: Operational
MTU: 1500
VLAN ISL Id: 297
Name: VLAN0297
Media Type: Ethernet
VLAN 802.10 Id: 100297
State: Operational
MTU: 1500
VLAN ISL Id: 299
Name: VLAN0299
Media Type: Ethernet
VLAN 802.10 Id: 100299
State: Operational
MTU: 1500
VLAN ISL Id: 300
Name: VLAN0300
Media Type: Ethernet
VLAN 802.10 Id: 100300
State: Operational
MTU: 1500
So what am I missing?
Solved! Go to Solution.
09-02-2014 03:09 PM
> So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?
In general, that should work. It's not that uncommon to have the WANs on the router-ports and the LANs on the switch-module.
09-02-2014 02:47 PM
I have never researched why it has this behavior but it is just saying that you need to also include the default VLANs, once you do that it will accept the command.
09-02-2014 02:49 PM
Well, the error message states which vlans are missing. The switch-modules always behave a little bit different to a regular switch.
switchport trunk allowed vlan 1,296,297,299,300,1002-1005
09-02-2014 02:49 PM
I don't want vlan 1, 1002-1005 on that link. It goes through an ISP hand off and I can't control what they have on their side. For all I know those vlans could be other customers and I can't allow those vlans access for security.
09-02-2014 03:00 PM
I'm not aware of a way to tweak the module to operate the way you want.
A possible Workaround: Place the ISP on one of the build-in router-ports. There you can configure sub-interfaces for your four VLANs. The HWIC could then be used for your internal connection.
09-02-2014 03:01 PM
Both Fe's are used. 1 for one ISP and 1 for lan.
So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?
This is because we have branch offices in different territories that have different LEC's.
09-02-2014 03:09 PM
> So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?
In general, that should work. It's not that uncommon to have the WANs on the router-ports and the LANs on the switch-module.
09-03-2014 05:36 AM
Just curious if this is a function of the IOS version running. Currently running c2800nm-advipservicesk9-mz.124-25g because it does everything I need and lower memory requirements of the 15.1 train. If I upgrade to c2800nm-advipservicesk9-mz.151-4.M7, do you think it would allow me to prune vlan 1 (and the others) off a Fa interface on a 4ESW hwic card?
Or do you think this limitation is from the traces burned into the ASIC's on the ESW card itself, in which no software could overcome?
09-03-2014 06:14 AM
As far as I know it's a limitation of the hardware (or the software-implementation for this hardware). I know the same behavior from 15.1 and 15.2 on ISR G2 releases.
09-03-2014 06:30 AM
Ok, I will mark your suggestion as the correct answer to use the built in Fa0/0 and Fa0/1 for my WAN links and use the 4ESW card for the LAN links.
Fa0/0 - Windstream VPL - 2 offices in Windstream territory (existing) (Requires 802.1q vlans as specified from us to service provider)
Fa0/1 - Verizon EVPL - 2 offices in Verizon territory (adding) (Requires 802.1q vlans as specified from service provider)
Fa0/0/0 - vlan 200 - to 4G LTE backup for all offices (existing tunnels built)
Fa0/0/1 - Will become the new LAN (adding)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide