×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

2948G-L3 with VLANS and Routing

Unanswered Question

I need the ability to have a 2948G-L3 perform Layer 2 VLANS, perform Inter-VLAN routing and HSRP for the Inter-VLAN routing. There will be a second 2948G-L3 for the HSRP partner. Is the config below correct and the best way to do this? Thanks.

bridge irb

!

!

!

interface FastEthernet1

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet2

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet3

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet4

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet5

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet6

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet7

bridge-group 2

bridge-group 2 spanning-disabled

!

interface FastEthernet8

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet9

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet10

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet11

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet12

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet13

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet14

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet15

bridge-group 3

bridge-group 3 spanning-disabled

!

interface FastEthernet16

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet17

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet18

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet19

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet20

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet21

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet22

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet23

bridge-group 4

bridge-group 4 spanning-disabled

!

interface FastEthernet24

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet25

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet26

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet27

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet28

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet29

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet30

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet31

bridge-group 5

bridge-group 5 spanning-disabled

!

interface FastEthernet32

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet33

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet34

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet35

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet36

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet37

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet38

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet39

bridge-group 6

bridge-group 6 spanning-disabled

!

interface FastEthernet40

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet41

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet42

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet43

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet44

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet45

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet46

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet47

bridge-group 7

bridge-group 7 spanning-disabled

!

interface FastEthernet48

bridge-group 7

bridge-group 7 spanning-disabled

!

interface GigabitEthernet49 -----------> Physical connection to layer 2 User network

!

interface GigabitEthernet49.2 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 2

bridge-group 2

!

interface GigabitEthernet49.3 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 3

bridge-group 3

!

interface GigabitEthernet49.4 -----------> VLAN needed on here and layer 2 user network

encapsulation dot1Q 4

bridge-group 4

!

interface BVI 2

ip address 192.168.1.2 255.255.255.0

standby 2 ip address 192.168.1.1

standby 2 priority 110

bridge-group 2

!

interface BVI 3

ip address 192.168.2.2 255.255.255.0

standby 3 ip address 192.168.2.1

standby 3 priority 110

bridge-group 3

!

interface BVI 4

ip address 192.168.3.2 255.255.255.0

standby 4 ip address 192.168.3.1

standby 4 priority 110

bridge-group 4

!

interface BVI 5

ip address 10.0.1.2 255.255.255.0 --> VLAN needed only here

standby 5 ip address 10.0.1.1

standby 5 priority 110

bridge-group 5

!

interface BVI 6

ip address 10.0.2.2 255.255.255.0 --> VLAN needed only here

standby 6 ip address 10.0.2.1

standby 6 priority 110

bridge-group 6

!

interface BVI 7

ip address 10.0.3.2 255.255.255.0 --> VLAN needed only here

standby 7 ip address 10.0.3.1

standby 7 priority 110

bridge-group 7

!

bridge 1 protocol ieee

bridge 2 protocol ieee

bridge 3 protocol ieee

bridge 4 protocol ieee

bridge 5 protocol ieee

bridge 6 protocol ieee

bridge 7 protocol ieee


bridge 1 route ip

bridge 2 route ip

bridge 3 route ip

bridge 4 route ip

bridge 5 route ip

bridge 6 route ip

bridge 7 route ip

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
milan.kulik Mon, 01/20/2003 - 00:57
User Badges:
  • Red, 2250 points or more

I've got some comments to your config:

1) Are you really using FastEthernet ports to connect users? Int Fa1 - Fa7 to connect VLAN2 users, e.g.?

If yes, why is bridge-group 2 spanning-disabled ? I wouldn't dare to disable spanning tree on user ports.

If not (I would say so regarding your notice "interface GigabitEthernet49 -----------> Physical connection to layer 2 User network") why don't you bind IP addresses directly to subinterfaces (router on the stick), i.e. :

interface GigabitEthernet49.2

encapsulation dot1Q 2

ip address 192.168.1.2 255.255.255.0

standby 2 ip address 192.168.1.1

standby 2 priority 110

without using BVIs combining GE subinterfaces and FE interfaces?

I've noticed a IOS bug in the past concerning BVIs on subinterfaces (but it was on 3640 if I remember correctly).

2) Don't forget native VLAN on 802.1q trunk. One of your subinterfaces should be in native VLAN:

interface GigabitEthernet49.2

encapsulation dot1Q 2 native

e.g.


Regards,

Milan




The reason that I did not put the layer 3 info on the Gig interface is incase this link fails or gets disconnected, this would cause the Gig-subintefaces to go down. If this link did go down, then the user network off of it would go off-line, but the key devices that I have directly attached to FastE ports (ie, firewalls, vpn devices) would still be operational and able to access the data they need, just the Internal users would be off-line. (In this particular setup, the users are not as important as the traffic comming in from VPN's, B2B, etc.)

Actions

This Discussion