what i'd like to do is connect fa1 to the switch so I thought trunking is the way to go.
But now i'm not quite sure how the switch handles the traffic. By default, all Vlans are allowed on the trunk lines. That's okay for now because I'm only going to use vlan2 on the switch (i'll probably block the management vlan). But now it's not clear to me how you can tell ports which vlan (from the router) they should be appointed to. I also don't quite understand why you can create vlans on the switch as well if you already have vlan1 and vlan2 coming from the router.
1) i ran into a problem trying this: when I connect my PC to the switch to configure it, the standard config IP is 192.168.1.254. All is good until I connect the router to any other port on the switch, then I can't access the config page anymore.
2) It seems if I put my IP settings on my windows PC to automatic, the PC get a 10.10.10.x IP address (which for now is vlan1). why doesn't it assign an IP address in the range of vlan2 (192.168.1.x, 255.255.255.0)?
if the port on the switch where you plug the pc is in vlan 1 then it's normal you get an IP address in the 10.10.10.0 scope.
if you assign the port connected to the PC as belonging to vlan2 then you should get an IP int the 192.168.1.0 scope provided your interface vlan 2 is up/up which I doubt because you didn't declare this vlan on the router.
Can you provide output of following:
-sh vlan-switch brief
-sh ip int br | inc Vlan
-sh interface fastethernet1 switchport
there are also some mistakes in your config:
1) ip route 0.0.0.0 0.0.0.0 fastethernet4
you should never configure a static route pointing to a multipoint interface but use the next-hop ip instead in this case
2) you didn't no shut this fastethernet4 interface, is it on purpose ?
3) you configured the dns service but did no ip domain lookup so it will never do dns lookups and you didn't configure any name servers
4) it's not good security practice to configure privilege level 15 on the line because any one logging to the line will get directly into enable mode
Thank you for pointing out the mistakes. The config wasn't final at all, I'm actually just trying out some stuff with the vlans, I will fix the mistakes at the final point of installation. I will provide output later today when I'm working on it again.
I still don't quite understand the following:
If I declare vlans on the router, do I have to declare them in the switch as well?
if you connect a PC into a switch by default all th ports are in vlan 1 and access mode( untagged) which means frames entering these ports are not tagged and can be flooded out all other ports which are in the same vlan.
Now here your router is using an integrated switching module and by default all switchports are in vlan 1 and are in access mode.If you create vlan 2 on the switch then you link your switch to the router and on the switch-router link the port is in vlan 2 but in vlan 1 on router-switch and your pc is in vlan 2 then frames will get to the router and will be treated at Layer 3 by the corresponding SVI( vlan interface) but it's not recommended to do so.
You should configure the same vlan on both and the corresponding interface vlan on the router.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...