cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
6
Helpful
8
Replies

871 router to 4503 switches

richmorrow624
Level 1
Level 1

I have two 4503 switches that are ether channeled together and configured with HSRP for redundancy.

These switches have some VLANs created.

I have an 871 router that has a four port switch for the inside interfaces. You cannot assign these ports IP addresses individually:

"% IP addresses may not be configured on L2 links"

, but I can create a VLAN and assign ports to it.

I want to be able to uplink this 871 router the 4503 switches.

Can I create a VLAN on the 871, add two ports to it, then uplink the two ports to the two 4503 switches for redundancy?

My goal is to have one port on the 871 "member of VLAN 2" uplink to 4503 #1 port that is a member of VLAN2.

have a different port on the 871 "member of VLAN 2" uplink to 4503 #2 port that is a member of VLAN2.

Configure the routes on the 871 that I need to point to the HSRP virtual IP address of two 4503 switches.

Is this ok to do?

Also, does it matter if the VLANs match in ID name as long as the VLANS are in the same subnet?

1 Accepted Solution

Accepted Solutions

Richard,

You are thinking along the right lines as per your original post.

I haven't used a 871 but it appears, from your post, they can only function as switchport. Here's what you can do. Configure all the 4 ports, 2 on 877 & 1 each on the 4503 switches, to be on a unique vlan. Configure an SVI for the vlan on all 3 devices and give it an IP address. Configure HSRP on both 4503 switches.

Point the static routes on the 877 to point to the HSRP address for the vlan interface and this would provide redundancy. On both 4503 switches, add appropriate static routes to point to the 877 vlan interface IP.

You may need a config that looks something like this.

4503_1:

int f0/24

description connection to 877

switchport access vlan 2

int vlan 2

ip add 172.16.2.1 255.255.255.0

standby 2 ip 172.16.2.254

ip route 192.168.1.0 255.255.255.0 172.16.2.3

4503_2:

int f0/24

description connection to 877

switchport access vlan 2

int vlan 2

ip add 172.16.2.2 255.255.255.0

standby 2 ip 172.16.2.254

ip route 192.168.1.0 255.255.255.0 172.16.2.3

4503_1:

int f0/1

description connection to 4503_1

switchport access vlan 2

int f0/2

description connection to 4503_2

switchport access vlan 2

int vlan 2

ip add 172.16.2.3 255.255.255.0

ip route 10.0.0.0 255.0.0.0 172.16.2.254

HTH

Sundar

View solution in original post

8 Replies 8

sourabhagarwal
Level 4
Level 4

we get message "% IP addresses may not be configured on L2 links" because ports are non-routed ports. To make them as routed ports configure "no switchport" command under those interfaces and then try to configure IP address.

try it and let us know if it works or not.

Still unable to assign IP address to switchport.

But would my proposed scenario be a problem?

Hi

Can you also post a topological diagram on your network setup and what exactly you are trying to do over there..

regds

Amit Singh
Cisco Employee
Cisco Employee

Please paste a "Show version" and "Show run" from your router.

-amit singh

Shown is a brief version of the configs of one of the switches and the 871 router.

Basically, I am not sure how to get the VLAN from the 871 to uplink to the VLAN of the 4503 switces.

I have the VLAN labeled as VLAN1 in the router and it is VLAN2 in the switch, I am not sure if that is the problem.

I want to be able to have one ethernet port on the 871 go to switch 1 and another port on the 871 go to switch 2 in case the primary switch fails, STP will enable the port on switch2.

Both 4503 switches have mirrored configs and are set up with HSRP and are etherchanneled together.

I have port g2?45 set up as so on the switch but it would not make the connection:

interface GigabitEthernet2/45

description LKLDSW001 to Remote_Tunnel_Router

switchport access vlan 2

switchport mode access

speed 100

duplex full

As it is now, the remote tunnels are configured in the PIX to the remote sites. I want to leave the config in the PIX and put the 871 in place (this VPN config has been tested) and have it be the primary connection. If the link to the 871 goes down (brighthouse) I want to set up object tracking and try to get the traffic routed to the PIX to use that connection (Sprint).

The 871 has ver 12.4 and is capable of the object tracking

I guess a trunk port is the way to go.

Richard,

You are thinking along the right lines as per your original post.

I haven't used a 871 but it appears, from your post, they can only function as switchport. Here's what you can do. Configure all the 4 ports, 2 on 877 & 1 each on the 4503 switches, to be on a unique vlan. Configure an SVI for the vlan on all 3 devices and give it an IP address. Configure HSRP on both 4503 switches.

Point the static routes on the 877 to point to the HSRP address for the vlan interface and this would provide redundancy. On both 4503 switches, add appropriate static routes to point to the 877 vlan interface IP.

You may need a config that looks something like this.

4503_1:

int f0/24

description connection to 877

switchport access vlan 2

int vlan 2

ip add 172.16.2.1 255.255.255.0

standby 2 ip 172.16.2.254

ip route 192.168.1.0 255.255.255.0 172.16.2.3

4503_2:

int f0/24

description connection to 877

switchport access vlan 2

int vlan 2

ip add 172.16.2.2 255.255.255.0

standby 2 ip 172.16.2.254

ip route 192.168.1.0 255.255.255.0 172.16.2.3

4503_1:

int f0/1

description connection to 4503_1

switchport access vlan 2

int f0/2

description connection to 4503_2

switchport access vlan 2

int vlan 2

ip add 172.16.2.3 255.255.255.0

ip route 10.0.0.0 255.0.0.0 172.16.2.254

HTH

Sundar

Thanks for the reply Sundar, you are correct as far as what was needed to get this to work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: