Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cannot add allowed vlan's to 4esw switch port in 2811 router

Hello,

 

I'm having a heck of a time adding 4 vlans to a trunk port on Fa0/0/1 which is a port on a 4ESW hwic card in a Cisco 2811 router.

The command I am adding is

switchport trunk allowed vlan 296,297,299,300 

I get this back from the console:

Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.

 

I've already added those vlans in vlan database.  Here is a cut and paste of them:

VLAN ISL Id: 296
    Name: VLAN0296
    Media Type: Ethernet
    VLAN 802.10 Id: 100296
    State: Operational
    MTU: 1500

  VLAN ISL Id: 297
    Name: VLAN0297
    Media Type: Ethernet
    VLAN 802.10 Id: 100297
    State: Operational
    MTU: 1500

  VLAN ISL Id: 299
    Name: VLAN0299
    Media Type: Ethernet
    VLAN 802.10 Id: 100299
    State: Operational
    MTU: 1500

  VLAN ISL Id: 300
    Name: VLAN0300
    Media Type: Ethernet
    VLAN 802.10 Id: 100300
    State: Operational
    MTU: 1500

 

 

So what am I missing?

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

> So your suggesting move

So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?

In general, that should work. It's not that uncommon to have the WANs on the router-ports and the LANs on the switch-module.

9 REPLIES

I have never researched why

I have never researched why it has this behavior but it is just saying that you need to also include the default VLANs, once you do that it will accept the command.

VIP Purple

Well, the error message

Well, the error message states which vlans are missing. The switch-modules always behave a little bit different to a regular switch.

switchport trunk allowed vlan 1,296,297,299,300,1002-1005

Community Member

I don't want vlan 1, 1002

I don't want vlan 1, 1002-1005 on that link.  It goes through an ISP hand off and I can't control what they have on their side.  For all I know those vlans could be other customers and I can't allow those vlans access for security.

VIP Purple

I'm not aware of a way to

I'm not aware of a way to tweak the module to operate the way you want.

A possible Workaround: Place the ISP on one of the build-in router-ports. There you can configure sub-interfaces for your four VLANs. The HWIC could then be used for your internal connection.

Community Member

Both Fe's are used.  1 for

Both Fe's are used.  1 for one ISP and 1 for lan.

 

So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?

This is because we have branch offices in different territories that have different LEC's.

VIP Purple

> So your suggesting move

So your suggesting move that Fe0/1 (LAN) to the 4esw card and then I can use Fe0/1 with sub interfaces like I currently do today with Fe0/0 for the other ISP?

In general, that should work. It's not that uncommon to have the WANs on the router-ports and the LANs on the switch-module.

Community Member

Just curious if this is a

Just curious if this is a function of the IOS version running.  Currently running c2800nm-advipservicesk9-mz.124-25g because it does everything I need and lower memory requirements of the 15.1 train.  If I upgrade to c2800nm-advipservicesk9-mz.151-4.M7, do you think it would allow me to prune vlan 1 (and the others) off a Fa interface on a 4ESW hwic card?

Or do you think this limitation is from the traces burned into the ASIC's on the ESW card itself, in which no software could overcome?

VIP Purple

As far as I know it's a

As far as I know it's a limitation of the hardware (or the software-implementation for this hardware). I know the same behavior from 15.1 and 15.2 on ISR G2 releases.

Community Member

Ok, I will mark your

Ok, I will mark your suggestion as the correct answer to use the built in Fa0/0 and Fa0/1 for my WAN links and use the 4ESW card for the LAN links.

Fa0/0 - Windstream VPL - 2 offices in Windstream territory (existing) (Requires 802.1q vlans as specified from us to service provider)

Fa0/1 - Verizon EVPL - 2 offices in Verizon territory (adding) (Requires 802.1q vlans as specified from service provider)

Fa0/0/0 - vlan 200 - to 4G LTE backup  for all offices (existing tunnels built)

Fa0/0/1 - Will become the new LAN (adding)

 

626
Views
0
Helpful
9
Replies
CreatePlease to create content