Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1568
Views
0
Helpful
9
Replies

Cisco 3825 Router and NME-16ES-1G-P

Go to solution
iPhrankey
Level 1
Level 1

‎03-18-2014 01:53 PM - edited ‎03-07-2019 06:46 PM

Hi Everyone,

We have a Cisco 3825 Router and a NME-16ES-1G-P. We would like to use the switch to attach devices that have IPs in our public IP blocks that are on the router interfaces.

I have configured the switch module with a basic configuration. This allows me to ping all of the router interfaces from the Switch console. I can also ping the switch interface from the router. Unfortunately, when I attach a device to one of the switch ports (1/0/1) I cannot ping any of the router interfaces.

I followed this document. I didn’t configure the vlans. Are the vlans necessary? I have a feeling it’s the configuration on the switch ports, but at this point I have no idea. I would really appreciate any help.

http://docwiki.cisco.com/wiki/EtherSwitch_Service_Module_%28NME%29_Initial_Configuration_Example

--- Router Config ---

interface GigabitEthernet2/0
 ip address 10.10.10.1 255.255.255.0

ip route 10.10.10.0 255.255.255.0 10.10.10.2

--- Switch Config ---

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
no logging console
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1
 switchport mode trunk
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
 no switchport
 ip address 10.10.10.2 255.255.255.0
!
interface Vlan1
 no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip http server
!
control-plane
!
line con 0
line vty 5 15
!
end

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to iPhrankey

‎03-18-2014 03:24 PM

Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -

1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces

2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.

On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.

You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.

So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.

But you aren't doing that.

The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.

The switch is then only acting as a L2 switch and all L3 is done on the router.

One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to iPhrankey

‎03-19-2014 12:05 PM

The issue you have is that you cannot have multiple interfaces (whether physical or vlan interfaces) with IPs from the same range.

So if you can migrate the entire public blocks to the switch and assign IPs from different ranges to the physical interfaces on your router then yes that should work.

To do this you could either -

1) use a L2 trunk as the interconnect and have subinterfaces on the router port

or

2) use L3 vlan interfaces on the switch and then route to the router via the L3 interconnect

Jon

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-18-2014 02:40 PM

We would like to use the switch to attach devices that have IPs in our public IP blocks that are on the router interfaces.

Do you mean that you have other interfaces on the router using public IPs and you want to attach clients to the switch and then have them use IPs from the same public ranges ?

Jon

0 Helpful

Go to solution
iPhrankey
Level 1
Level 1
In response to Jon Marshall

‎03-18-2014 03:09 PM

 

Yes, that is correct.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to iPhrankey

‎03-18-2014 03:24 PM

Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -

1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces

2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.

On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.

You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.

So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.

But you aren't doing that.

The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.

The switch is then only acting as a L2 switch and all L3 is done on the router.

One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.

Jon

0 Helpful

Go to solution
iPhrankey
Level 1
Level 1
In response to Jon Marshall

‎03-18-2014 03:40 PM

 

Jon, thank you so much for your explanation.

We're currently using an external switch plugged into the F/E ports on the router. We can then easily plug in clients to the switch that have ben assigned the public IPs. Everything works great. However, we were hoping to clean up the cable mess and have everything come out of the router.

Would trunking up the internal interface on the switch/router provide a solution? Instead of having anything routed, the internal interface(s) could be trunked to let the traffic pass through?

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to iPhrankey

‎03-18-2014 04:03 PM

Would trunking up the internal interface on the switch/router provide a solution? Instead of having anything routed, the internal interface(s) could be trunked to let the traffic pass through?

Unfortunately no because as i described in last post this would mean using subinterfaces on the router port but you won't be able to assign an IP to a subinterface from a range that is already in use on another interface.

Like i say the only way i can see this working is to not use the interconnect for data traffic at all and simply run physical connections from the router interfaces to the switch.

It should work but obviously it won't actually tidy up any cables if you are already running cables back to standalone switches. It would simply mean less rack space taken up because the switch part is intergrated into the router chassis.

You could probably still use the L3 interconnect to be able to connect to the switch from the router but it would be used purely for that ie. accessing the switch itself to manage it.

Sorry to a bit vague in terms of whether it will definitely work but i wouldn't want to say for sure without testing it although like i say i can't see why it wouldn't.

Jon

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎03-18-2014 04:48 PM

edited

0 Helpful

Go to solution
iPhrankey
Level 1
Level 1
In response to Jon Marshall

‎03-18-2014 05:57 PM

 

What if I approached this differently.

What if I assigned the public IP blocks on the switch side instead of the router interfaces? The public IP (gateway IP) is assigned to the F/E interfaces on the router. This is done strictly for phyical connectivity to either a client or switch. The actual internet traffic is routed out over the serial connection via an IP route.

Putting the IP blocks on the switch side would keep everthing in the same subnets. Would the traffic from the switch be routable using this approach?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to iPhrankey

‎03-19-2014 12:05 PM

The issue you have is that you cannot have multiple interfaces (whether physical or vlan interfaces) with IPs from the same range.

So if you can migrate the entire public blocks to the switch and assign IPs from different ranges to the physical interfaces on your router then yes that should work.

To do this you could either -

1) use a L2 trunk as the interconnect and have subinterfaces on the router port

or

2) use L3 vlan interfaces on the switch and then route to the router via the L3 interconnect

Jon

0 Helpful

Go to solution
iPhrankey
Level 1
Level 1
In response to Jon Marshall

‎03-21-2014 01:27 PM

I was able to achieve the goal of putting the public IP blocks on the switch interfaces instead of the router interfaces.

Jon's responses got me on the right track to realize I needed to migrate the public blocks to the switch.

This following was my solution in case anyone else finds this discussion.

1. I created a new vlan on the switch. I assigned the gateway IP address from the public block to the vlan.

2. I put the F/E interfaces on the switch into the new vlan.

3. I then added an IP route on the router side for vlan/public IP range.

Thanks again Jon for your responses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card