The provider deliver a ptp link on Fa0/23/vlan 2 and I would like to be able to solve this without any interruption on current traffic. This is the current config.

interface FastEthernet0/23

switchport access vlan 2

switchport mode access

snmp trap mac-notification change added

snmp trap mac-notification change removed

spanning-tree portfast

spanning-tree bpduguard enable

ip dhcp snooping trust

end

SWITCH#sh run int vlan 2

Building configuration...

!

interface Vlan2

ip address 10.117.10.5 255.255.255.0

no ip route-cache

end

The thing is that the provider are going to send us a tagged vlan on Fa0/23 that will be configured for Internet traffic. My idea was to create a subinterface on Fa0/23 and receive the traffic from the provider.

Something like:

interface FastEthernet0/23.100

Description Internets

encapsulation dot1Q 100

interface vlan 100

description Internets

Should this do the trick or am I having a seizure?

As Jan mentioned, you cannot do subinterfaces on a switch. The equivalent is vlan trunking. If you set the native vlan to 2, that will leave vlan 2 untagged on the trunk. Then you can set the interface in trunk mode to accept tagged traffic with just a small blip, if any, in existing traffic.

I would also enable portfast trunk and disable bpduguard if this is a trusted interface.

interface FastEthernet0/23

switchport trunk native vlan 2

switchport trunk allowed vlan 2,100

switchport mode trunk

Regards,

Mike

Hi Anders,

I see...

There are more things to say, so first of all, do you have switch that supports subinterfaces? Not many do, actually...only some of the higher series.

If yes, you can do this by using L3 ports, but you need to assign ip address to this interface

interface FastEthernet0/23.100
Description Internets
encapsulation dot1Q 100
ip add x.x.x.x x.x.x.x

now, as you will create interfaces like this, you will effectively turn this port into "L3 mode" so I don't see the point in issuing

interface vlan 100
description Internets

as In my opinion, it doesn't really matter. As you receive traffic with tag 100 on interface fa0/23, that port will deencapsulate the whole frame - thus removing the tag as well. It behaves just like simple L3 port. And regarding the routing, the x.x.x.x /xx will be directly connected, no problem there ( if ip routing globally enabled ). When sending traffic back to the provider, the frames will have tag 100 again.

So, if you use L3 subinterfaces, you should assign ip addresses to them.

But I see that you have access vlan configured on that port... so you can't use subinterfaces if you want the port to be normal L2 switchport also. Either you decide to make it a trunk, as Mike suggested (thus the port will stay in L2 mode, and vlan2 will be tagged upon receipt) or you make everything "routed", by making it L3 port with subinterfaces, if your switch can do that.

I just mentioned all of that possibilities, even if they are not quite straightforward, because I want you to know that you have an option. Moreover, I don't want to simply say - use this or use that. It is always better to have a discussion and think about it little bit more.

The easiest way I see, however, is using L2 trunk. After setting the trunk up, configure interface vlan 100 with IP address and enable ip routing, so you can route between different VLANs.

Best regards,

Jan

Thank you for your time and we did configure a trunk and so on and it is working fine. A small interuption in the customers traffic was not a problem after all.

Thanks again!

Dear Friend,

Can you elaborate, what the scenario was and what you found there ..???