02-20-2012 06:34 AM - edited 03-07-2019 05:02 AM
Hi.I have a 2950 switch connected to a 2620xm router.I currently have two vlans (1 and 2).Only vlan 1 Is enabled.When I try to enter a no shutdown command for Vlan 2 I'm kicked out of the switch and can't connect anymore unless I reboot to the previous configuration.
I've attached config files for router and switch.Thanks
Solved! Go to Solution.
02-20-2012 07:29 AM
Nope, it won't work in that way. Below should be your config
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.9.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.15.1 255.255.255.0
you need to apply the NAT configs on your sub interfaces rather than on physical.
02-20-2012 02:51 PM
I believe that I understand the issue here. You have a layer 2 switch configured with 2 layer 2 VLANs and this should work fine. You have configured a default gateway which uses VLAN1 subnet..
The issue is with the attempt to have 2 active VLAN interfaces. You have active interface VLAN 1 and are attempting to activate the second layer 3 interface. But a layer 2 switch can have only 1 active layer 3 interface. So when you no shut VLAN 2 then the switch does shutdown on VLAN 1 interface. So your connection to the VLAN 1 address no longer works. And the default gateway no longer works.
What makes this confusing for many people is the relationship between layer 2 VLANs and layer 3 VLAN interfaces. A layer 2 switch like this can have multiple layer 2 VLANs active. But it can have only a single layer 3 VLAN interface active.
The solution is that you need to decide which VLAN interface you want to be active on this switch and to configure the default gateway in that subnet. And then activate that VLAN interface.
HTH
Rick
02-20-2012 06:50 AM
Could you please share me the configs of your router as well? Don't know had some glitch with my eyes, ignore that earlier post.
Thanks
Vivek
02-20-2012 07:03 AM
I've attached the config for the router to the original question.Thanks
02-20-2012 07:18 AM
You have the native VLAN configs missing on your router. Add the below & this should fix.
interface Fastethernet 0/0.1
encapsulation dot1q 1 native
ip address 192.168.9.x 255.255.255.0
The mistake is, you should configure your physical interface as trunk & shouldn't assign an IP directly to it, rather on a sub-interface.
Thanks
02-20-2012 07:24 AM
I'll try It In a short while when I get back home thanks.I thought I could configure It this way when using dot1q encapsulation without adding the native vlan config.
02-20-2012 07:29 AM
Nope, it won't work in that way. Below should be your config
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.9.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.15.1 255.255.255.0
you need to apply the NAT configs on your sub interfaces rather than on physical.
02-20-2012 11:26 AM
Hi.I removed the ip address from fa0/0 and created the dot1q native address.I've applied NAT to the sub Interfaces.Now I can't ping the router from the switch or telnet Into the router directly.Do I still need to give an ip address to fa0/0 along with the subinterface addresses ?I'm also unable to use the switchport trunk encapsulation dot1q command.The command Is recognised up to switchport trunk but encapsulation Is not recognised.
I'm unable to upload the latest configs at the moment.I know It's a bit vague without them.
02-20-2012 02:51 PM
I believe that I understand the issue here. You have a layer 2 switch configured with 2 layer 2 VLANs and this should work fine. You have configured a default gateway which uses VLAN1 subnet..
The issue is with the attempt to have 2 active VLAN interfaces. You have active interface VLAN 1 and are attempting to activate the second layer 3 interface. But a layer 2 switch can have only 1 active layer 3 interface. So when you no shut VLAN 2 then the switch does shutdown on VLAN 1 interface. So your connection to the VLAN 1 address no longer works. And the default gateway no longer works.
What makes this confusing for many people is the relationship between layer 2 VLANs and layer 3 VLAN interfaces. A layer 2 switch like this can have multiple layer 2 VLANs active. But it can have only a single layer 3 VLAN interface active.
The solution is that you need to decide which VLAN interface you want to be active on this switch and to configure the default gateway in that subnet. And then activate that VLAN interface.
HTH
Rick
02-20-2012 10:41 PM
Hi.I understand It now thanks !.
02-20-2012 04:51 PM
Richard pointed it out. You have to, have only one Layer 3 active VLAN on your 2950. So, depending upon which VLAN you want to use as management, retain that on your 2950. Assume that you want VLAN 1 with that IP address to be available on 2950, then delete the VLAN 2 which you have configured & create only a layer 2 (VLAN number 2).
Point your default gateway to the VLAN 1 ip address of the router (the one we discussed earlier).
Thanks
Vivek
02-20-2012 10:45 PM
Hi.Thanks for the help.I've made this change In configuration on the router however and now I can't ping It from the switch or telnet Into It directly.
interface FastEthernet0/0
no ip address
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.9.1 255.255.255.0
ip nat inside
no snmp trap link-status
02-20-2012 10:53 PM
You can have only one active Layer 3 VLAN on your 2950 switch. It's upto you to keep VLAN 1 or VLAN 2 (Layer 3 perspective). For sake of discussion, i would say remove interface VLAN 2 but retain the Layer 2 VLAN (VLAN 2). By doing this, you would solve your troubles.
Thanks
Vivek
02-20-2012 11:17 PM
Sorry, wont bother you any more with this.promise!
My problem now Is vlan 2 Is In a shutdown state as before but I'm not able to ping the router now I have added two sub Interfaces.Do you mean that I have to remove the one subInterface for vlan 2 ?
02-20-2012 11:25 PM
No issues. will help you till you sort out.
So, now your VLAN 2 is shutdown. Perfect. Where is your ip default-gateway statement pointing to? The statement should be ip default-gateway 192.168.9.1.
02-20-2012 11:33 PM
my default gateway Is pointing to 192.168.9.1.Even If I connect the router directly to the pc now I can't telnet Into It.The only change I made on the router Is the one I posted above.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: