Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vlans on 877

Hi

I have a 877 router (IOS advipservices).

I wish to set up 3 vlans for 3 differents ip subnets, each one with different policies: 192.168.10.0/24 192.168.20.0/24 and 192.168.30.0/24.

So far i've set up 2 vlans.

Vlan 1 works fine: fastethernet0 is assigned to vlan 1 and it carry traffic for this network.

Vlan 2 instead, shows some problem:

FastEthernet1 up up

Vlan2 192.168.20.1 up down

Pings to the ip address fail andi cant figure the reason the interface doesn't want to go up

How can i bring it up? I want the traffic from one subnet to the other to be able to flow. (in other words, inter-vlan routing).

Thank you anticipately

Carlo

15 REPLIES
Hall of Fame Super Silver

Re: Vlans on 877

Hello Carlo,

you need to have a physical port associated to the vlan 2 that is up and in STP forwarding state

int fas1

swithcport mode access

switchport access vlan 2

int vlan2

no shut

be aware that some IOS releases doesn't allow to use more then two vlans on this platform

Hope to help

Giuseppe

New Member

Re: Vlans on 877

Hi Giuseppe.

This is the relevant part of configuration:

!

interface FastEthernet 0

description ** Production **

!

interface Fastethernet 1

description ** Internet **

switchport access vlan 2

!

Both interfaces are in switchport mode access

Since vlan 1 is the deafult vlan, the switchport access vlan 1 is omitted

Furthermore, the int vlan 2 is not shutdown.

I don't know if this can be related to the IOS advipservicesk9-mz.124-6.T7

The FE interfaces, as i posted previously are up, however the vlan 2 stays up down.

Hall of Fame Super Bronze

Re: Vlans on 877

Did you create Vlan 2 in the VTP database?

Please post the show vlan-switch output.

HTH,

__

Edison.

New Member

Re: Vlans on 877

I notice i have only vlan 1, the vlan 2 doesn't appear with show vlan-switch. I guess i have to create the vlan 2 and then associate it to the interface vlan 2?

Hall of Fame Super Silver

Re: Vlans on 877

Hello Carlo,

>> I guess i have to create the vlan 2 and then associate it to the interface vlan 2?

yes you need to define vlan2 before you can use it.

Happy Christmas

Hope to help

Giuseppe

Hall of Fame Super Bronze

Re: Vlans on 877

Carlo,

That's correct. The Vlan must be manually created in the Vlan DB. Vlan 1 automatically is created by the device. You already have the association so what you need to do is:

switch#vlan database

switch(vlan)#vlan 2

switch(vlan)#exit

HTH,

__

Edison.

Please rate helpful posts

New Member

Re: Vlans on 877

It is just what i did, and in fact, i saw finally the 2nd vlan. (my fault was that i was trying to access to vlan database in config mode). Now i have to work on the associations between the vlans configured in the vlan database and the routed vlan interfaces.

Question: for security reasons (preventing for example vlan hopping) i wish to keep the default vlan 1 with no ports associated to it. However, the routed interface vlan 1 (IP 192.168.10.1) can be associated to another vlan? Or rather the interface vlan X can be associated only to the vlan X in the vlan database?

Hall of Fame Super Bronze

Re: Vlans on 877

Carlo,

You are unable to delete Vlan 1 on the Vlan Database, but you don't need to create a routed interface for such Vlan.

All switchports by default are associated to Vlan 1 (you can see this behavior with the show vlan-switch output).

If you want to create routed Vlans and exclude the Vlan 1 from the topology, you are free to do so.

Create Vlan 3, for instance, in the Vlan Database - create the SVI for Vlan 3 and then associated the intended ports to Vlan 3.

HTH,

__

Edison.

Please rate helpful posts

New Member

Re: Vlans on 877

Edison, i have at the moment configured in the vlan database vlan 1 and vlan 2 and interface vlan 1 and interface vlan 2, both with their own ip address.

I will create vlan 3 and 4 in the vlan database, associating then 1 port for each vlan (2, 3 and 4). At this point, im done at layer 2.

At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?) and then make the association with the respective vlan. Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?

New Member

Re: Vlans on 877

Hi ,

Sorry to interupt ur post like this but i am facing a problem with (i suppose vlans) on 877 (adv Sec IOS) and thought u guys can help.

i cant seem to have my clients browse the internet.

iv setup 2 vlans (vlan1 for LAN and vlan2 for Internet device)

using PATTING for internet access (via vlan2 overload) my clients can ping google and etc but browsing doesnt work.

i was using a 2611 earlier and that worked without any problem..

any idea ??

Hall of Fame Super Bronze

Re: Vlans on 877

Zaid,

It could be a MTU issue. Please open a new thread on this issue to avoid any confusion on this thread.

__

Edison.

Hall of Fame Super Bronze

Re: Vlans on 877

At layer 3, if i am right, i have to configure the SVI for each interface (in other words, it consists in creating a vlan interface with an IP address, right?)

Correct and make sure the devices on each Vlan are pointing to the SVI IP address as their default gateway.

Since this kind of router can have only 4 802.1q vlan, i think i will have at this point only one free vlan still available, right?

I'll have to look at the Vlan limitation on those units, but if you know for a fact is 4 Layer3 Vlans, then Vlan 1 will count towards the limit thus you won't have any more Vlans available. You can easily try it and see if it allows you to create additional Vlans in Layer2 and Layer3.

HTH,

__

Edison.

New Member

Re: Vlans on 877

Thanks for your confirms, Edison!

For the 877 router i read there is a max of 4 dot1q vlans, so i can't afford to waste a vlan.

A last advice. In order to simplify the things, i was considering to implement for each vlan, a simple DHCP pool, like this one:

ip dhcp pool VLAN2

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

Once the 3 pools are created, each one with his own network, they are associated to the respective vlan by default?

For example: vlan 2, ip address 192.168.10.254 255.255.255.0. The pool VLAN2 will be associated to this SVI?

New Member

Re: Vlans on 877

They will be associated together by address used in vlan 2 as well as in the pool. They will be the same subnet and that is what ties them.

Don't forget to add and exlusion statement for the vlan that the management terminal will be in ... if you plan on having one.

New Member

Re: Vlans on 877

Well, in the end i did it!

Created the 3 vlans, each one with his own DHCP pool and access-lists.

Thank you all for your support!

338
Views
10
Helpful
15
Replies