I know it is possible but I am having difficulty getting this to work. I am not a cisco guru but I can program a switch. Here is the scenario. I know I am only a few steps off.
I have a 2950 switch connected to a 1720 router. The switch is set up to have a 2 vlans. Vlan 1 has ports 1 - 5 in it. Those ports can ping the fast ethernet port of the router. Both the primary and secondary ip's can be pinged from the devices on vlan 1. vlan 2 cannot ping anything. Ports 6-11 are on vlan 2. Port 12 is trunked with both vlans and leads to the router. I can only get 1 DG in the switch, which is the primary fast ethernet ip in the router, which is also vlan 1's DG. Can anyone tell me why vlan 2 is not getting out? Any help would be great! thanks!
Lets start by being sure that we understand the difference between having a VLAN and having a VLAN interface. A VLAN is a layer 2 concept and layer 2 switches such as the 2950 can have multiple VLANs. A VLAN interface is a layer 3 interface. A layer 2 switch such as the 2950 can have a single VLAN interface. And the default gateway is related to the VLAN interface so the layer 2 switch has only one of these as well.
Your description of what is configured on the 2950 sounds reasonable: a group of ports configured to be part of VLAN 1 and a group of ports configured to be part of VLAN 2, and a port of the switch configured as a trunk to the router. That part should work.
I suspect that your problem is on the 1720 router. My guess is that the 1720 is not configured to trunk on its interface to the switch. When you describe a primary IP and a secondary IP I believe that it sounds like the 1720 is configured with secondary addressing rather than being configured with trunking.
If my assumption is correct then VLAN 2 is not getting out because going over the trunk the frames from VLAN 2 are tagged as part of the trunk. And I believe that the 1720 does not process the tagged frames.
I think you will need to have some configuration like this on the router:
interface FastEthernet0/0 (Replace this as per your requirement)
no ip address
description Connected to vlan 1 on Switch
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
description Connected to vlan 2 on switch
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
Replace the interface and ip addresses as per your network infrastructure.
* Please rate if helpful...
I believe your post will be helpful but I am coming across some problems. Can you explain this?
Router1720(config-subif)#encapsulation dot1Q 1 native
% Invalid input detected at '^' marker.
% Unrecognized command
Make any sense to you?
Thanks for all the help you all have been great!
That certainly indicates that the interface does not support trunking. I was not sure whether that might reflect differences in feature sets (on some VLAN trunking is not supported in Base feature sets but is supported in more advanced feature sets). But I did a little research and it looks like the 1720 did not support VLAN trunking which was supported on the 1721.
Do you have separate subnets on your 2 vlans?
If yes, then you can enable 'ip routing' on your switch and that should be fine.
yeah, they are different subnets. I will give it a shot tomorrow and see how it works. I will be leaveing the office here pretty quick.
The 2950 is a layer 2 switch and as such it does not support the ip routing command. I am afraid that the combination of hardware that you have will not support intervlan routing.
Thanks everyone. I will find a solution some how. My objective was to make it all go through the fast ethernet of the 1720 but it appears that is not a option. I can break it off so that 1 vlan goes through the ethernet and the other goes from the fast ethernet. Wasn't my goal but as long as it works thats what matters.
It certainly should work to have VLAN 1 connect to one Ethernet/FastEthernet and have VLAN 2 connect to the other Ethernet/FastEthernet. The switch port for each of these connections would be configured as an access port and there would be no need for any trunk port on the switch.
I knew that would work all along but we prefered to use the fast ethernet and to leave the ethernet open for future expansions. It appears that will not work and if we need to do future expansions a switch with more ports will be needed. I really cannot explain why we wanted to do it this way. I was just asked to see if I can make it work.
Thanks everyone for your great help. This was my first time using cisco's forums as a tool and it will be one I use for many years to come.