Re: Will This Configuration Work? VLAN Trunking With Etherswitch

frivers · ‎04-18-2010

Unfortunately, I'm not in a position where I can configure and test because I don't have a test environment. So I have to get as much right as possible so that the router is plug and play.

Here's what I have to work with:

Cisco 2821 router
2 imbedded GigabitEthernet ports (G0/0-G0/1)
4 port Etherswitch HWIC (fa0/0/0-fa0/0/3)

Here's what I need to do:

Replace old layer 3 switch managed by ISP
Connect switch trunk port on 2821 to ISP router
Connect VLAN 360 to LAN switch
Connect VLAN 560 to Sonicwall

If I am correct, the imbedded GE ports aren't needed as they aren't vlan capable and I can do what I need to do with just the Etherswitch module. Here's my config so far:

vlan database
vlan 1
vlan 360
vlan 560

!--default LAN

int vlan 1

description OPS_LAN
ip address 172.89.49.2 255.255.255.0

int vlan 360
description MPLS_WAN
ip address 192.168.1.2
!--insert voice qos policy here

!--Trunk port out to ISP router
int fa0/0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport access vlan 360, 560

!--This is the public Internet to the Sonicwall device
int fa0/0/1
description TO_FIREWALL_UNTRUSTED
no shutdown
switchport access vlan 560

!--This is trusted MPLS_WAN traffic to our LAN
int fa0/0/2
description TO_LAN
no shutdow

!--Lets assume all my routes are correct

ip route 0.0.0.0 0.0.0.0 <sonicwall ip address>

.

!--End routing

I don't manage either the LAN switch or the Sonicwall. The Sonicwall is managed by a 3rd party, but I'll assume that the configuration can stay the same. The Dell switch I assume is an unmanaged "dumb" switch so nothing needs to be done on that end. Does this look okay?

Giuseppe Larosa · ‎04-18-2010

Hello Frank,

when you configure an SVI you need also a no shut to enable it

int vlan 360

no shut

int vlan 560

no shut

and so on

the rest of configuration looks like correct if the HWIC can be configured in router mode, from router CLI I mean.

(some of these etherswitch modules have their own configuration environment and are derived from C3560)

For the routing you may need additional static routes to describe networks that are reachable over the internet link.

Edit:

checked ios configuration guide your template is fine for HWIC4E

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_hwic_ethsw_ic_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1027188

Hope to help

Giuseppe

frivers · ‎04-18-2010

Guis, thanks for the reply. I have all the routes that I need to the Internet gateway on the provider side. It's a crap-ton of routes, that's why I omitted them. The big concern I had is the communication between the hwic switch, the Sonicwall and the unmanaged L2 switch.

frivers · ‎04-19-2010

Here's the completed config:

vlan database
vlan 1
vlan 360
vlan 560

int vlan 1
description OPS_LAN
ip address 172.87.49.2 255.255.255.0
no shut

int vlan 360
description MPLS_WAN
ip address 192.168.1.2
service-policy output voiceqos
no shut

!--Trunk port out to ISP router
int fa0/0/0
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast

!--This is the public Internet to the Sonicwall device
int fa0/0/1
description TO_FIREWALL_UNTRuSTED
no shutdown
switchport access vlan 560

!--This is trusted MPLS_WAN traffic to our LAN
int fa0/0/2
description TO_LAN
no shutdown

The only thing I'm not sure about is how vlan 560 will behave. It's defined on the ISP router on the other end of the trunk. Hopefully our router knows to send the outbound ecapsulated traffic to the trunk port.

Will This Configuration Work? VLAN Trunking With Etherswitch HWIC