Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple VLANs at remote site 2

Status
Not open for further replies.

glamprecht1

IS-IT--Management
Mar 23, 2007
116
US
I have several remote sites set up in identical fashion. Each remote site has a 2950 switch with one vlan (1) connected to a 2801 router that in turn uses Metro E to connect back to our main facility. The addressing scheme at the remote site is in turn set up on the core network and the remote devices work well this way.
The remote sites are not connected to our internal VTP domain.
I now have the need to run a second Vlan at each site and don’t seem to be able to get it working. I attempted to create a second vlan and assign it an IP on the 2950 switch and this promptly disabled Vlan one. This was not fun.
How can I run two or more vlans or networks from this remote site?
Internally things are very simple. There are multiple connected buildings that are all part of the same core network. Creating and managing Vlans on this core network is simple and works well. It’s just the remote sites that I seem to have trouble with.
 
You create the new vlans as a subinterface on your router interface that feeds to your 2950 to route the layer 3 info. The 2950 is a layer 2 device , the only reason it has an address is to manage it , it does "no routing so it does not need more than 1 address and why it will shutdown more than 1 active SVI . You create a trunk between the 2950 and the 2801 router which will be doing your layer 3 routing .
 
Thanks for the reply vipergg.
The uplink port on the switch is trunked but the fa0/1 interface on the router that it connects to is not.
So I trunk the router physical interface and then create the vlan of choice on the router along with ip helpers to get DHCP info to the client?
Would I then be able to statically define this vlan on the 2950 switch port as needed so as to force the client to run on that vlan?
 
Further research is indicating that a sub interface on the router is the way to go.
My question now is, do I have to remove the config on the physical interface and create a sub-interface for the existing management (native) Vlan as well? The router physical interface of fa 0/1 is the port that connects to the internal switch. This interface is set up as with an IP on the physical interface as shown. (config is sanitized)
Interface FastEthernet0/1
Description Connection to Internal-Switch FA0/48
ip address 12.32.0.1 255.255.0.0
ip helper-address 12.1.3.4
ip helper-address 12.1.3.5
speed 100
full-duplex
Can I leave this alone and just add the sub-interface or do I need to create a sub-interface for the existing network and a second sub-interface for the new network that is needed? I found some config examples that indicate that I need to do the following? This indicates that I need to remove the config on Fa 0/1 and put everything on sub interfaces.
Hostname(config)#interface FastEthernet0/1
Hostname(config-if)#no ip address

interface fastethernet 0/0.1
description administrative
encapsulation dot1q 1 native
ip address 12.32.0.1 255.255.0.0
ip helper-address 12.1.3.4
ip helper-address 12.1.3.5


interface fastethernet 0/0.2
encapsulation dot1q 2
ip address 20.20.20.1 255.255.255.0

interface fastethernte 0/0.3
encapsulation dot1q 3
ip address 30.30.30.1 255.255.255.0
 
From my memory of setting up something almost identical for an organisation's 6 branch offices with Cisco 1840 & Cisco 2950 on each site, the config was "no ip address" on the ethernet interface, and one subinterface per VLAN trunked down to the switch.

In fact, I just found my old config

ROUTER:
interface ethernet0/0
no ip address
interface ethernet0/0.1
encapsulation dot1q 1
ip address 10.1.1.254 255.255.255.0

interface ethernet0/0.2
encapsulation dot1q 2
ip address 10.1.2.254 255.255.255.0

SWITCH:
!
hostname WOULDNTYOULIKETOKNOW
!
class-map match-all voice
match access-group 1
!
policy-map Assign.DSCP
class voice
set ip dscp 46
!
interface FastEthernet0/1
description LINK to SWITCH 2
switchport mode trunk
no ip address
service-policy input Assign.DSCP
mls qos trust cos
auto qos voip trust
!
interface FastEthernet0/2
switchport mode trunk
no ip address
service-policy input Assign.DSCP
mls qos trust cos
auto qos voip trust
spanning-tree portfast trunk
!
etc...
!
interface GigabitEthernet0/1
description UPLINK to WANPROVIDER
switchport mode trunk
no ip address
!
interface GigabitEthernet0/2
description LINK to PABX
switchport access vlan 2
no ip address
service-policy input Assign.DSCP
mls qos trust cos
auto qos voip trust
!
interface Vlan1
ip address 10.1.1.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.254
 
Yes put all the info on the subinterfaces. Create the layer 2 vlan on the 2950 for vlan 2 and hardcode the trunk mode to "on" . you should then be able to assign ports into vlan 2 and it will work correctly.

2950
conf t
vlan 2
name 20.20.20.0/24

interface fx/x
switchport mode trunk
 
Thanks for the Config example VinceWhirlwind.

Viperegg, as always your advice is tremendously appreciated.

I will schedule an evening outage to take a crack at setting this up. Both sites are fully functional now so I will be taking them offline for a bit to put in this config.

Any pitfalls that anyone can thing of?

 
Should work fine as long as the native vlan on both sides match up . Just create the new vlans under the subinterfaces on the router .
 
Thanks for the info guys. I will put this into action tomorrow.
 
I plan on reconfigureing the router tomorrow with the sub-interfaces.

Looking closer there are some configs for EIGRP on the remote router. The existing config looks like this.

interface FastEthernet0/0
ip address 12.255.0.6 255.255.255.252
ip summary-address eigrp 1 12.32.0.0 255.224.0.0 5
speed 100
full-duplex

router eigrp 1
redistribute connected route-map EIGRP-RM
passive-interface default
no passive-interface FastEthernet0/0
network 12.255.0.4 0.0.0.3
no auto-summary
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ip access-list standard EIGRP-RM-ACL
permit 12.32.0.0 0.7.255.255
permit 12.255.0.4 0.0.0.3
!
route-map EIGRP-RM permit 10
match ip address EIGRP-RM-ACL

I dont quite understand the mask portion I see the network but dont understand the mask at the end.
My new IP will be a /24 address and this one is a /16. What will i put at the end to make it work? It
appears to be different in all three places that it is defined.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top