VLAN's and SUB Interfaces 2

[Almin]

Hi

I was reading the book on this topic and the book said that if I want to use 7 workstations on 7 diffrent VLANS on the switch that I would have to set up 7 diffrent sub interfaces on the router. That's all good but my question is is there another way I can set this up or it this the way to go?

And why would anyone want to have 7 workstations on diffrent VLANS what is the purpose for that?

Thank you

 

[burtsbees]

Yes, that is the only way to do it with a router and a layer 2 switch. The book is simply demonstrating how it is done. This is not standard procedure, although there may be some obscure specific need to do this. The communication would be slow (bottleneck) and there is a single point of failure.

Normally, if a company wants to use 7 different vlans, they would create them in a layer 3 switch and use the switch to route between the vlans. Also, a good setup would use another layer 3 switch for redundancy...it all depends on the setup. A medium to large sized company usually uses the 3 layer campus setup---core, distribution and access. A smaller company may only use distribution (often called a collapsed core) and access layer.

The book was simply demonstrating how router-on-a-stick is done.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Almin]

Thanks Tim

I just wanted to see if there is another way.. I just finished up this lab and it seems very easy to configure.

 

[Almin]

Hi I wanted to do this lab on live equipment but I'm getting some problems along the way

I did everything that the lab told me to do, I finished everything up but I can only ping one out of two PC's

Th PC that I can ping is on VLAN2 on the switch and on sub-if fa0/0.2 PC IP>> 10.10.11.3 Gateway>> 10.10.11.1 (also sub-if ip address on the router)

The PC that is on VLAN1 on the switch I cannot ping from the other PC or the router
PC IP>> 10.10.10.3 Gateway>> 10.10.10.1 (also the sub-if ip address on the router)

Bellow is the sh run for both

2950#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11, Fa0/12
2 VLAN0002 active Fa0/2
3 VLAN0003 active
4 VLAN0004 active
5 VLAN0005 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
2950#sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2950
!
no logging console
!
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface VLAN1
ip address 10.10.10.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 10.10.10.1
!
line con 0
transport input none
stopbits 1
line vty 0 4
password ciscopress
login
line vty 5 15
login
!
end

2950#


---------------------------------------------------------------------------

c2600# sh run
Building configuration...

Current configuration : 1048 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c2600
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
no ip domain lookup
!
no ftp-server write-enable
!
!
!
!
!
no crypto isakmp ccm
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.10.10.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.10.11.1 255.255.255.0
no snmp trap link-status
!
interface Serial0/0
no ip address
shutdown
no fair-queue
no dce-terminal-timing-enable
!
interface Serial0/1
no ip address
shutdown
no dce-terminal-timing-enable
!
ip classless
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
password ciscopress
login
!
!
end

c2600#

c2600#sh vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.1

This is configured as native Vlan for the following interface(s) :
FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:
IP 10.10.10.1 473 29
Other 0 20

500 packets, 57355 bytes input
49 packets, 8364 bytes output

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.2

Protocols Configured: Address: Received: Transmitted:
IP 10.10.11.1 26 17
Other 0 4

26 packets, 2505 bytes input
21 packets, 1870 bytes output

c2600#

Does anyone see where I made a misttake? Everything looks exacly the same as the lab... I've spent over 3 hours of troubleshooting and switching out equipment but nothing.

Thanks

 

[Almin]

I think I may have founf the answer to my question... The PC that I cannot ping is a Windows Vista PC and I could never ping it for some reason in any other lab. I disabled the windows firewall and norton firewall that came with it. I havent actually tested this to say it's 100% the Vista PC but I was thinking about that on my way to work.. If thios is the problem how can I resolve it.

P.S. If there is anything wrong with the conf as well please let me know

Thanks

 

[burtsbees]

Nothing wrong with the config. To verify that it is indeed the Vista machine, switch the pc's around, then try pinging each from the router. If the problem follows the Vista machine, then there you go.

I have seen several posts about people switching Vista machines in their labs with either Linux or some other Windows build, and their lab started working. I have had my share of similar problems with my Vista craptop, such as when trying to do ipconfig /flushdns, it replies, "The requested operation requires elevation". On one hand, it seems MicroSh1t has finally figured out to not make the default user the admin on a Windows machine, but then you can do whatever else you want...retarded.

In other words, ditch the Vista machine when building a lab.


/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Almin]

Thanks Tim,

This same problem occurs on Vindows 7 as well, unfortinatly I have 3 workstarions that are loaded with that crap and only one on XP... I guess I can briong my notebook from work to test it out. I was prety sure that the config was ok, I did the lab at work on Cisco Packet Tracer and it worked fine.

Thanks for your help

 

[Almin]

Hi

Finally got the chance to test the lab with XP mashines. What I discoverd was if I use the command

encapsulation isl 1

nothing on the network will work.. When I went back and used the command

encapsulation dot1Q 1

I was able to ping everytning on the network... Im just wondering why did the router take the "encapsulation isl 1" command but did not work. The book said that it should work with each command but it's not, and the book is refering to the same series of router and switch.

 

[burtsbees]

The default encaps for the trunk on both devices is dot1q. I cannot remember on what model of 2950 ISL is available, but dot1q is the default. If you specify ISL on the router, you must also specify it on the switch...

interface FastEthernet0/1
switchport mode trunk
switchport trunk encapsulation isl

But that switch may not support ISL. Again, I can't remember what does and what doesn't...

Maybe the EI series does not, but the non-EI does?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Almin]

One part of this trunking that bothers me the most and I cant quite firure it out... the book talks about this only as a static setup... but how would I go about configuring this on a DCHP config?

 

[ISPKing]

Helper addresses.


CCNP

 

[Almin]

Wow this is some headache to figure out with helper address and dhcp not much directions out there to do this setup. Do I have to create seperate dhcp pools for each vlan?

Ive been braking this for 3 days now and havent gotten very far lol

why do these ccna books dont talk about dhcp a lot.... It looks like they are concetrated mostly on sgatic.

 

[ISPKing]

Because it is covered in the ccnp

CCNP

 

[Almin]

I figured that but wasnt sure lol

 

[burtsbees]

Hold on---first, you do NOT need helper addresses with router on a stick.
Second, what do you mean by static addresses vs. dhcp? Are you talking assigning the vlan ip addresses by dhcp? Or just the nodes on each vlan by dhcp? If just the nodes, then add one dhcp pool in the router for each vlan---it's that simple.
If you mean a dhcp address for each vlan SVI (not heard of), then...

router(config)#int fa0/0.10
router(config-if)#encaps dot1q 10
router(config-if)#ip add dhcp

/


tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ISPKing]

Yes, but if you want to use a Real DHCP server (linux, win2k3), which is best practice, regardless of router on a stick you need the helper address/

CCNP

 

[Almin]

Ok look

I dont have the fancy linux or win2k3 dhcp server all I have right now is a router set as a dhcp server for my LAN Network

All im trying to do is assign 5 diffrent VLANs to 5 diffrent workstations using DHCP because that is what my ISP provides. Now I am very familiar how to set this up on a static network.

Burtsbees what I meant by static vs dhcp is that dhcp is a litle more complicated than static to set up in this lab. it may be just me but it seems a lot harder and more complicated.

NOw what BurtsBees said after I create my VLANS on the switch and enable trunking and move on to the router, then create my sub interfaces and assign them to specific VLANS on the switch all I should use is: ip address dhcp

I will try this tomorrow once I get off work and will let you know if it works.

 

[burtsbees]

No---add the subinterfaces and give them static addresses. Then add 5 different dhcp pools in the router, 1 for each vlan. Then set the computers up for dhcp---that simple.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Almin]

Ok so after I add all the static ip add i just have to create 5 diffrent pools using

Ip dhcp pool VLAN 1 and so on

 

[burtsbees]

Yes.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!