VLAN's and SUB Interfaces 2

[Almin]

Hi

I was reading the book on this topic and the book said that if I want to use 7 workstations on 7 diffrent VLANS on the switch that I would have to set up 7 diffrent sub interfaces on the router. That's all good but my question is is there another way I can set this up or it this the way to go?

And why would anyone want to have 7 workstations on diffrent VLANS what is the purpose for that?

Thank you

 

[Almin]

Hi Tim

It dont work the way you said unless I made a mistake somewhere but I was following your directions

router

Router1#sh run
Building configuration...

Current configuration : 4418 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$VcZe$tpjuvHiib3NE********
enable password *******
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.250 192.168.1.255
ip dhcp excluded-address 192.168.5.250 192.168.5.255
!
ip dhcp pool LAN_DHCP_POOL
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
ip dhcp pool VLAN2
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.1.254
!
ip dhcp pool VLAN3
import all
network 192.168.4.0 255.255.255.0
default-router 192.168.1.254
!
ip dhcp pool VLAN4
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.1.254
!
!
no ip bootp server
no ip domain lookup
ip domain name bosanci.net
ip name-server 4.2.2.2
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name FW_CBAC dns
ip inspect name FW_CBAC http
ip inspect name FW_CBAC https
ip inspect name FW_CBAC tcp
ip inspect name FW_CBAC udp
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip urlfilter allow-mode on
ip urlfilter exclusive-domain deny

http://www.myspace.com

!
!
!
username admin password 0 ********
archive
log config
logging enable
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
!
!
interface FastEthernet0/0
description Cable ISP Connection
ip address dhcp
ip access-group INBOUND_ACL in
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect FW_CBAC out
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description LAN connection
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
no mop enabled
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.2
description Dell Computer
encapsulation dot1Q 2
ip address 192.168.3.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.3
description VLAN 3 for Wireless
encapsulation dot1Q 3
ip address 192.168.4.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.4
description VLAN 4
encapsulation dot1Q 4
ip address 192.168.5.1 255.255.255.0
no cdp enable
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip access-list extended INBOUND_ACL
permit udp any eq bootps any eq bootpc log
permit tcp any any eq 22 log
deny ip any any log
ip access-list extended INBOUND_SCL
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!
!
!
control-plane
!
!
banner motd ^Cord #
*****************************************************

**************************************************
#



^C
!
line con 0
exec-timeout 30 30
password onmlk123
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
end

Router1#


Switch#sh run
Building configuration...

Current configuration : 1098 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$f4gQ$LgRos1RslSHaoP.******
enable password *******
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2-5
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 4
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface Vlan1
no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
password ******
login
line vty 5 15
login
!
!
end

Switch#


once done I cant get any ip address to show uo when I do ipconfig

 

[ISPKing]

Your Config is Missing alot of Basic networking Knowledge, I know how exciting this can be at first but you really have to read,for instance your dhcp pools do not make sense, you cannot have a gateway assigned that does not exit on each of those logical interfaces. You must change it to the 192.168.x.1 of each range/ and you are sure that you have a trunk configured on the switch to the router?

CCNP

 

[Almin]

Hello

If you are saying that the config is missing info how come then when I remove thensub interfaces and disable trunking on the switch everything starts to work again? Are you refering to the vlan setup? Because that one does not work.

Im preaty sure that trunking is enabled on the switch i followed the books instructions unless the book is full of it.

 

[Almin]

And also if I assign the gatewar that does exist 192.168.1.xx it tells me that the IP address overlaps with int fa0/1

 

[burtsbees]

interface fa0/1 cannot have an address if you are using subinterfaces with addresses!

Also, the dhcp pools are wrong---each default-router for each pool must be that of the vlan ip address...for example...

ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
import all
default-router 192.168.10.1
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
import all
default-router 192.168.20.1
!
interface fa0/1
no ip address
no shutdown
!
interface fa0/1.10
description vlan10
encapsulation dot1q 10
ip address 192.168.10.1 255.255.255.0
!
interface fa0/1.20
description take_a_guess_genius
encapsulation dot1q
ip address 192.168.20.1 255.255.255.0

Bam. Done. So...

giterdun

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!